diff --git a/.github/workflows/AutoLabelAssign.yml b/.github/workflows/AutoLabelAssign.yml
new file mode 100644
index 0000000000..8247aa8e9c
--- /dev/null
+++ b/.github/workflows/AutoLabelAssign.yml
@@ -0,0 +1,41 @@
+name: Assign and label PR
+
+permissions:
+  pull-requests: write
+  contents: read
+  actions: read
+      
+on: 
+    workflow_run:
+        workflows: [Background tasks]
+        types:
+            - completed
+
+jobs:
+    download-payload:
+        name: Download and extract payload artifact
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+        with:
+            WorkflowId: ${{ github.event.workflow_run.id }}
+            OrgRepo: ${{ github.repository }}
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+    label-assign:
+        name: Run assign and label
+        needs: [download-payload]
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
+        with:
+            PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+            AutoAssignUsers: 1
+            AutoLabel: 1
+            ExcludedUserList: '["user1", "user2"]'
+            ExcludedBranchList: '["branch1", "branch2"]'
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+            
+            
+        
+          
+
+            
diff --git a/.github/workflows/AutoLabelMsftContributor.yml b/.github/workflows/AutoLabelMsftContributor.yml
new file mode 100644
index 0000000000..66992cfeef
--- /dev/null
+++ b/.github/workflows/AutoLabelMsftContributor.yml
@@ -0,0 +1,40 @@
+name: Auto label Microsoft contributors
+
+permissions:
+  pull-requests: write
+  contents: read
+  actions: read
+      
+on: 
+    workflow_run:
+        workflows: [Background tasks]
+        types:
+            - completed
+
+jobs:
+    download-payload:
+        if: github.repository_visibility == 'public'
+        name: Download and extract payload artifact
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+        with:
+            WorkflowId: ${{ github.event.workflow_run.id }}
+            OrgRepo: ${{ github.repository }}
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+    label-msft:
+        name: Label Microsoft contributors
+        if: github.repository_visibility == 'public'
+        needs: [download-payload]
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod
+        with:
+          PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+        secrets:
+          AccessToken: ${{ secrets.GITHUB_TOKEN }}
+          TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}
+            
+            
+        
+          
+
+            
diff --git a/.github/workflows/BackgroundTasks.yml b/.github/workflows/BackgroundTasks.yml
new file mode 100644
index 0000000000..c0389bb252
--- /dev/null
+++ b/.github/workflows/BackgroundTasks.yml
@@ -0,0 +1,26 @@
+name: Background tasks
+
+permissions:
+  pull-requests: write
+  contents: read
+  
+on:
+  pull_request_target:
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Save payload data
+        env:
+          PayloadJson: ${{ toJSON(github) }}
+          AccessToken: ${{ github.token }}
+        run: |
+          mkdir -p ./pr
+          echo $PayloadJson > ./pr/PayloadJson.json
+          sed -i -e "s/$AccessToken/XYZ/g" ./pr/PayloadJson.json
+      - uses: actions/upload-artifact@v4
+        with:
+          name: PayloadJson
+          path: pr/
diff --git a/.github/workflows/LiveMergeCheck.yml b/.github/workflows/LiveMergeCheck.yml
new file mode 100644
index 0000000000..faeb2a0ef4
--- /dev/null
+++ b/.github/workflows/LiveMergeCheck.yml
@@ -0,0 +1,22 @@
+name: PR can merge into branch
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: 
+  pull_request_target:
+    types: [opened, reopened, synchronize, edited]
+
+jobs:
+
+  live-merge:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+
+  
\ No newline at end of file
diff --git a/.github/workflows/PrFileCount.yml b/.github/workflows/PrFileCount.yml
new file mode 100644
index 0000000000..40f7d61629
--- /dev/null
+++ b/.github/workflows/PrFileCount.yml
@@ -0,0 +1,22 @@
+name: PR file count less than limit
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: 
+  pull_request_target:
+    types: [opened, reopened, synchronize, labeled, unlabeled, edited]
+
+jobs:
+
+  file-count:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+
+  
diff --git a/.github/workflows/ProtectedFiles.yml b/.github/workflows/ProtectedFiles.yml
new file mode 100644
index 0000000000..007f8f04b1
--- /dev/null
+++ b/.github/workflows/ProtectedFiles.yml
@@ -0,0 +1,20 @@
+name: PR has no protected files
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: [pull_request_target]
+
+jobs:
+
+  protected-files:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+
+  
\ No newline at end of file
diff --git a/.github/workflows/TierManagement.yml b/.github/workflows/TierManagement.yml
new file mode 100644
index 0000000000..4078a48fda
--- /dev/null
+++ b/.github/workflows/TierManagement.yml
@@ -0,0 +1,21 @@
+name: Tier management
+
+permissions:
+  pull-requests: write
+  contents: read
+      
+on: 
+  issue_comment:
+    types: [created, edited]
+
+jobs:
+
+  tier-mgmt:
+    if: github.repository_visibility == 'private'
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-TierManagement.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+      EnableWriteSignOff: 1
+      EnableReadOnlySignoff: 0
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.openpublishing.redirection.education.json b/.openpublishing.redirection.education.json
index 77b49e134c..95ef6b4693 100644
--- a/.openpublishing.redirection.education.json
+++ b/.openpublishing.redirection.education.json
@@ -92,7 +92,7 @@
     },
     {
       "source_path": "education/windows/enable-s-mode-on-surface-go-devices.md",
-      "redirect_url": "/windows/deployment/s-mode",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/index",
       "redirect_document_id": false
     },
     {
@@ -147,7 +147,7 @@
     },
     {
       "source_path": "education/windows/test-windows10s-for-edu.md",
-      "redirect_url": "/windows/deployment/s-mode",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/index",
       "redirect_document_id": false
     },
     {
@@ -306,6 +306,21 @@
       "source_path": "education/windows/tutorial-school-deployment/troubleshoot-overview.md",
       "redirect_url": "/mem/intune/industry/education/tutorial-school-deployment/troubleshoot-overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/use-set-up-school-pcs-app.md",
+      "redirect_url": "/education/windows/suspcs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/set-up-school-pcs-technical.md",
+      "redirect_url": "/education/windows/suspcs/reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/set-up-school-pcs-provisioning-package.md",
+      "redirect_url": "/education/windows/suspcs/provisioning-package",
+      "redirect_document_id": false
     }
   ]
 }
\ No newline at end of file
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index d6f6446385..c4306b8ebe 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1272,7 +1272,7 @@
     },
     {
       "source_path": "windows/configure/basic-level-windows-diagnostic-events-and-fields-1703.md",
-      "redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
@@ -1302,7 +1302,7 @@
     },
     {
       "source_path": "windows/configure/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
@@ -1527,7 +1527,7 @@
     },
     {
       "source_path": "windows/configure/windows-diagnostic-data-1703.md",
-      "redirect_url": "/windows/configuration/windows-diagnostic-data",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
@@ -1572,17 +1572,17 @@
     },
     {
       "source_path": "windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/add-manage-products-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/add-manage-products-vamt",
+      "redirect_url": "/windows/deployment/volume-activation/add-remove-computers-vamt",
       "redirect_document_id": false
     },
     {
@@ -1657,12 +1657,12 @@
     },
     {
       "source_path": "windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
       "redirect_document_id": false
     },
     {
@@ -1672,7 +1672,7 @@
     },
     {
       "source_path": "windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -1687,7 +1687,7 @@
     },
     {
       "source_path": "windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -1707,7 +1707,7 @@
     },
     {
       "source_path": "windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -1732,7 +1732,7 @@
     },
     {
       "source_path": "windows/deploy/install-configure-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/install-configure-vamt",
+      "redirect_url": "/windows/deployment/volume-activation/vamt-requirements",
       "redirect_document_id": false
     },
     {
@@ -1777,17 +1777,17 @@
     },
     {
       "source_path": "windows/deploy/manage-activations-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/manage-activations-vamt",
+      "redirect_url": "/windows/deployment/volume-activation/online-activation-vamt",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/manage-product-keys-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/manage-product-keys-vamt",
+      "redirect_url": "/windows/deployment/volume-activation/add-remove-product-key-vamt",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/manage-vamt-data.md",
-      "redirect_url": "/windows/deployment/volume-activation/manage-vamt-data",
+      "redirect_url": "/windows/deployment/volume-activation/import-export-vamt-data",
       "redirect_document_id": false
     },
     {
@@ -1857,7 +1857,7 @@
     },
     {
       "source_path": "windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -1927,7 +1927,7 @@
     },
     {
       "source_path": "windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -1942,7 +1942,7 @@
     },
     {
       "source_path": "windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -2422,7 +2422,7 @@
     },
     {
       "source_path": "windows/deploy/vamt-step-by-step.md",
-      "redirect_url": "/windows/deployment/volume-activation/vamt-step-by-step",
+      "redirect_url": "/windows/deployment/volume-activation/scenario-online-activation-vamt",
       "redirect_document_id": false
     },
     {
@@ -2467,17 +2467,17 @@
     },
     {
       "source_path": "windows/deploy/windows-10-poc-sc-config-mgr.md",
-      "redirect_url": "/windows/deployment/windows-10-poc-sc-config-mgr",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/windows-10-poc-sc-config-mgr",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/windows-10-poc.md",
-      "redirect_url": "/windows/deployment/windows-10-poc",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/windows-10-poc",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deploy/windows-10-upgrade-paths.md",
-      "redirect_url": "/windows/deployment/upgrade/windows-10-upgrade-paths",
+      "redirect_url": "/windows/deployment/upgrade/windows-upgrade-paths",
       "redirect_document_id": false
     },
     {
@@ -5077,7 +5077,7 @@
     },
     {
       "source_path": "windows/keep-secure/app-behavior-with-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/app-behavior-with-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip",
       "redirect_document_id": false
     },
     {
@@ -5727,7 +5727,7 @@
     },
     {
       "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
       "redirect_document_id": false
     },
     {
@@ -6037,7 +6037,7 @@
     },
     {
       "source_path": "windows/keep-secure/create-and-verify-an-efs-dra-certificate.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
       "redirect_document_id": false
     },
     {
@@ -6052,7 +6052,7 @@
     },
     {
       "source_path": "windows/keep-secure/create-edp-policy-using-sccm.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr",
       "redirect_document_id": false
     },
     {
@@ -6097,7 +6097,7 @@
     },
     {
       "source_path": "windows/keep-secure/create-wip-policy-using-sccm.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr",
       "redirect_document_id": false
     },
     {
@@ -6547,12 +6547,12 @@
     },
     {
       "source_path": "windows/keep-secure/enlightened-microsoft-apps-and-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/keep-secure/enlightened-microsoft-apps-and-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
       "redirect_document_id": false
     },
     {
@@ -7917,12 +7917,12 @@
     },
     {
       "source_path": "windows/keep-secure/guidance-and-best-practices-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/keep-secure/guidance-and-best-practices-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
       "redirect_document_id": false
     },
     {
@@ -8177,7 +8177,7 @@
     },
     {
       "source_path": "windows/keep-secure/limitations-with-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/limitations-with-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip",
       "redirect_document_id": false
     },
     {
@@ -8282,7 +8282,7 @@
     },
     {
       "source_path": "windows/keep-secure/mandatory-settings-for-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/mandatory-settings-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
       "redirect_document_id": false
     },
     {
@@ -8662,12 +8662,12 @@
     },
     {
       "source_path": "windows/keep-secure/overview-create-edp-policy.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/keep-secure/overview-create-wip-policy.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy",
       "redirect_document_id": false
     },
     {
@@ -8837,12 +8837,12 @@
     },
     {
       "source_path": "windows/keep-secure/protect-enterprise-data-using-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/keep-secure/protect-enterprise-data-using-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
       "redirect_document_id": false
     },
     {
@@ -8867,7 +8867,7 @@
     },
     {
       "source_path": "windows/keep-secure/recommended-network-definitions-for-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
       "redirect_document_id": false
     },
     {
@@ -9232,12 +9232,12 @@
     },
     {
       "source_path": "windows/keep-secure/testing-scenarios-for-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/keep-secure/testing-scenarios-for-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
       "redirect_document_id": false
     },
     {
@@ -9522,7 +9522,7 @@
     },
     {
       "source_path": "windows/keep-secure/using-owa-with-wip.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/using-owa-with-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip",
       "redirect_document_id": false
     },
     {
@@ -9757,12 +9757,12 @@
     },
     {
       "source_path": "windows/keep-secure/wip-app-enterprise-context.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/wip-app-enterprise-context",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/keep-secure/wip-enterprise-overview.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
       "redirect_document_id": false
     },
     {
@@ -10372,7 +10372,7 @@
     },
     {
       "source_path": "windows/manage/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
@@ -10997,7 +10997,7 @@
     },
     {
       "source_path": "windows/plan/act-technical-reference.md",
-      "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-administrator-users-guide",
       "redirect_document_id": false
     },
     {
@@ -11042,12 +11042,12 @@
     },
     {
       "source_path": "windows/plan/applying-filters-to-data-in-the-sua-tool.md",
-      "redirect_url": "/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/applying-filters-to-data-in-the-sua-tool",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/available-data-types-and-operators-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/available-data-types-and-operators-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11082,17 +11082,17 @@
     },
     {
       "source_path": "windows/plan/compatibility-administrator-users-guide.md",
-      "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-administrator-users-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/compatibility-fix-database-management-strategies-and-deployment.md",
-      "redirect_url": "/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-fix-database-management-strategies-and-deployment",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md",
-      "redirect_url": "/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-fixes-for-windows-8-windows-7-and-windows-vista",
       "redirect_document_id": false
     },
     {
@@ -11112,12 +11112,12 @@
     },
     {
       "source_path": "windows/plan/creating-a-custom-compatibility-fix-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/creating-a-custom-compatibility-fix-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/creating-a-custom-compatibility-mode-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/creating-a-custom-compatibility-mode-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11127,7 +11127,7 @@
     },
     {
       "source_path": "windows/plan/creating-an-apphelp-message-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/creating-an-apphelp-message-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11202,7 +11202,7 @@
     },
     {
       "source_path": "windows/plan/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11222,7 +11222,7 @@
     },
     {
       "source_path": "windows/plan/fixing-applications-by-using-the-sua-tool.md",
-      "redirect_url": "/windows/deployment/planning/fixing-applications-by-using-the-sua-tool",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/fixing-applications-by-using-the-sua-tool",
       "redirect_document_id": false
     },
     {
@@ -11242,7 +11242,7 @@
     },
     {
       "source_path": "windows/plan/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11267,7 +11267,7 @@
     },
     {
       "source_path": "windows/plan/managing-application-compatibility-fixes-and-custom-fix-databases.md",
-      "redirect_url": "/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/managing-application-compatibility-fixes-and-custom-fix-databases",
       "redirect_document_id": false
     },
     {
@@ -11317,12 +11317,12 @@
     },
     {
       "source_path": "windows/plan/searching-for-fixed-applications-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/searching-for-fixed-applications-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11367,7 +11367,7 @@
     },
     {
       "source_path": "windows/plan/showing-messages-generated-by-the-sua-tool.md",
-      "redirect_url": "/windows/deployment/planning/showing-messages-generated-by-the-sua-tool",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/showing-messages-generated-by-the-sua-tool",
       "redirect_document_id": false
     },
     {
@@ -11382,12 +11382,12 @@
     },
     {
       "source_path": "windows/plan/sua-users-guide.md",
-      "redirect_url": "/windows/deployment/planning/sua-users-guide",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/sua-users-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/tabs-on-the-sua-tool-interface.md",
-      "redirect_url": "/windows/deployment/planning/tabs-on-the-sua-tool-interface",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/tabs-on-the-sua-tool-interface",
       "redirect_document_id": false
     },
     {
@@ -11402,7 +11402,7 @@
     },
     {
       "source_path": "windows/plan/testing-your-application-mitigation-packages.md",
-      "redirect_url": "/windows/deployment/planning/testing-your-application-mitigation-packages",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/testing-your-application-mitigation-packages",
       "redirect_document_id": false
     },
     {
@@ -11427,7 +11427,7 @@
     },
     {
       "source_path": "windows/plan/understanding-and-using-compatibility-fixes.md",
-      "redirect_url": "/windows/deployment/planning/understanding-and-using-compatibility-fixes",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/understanding-and-using-compatibility-fixes",
       "redirect_document_id": false
     },
     {
@@ -11442,27 +11442,27 @@
     },
     {
       "source_path": "windows/plan/using-the-compatibility-administrator-tool.md",
-      "redirect_url": "/windows/deployment/planning/using-the-compatibility-administrator-tool",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-compatibility-administrator-tool",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/using-the-sdbinstexe-command-line-tool.md",
-      "redirect_url": "/windows/deployment/planning/using-the-sdbinstexe-command-line-tool",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sdbinstexe-command-line-tool",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/using-the-sua-tool.md",
-      "redirect_url": "/windows/deployment/planning/using-the-sua-tool",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sua-tool",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/using-the-sua-wizard.md",
-      "redirect_url": "/windows/deployment/planning/using-the-sua-wizard",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sua-wizard",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/viewing-the-events-screen-in-compatibility-administrator.md",
-      "redirect_url": "/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/viewing-the-events-screen-in-compatibility-administrator",
       "redirect_document_id": false
     },
     {
@@ -11487,17 +11487,17 @@
     },
     {
       "source_path": "windows/plan/windows-10-compatibility.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-compatibility",
+      "redirect_url": "/windows/compatibility/",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/windows-10-deployment-considerations.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-deployment-considerations",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-deployment-considerations",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/plan/windows-10-enterprise-faq-itpro.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-enterprise-faq-itpro",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-enterprise-faq-itpro",
       "redirect_document_id": false
     },
     {
@@ -11507,7 +11507,7 @@
     },
     {
       "source_path": "windows/plan/windows-10-infrastructure-requirements.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-infrastructure-requirements",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-infrastructure-requirements",
       "redirect_document_id": false
     },
     {
@@ -12377,22 +12377,22 @@
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/app-behavior-with-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/app-behavior-with-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
@@ -12402,7 +12402,7 @@
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
@@ -12417,12 +12417,12 @@
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
@@ -12432,57 +12432,57 @@
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/limitations-with-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/limitations-with-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/overview-create-wip-policy-sccm.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/overview-create-wip-policy.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/using-owa-with-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/using-owa-with-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context",
       "redirect_document_id": false
     },
     {
diff --git a/.openpublishing.redirection.store-for-business.json b/.openpublishing.redirection.store-for-business.json
index 9d89cf78d7..f825112907 100644
--- a/.openpublishing.redirection.store-for-business.json
+++ b/.openpublishing.redirection.store-for-business.json
@@ -119,6 +119,181 @@
       "source_path": "store-for-business/work-with-partner-microsoft-store-business.md",
       "redirect_url": "/microsoft-365/commerce/manage-partners",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/acquire-apps-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/add-profile-to-devices.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/app-inventory-management-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/apps-in-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/assign-apps-to-employees.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/billing-payments-overview.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/billing-profile.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/billing-understand-your-invoice-msfb.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/configure-mdm-provider-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/distribute-apps-from-your-private-store.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/distribute-apps-with-management-tool.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/distribute-offline-apps.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/find-and-acquire-apps-overview.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/index.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-access-to-private-store.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-apps-microsoft-store-for-business-overview.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-orders-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-private-store-settings.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-settings-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-users-and-groups-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/microsoft-store-for-business-education-powershell-module.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/microsoft-store-for-business-overview.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/notifications-microsoft-store-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/payment-methods.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/prerequisites-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/release-history-microsoft-store-business-education.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/roles-and-permissions-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/settings-reference-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sfb-change-history.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sign-up-microsoft-store-for-business-overview.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/troubleshoot-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/update-microsoft-store-for-business-account-settings.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/whats-new-microsoft-store-business-education.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/working-with-line-of-business-apps.md",
+      "redirect_url": "/microsoft-365/admin/",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/.openpublishing.redirection.windows-configuration.json b/.openpublishing.redirection.windows-configuration.json
index b5f046f434..e07084c0ec 100644
--- a/.openpublishing.redirection.windows-configuration.json
+++ b/.openpublishing.redirection.windows-configuration.json
@@ -2,17 +2,17 @@
   "redirections": [
     {
       "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1709.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
@@ -27,7 +27,7 @@
     },
     {
       "source_path": "windows/configuration/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
@@ -37,7 +37,7 @@
     },
     {
       "source_path": "windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md",
-      "redirect_url": "/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields",
+      "redirect_url": "https://techcommunity.microsoft.com/t5/windows-it-pro-blog/preview-app-and-driver-compatibility-insights-in-endpoint/ba-p/3482136",
       "redirect_document_id": false
     },
     {
@@ -47,7 +47,7 @@
     },
     {
       "source_path": "windows/configuration/gdpr-win10-whitepaper.md",
-      "redirect_url": "/windows/privacy/gdpr-win10-whitepaper",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
@@ -72,7 +72,7 @@
     },
     {
       "source_path": "windows/configuration/manage-windows-endpoints-version-1709.md",
-      "redirect_url": "/windows/privacy/manage-windows-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
@@ -262,17 +262,17 @@
     },
     {
       "source_path": "windows/configuration/windows-diagnostic-data-1703.md",
-      "redirect_url": "/windows/privacy/windows-diagnostic-data-1703",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/windows-diagnostic-data-1709.md",
-      "redirect_url": "/windows/configuration/windows-diagnostic-data",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/windows-diagnostic-data.md",
-      "redirect_url": "/windows/privacy/windows-diagnostic-data",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json
index 44cd5fae11..09479f4eca 100644
--- a/.openpublishing.redirection.windows-deployment.json
+++ b/.openpublishing.redirection.windows-deployment.json
@@ -7,7 +7,7 @@
     },
     {
       "source_path": "windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-a-task-sequence-with-configuration-manager-and-mdt",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
       "redirect_document_id": false
     },
     {
@@ -17,7 +17,7 @@
     },
     {
       "source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -37,32 +37,32 @@
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/create-a-task-sequence-with-configuration-manager-and-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -72,12 +72,12 @@
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -87,27 +87,27 @@
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager#procedures",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager#procedures",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
@@ -127,7 +127,7 @@
     },
     {
       "source_path": "windows/deployment/planning/act-technical-reference.md",
-      "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-administrator-users-guide",
       "redirect_document_id": false
     },
     {
@@ -1179,6 +1179,491 @@
       "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md",
       "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-and-feature-update-reports-overview",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-compatibility.md",
+      "redirect_url": "/windows/compatibility/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/do/waas-delivery-optimization-setup.md",
+      "redirect_url": "/windows/deployment/do/delivery-optimization-configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/plan-determine-app-readiness.md",
+      "redirect_url": "/windows/compatibility/windows-11/testing-guidelines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/volume-activation/add-manage-products-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/add-remove-computers-vamt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/volume-activation/install-configure-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/vamt-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/volume-activation/manage-activations-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/online-activation-vamt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/volume-activation/manage-product-keys-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/add-remove-product-key-vamt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/volume-activation/manage-vamt-data.md",
+      "redirect_url": "/windows/deployment/volume-activation/import-export-vamt-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/volume-activation/vamt-step-by-step.md",
+      "redirect_url": "/windows/deployment/volume-activation/scenario-online-activation-vamt",
+      "redirect_document_id": false
+    },
+    {
+    "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md",
+    "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview",
+    "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-and-feature-update-reports-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-summary-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-status-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-status-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-trending-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-trending-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-reliability-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-reliability-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-summary-dashboard.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-summary-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-status-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-status-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-trending-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-trending-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-device-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-policy-health-and-remediation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-resolve-policy-conflicts.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-resolve-policy-conflicts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/monitor/windows-autopatch-maintain-environment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-customize-windows-update-settings.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-customize-windows-update-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-edge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-exclude-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-driver-and-firmware-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-manage-windows-feature-update-releases.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-windows-feature-update-releases",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-apps-enterprise",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-support-request",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-teams",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-unenroll-tenant",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-communications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-update-exp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-signals",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-signals.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/available-data-types-and-operators-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/compatibility-administrator-users-guide.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-administrator-users-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-fix-database-management-strategies-and-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/creating-a-custom-compatibility-fix-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/creating-a-custom-compatibility-mode-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/creating-an-apphelp-message-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/managing-application-compatibility-fixes-and-custom-fix-databases",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/searching-for-fixed-applications-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/testing-your-application-mitigation-packages.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/testing-your-application-mitigation-packages",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/understanding-and-using-compatibility-fixes.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/understanding-and-using-compatibility-fixes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/using-the-compatibility-administrator-tool.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-compatibility-administrator-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sdbinstexe-command-line-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/viewing-the-events-screen-in-compatibility-administrator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/compatibility-fixes-for-windows-8-windows-7-and-windows-vista",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/applying-filters-to-data-in-the-sua-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/fixing-applications-by-using-the-sua-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/showing-messages-generated-by-the-sua-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/sua-users-guide.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/sua-users-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/tabs-on-the-sua-tool-interface.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/tabs-on-the-sua-tool-interface",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/using-the-sua-tool.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sua-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/using-the-sua-wizard.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sua-wizard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-pro-in-s-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/switch-edition-from-s-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/s-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-poc-sc-config-mgr.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/windows-10-poc-sc-config-mgr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-poc.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/windows-10-poc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-deployment-posters.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/windows-10-deployment-posters",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/manage/windows-autopatch-unenroll-tenant.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-update-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation",
+      "redirect_document_id": false
+    }, 
+    {
+      "source_path": "windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/manage/windows-autopatch-manage-windows-feature-update-releases.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/deployment-service-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/update/deployment-service-prerequisites.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/deployment-service-feature-updates.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-programmatic-controls",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/update/deployment-service-expedited-updates.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/update/deployment-service-drivers.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-driver-and-firmware-update-programmatic-controls",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/update/deployment-service-troubleshoot.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-troubleshoot-programmatic-controls",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/PSFxWhitepaper.md",
+      "redirect_url": "/windows/deployment/update/forward-reverse-differentials",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/windows-10-upgrade-paths.md",
+      "redirect_url": "/windows/deployment/upgrade/windows-upgrade-paths",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-infrastructure-requirements.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-infrastructure-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-enterprise-faq-itpro.yml",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-enterprise-faq-itpro",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-deployment-considerations.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-deployment-considerations",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/.openpublishing.redirection.windows-privacy.json b/.openpublishing.redirection.windows-privacy.json
index 3bbff994f7..54a466f5e3 100644
--- a/.openpublishing.redirection.windows-privacy.json
+++ b/.openpublishing.redirection.windows-privacy.json
@@ -2,22 +2,22 @@
   "redirections": [
     {
       "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md",
-      "redirect_url": "/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/gdpr-it-guidance.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/gdpr-win10-whitepaper.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
@@ -27,33 +27,138 @@
     },
     {
       "source_path": "windows/privacy/manage-windows-1709-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/manage-windows-1803-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/manage-windows-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-2004-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md",
-      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/windows-endpoints-1803-non-enterprise-editions.md",
-      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/windows-personal-data-services-configuration.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md",
+      "redirect_url": "https://techcommunity.microsoft.com/t5/windows-it-pro-blog/preview-app-and-driver-compatibility-insights-in-endpoint/ba-p/3482136",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1803",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1903",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-1903-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-1903-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-1909-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-1909-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-2004-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-2004-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-20H2-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-20H2-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-21H1-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-21H1-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1809-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-1809-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1903-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-1903-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1909-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-1909-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-2004-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-2004-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-20H2-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-21H1-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-diagnostic-data-1703.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/changes-to-windows-diagnostic-data-collection.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/changes-to-windows-diagnostic-data-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-10-and-privacy-compliance.md",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/privacy/windows-diagnostic-data.md",
+      "redirect_url": "/windows/privacy/optional-diagnostic-data",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/privacy/Microsoft-DiagnosticDataViewer.md",
+      "redirect_url": "/windows/privacy/diagnostic-data-viewer-powershell",
+      "redirect_document_id": true
     }
   ]
 }
diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index 471c829ed5..fc3a796e95 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -52,7 +52,12 @@
     },
     {
       "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
-      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
       "redirect_document_id": false
     },
     {
@@ -847,27 +852,27 @@
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
       "redirect_document_id": false
     },
     {
@@ -4077,7 +4082,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md",
-      "redirect_url": "/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen",
+      "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx",
       "redirect_document_id": false
     },
     {
@@ -5122,7 +5127,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps",
       "redirect_document_id": false
     },
     {
@@ -6722,7 +6727,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
+      "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx",
       "redirect_document_id": false
     },
     {
@@ -9179,6 +9184,111 @@
       "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/how-to-disable-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/how-to-disable-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/limitations-with-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/using-owa-with-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/wip-learning.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-learning",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/.openpublishing.redirection.windows-whats-new.json b/.openpublishing.redirection.windows-whats-new.json
index 9e05719ebc..80f7068d98 100644
--- a/.openpublishing.redirection.windows-whats-new.json
+++ b/.openpublishing.redirection.windows-whats-new.json
@@ -42,7 +42,7 @@
       },
       {
          "source_path":"windows/whats-new/edp-whats-new-overview.md",
-         "redirect_url":"/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+         "redirect_url":"/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
          "redirect_document_id":false
       },
       {
@@ -159,11 +159,21 @@
          "source_path":"windows/whats-new/whats-new-windows-10-version-20H2.md",
          "redirect_url":"/previous-versions/windows/it-pro/windows-10/whats-new/whats-new-windows-10-version-20H2",
          "redirect_document_id":false
-       },
-       {
-        "source_path":"windows/whats-new/whats-new-windows-10-version-21H1.md",
-        "redirect_url":"/previous-versions/windows/it-pro/windows-10/whats-new/whats-new-windows-10-version-21H1",
-        "redirect_document_id":false
-         }
-      ]
-   }
+      },
+      {
+         "source_path":"windows/whats-new/whats-new-windows-10-version-21H1.md",
+         "redirect_url":"/previous-versions/windows/it-pro/windows-10/whats-new/whats-new-windows-10-version-21H1",
+         "redirect_document_id":false
+      },
+      {
+         "source_path":"windows/whats-new/whats-new-windows-10-version-21H2.md",
+         "redirect_url":"/previous-versions/windows/it-pro/windows-10/whats-new/whats-new-windows-10-version-21H2",
+         "redirect_document_id":false
+      },
+      {
+         "source_path":"windows/whats-new/ltsc/index.yml",
+         "redirect_url":"/windows/whats-new/",
+         "redirect_document_id":false
+      }
+   ]
+}
diff --git a/education/images/EDU-ITJourney.svg b/education/images/EDU-ITJourney.svg
deleted file mode 100644
index e42fe12104..0000000000
--- a/education/images/EDU-ITJourney.svg
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 23.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 50 50" style="enable-background:new 0 0 50 50;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#E6E6E6;}
-	.st1{fill:#C2C2C2;}
-	.st2{fill:#939393;}
-	.st3{fill:#2F2F2F;}
-	.st4{fill:#0078D4;}
-</style>
-<title>EDUAdmins-50px</title>
-<path class="st0" d="M25.2,47.2c-12.3,0-22.3-10-22.3-22.3s10-22.3,22.3-22.3s22.3,10,22.3,22.3v0C47.6,37.2,37.6,47.2,25.2,47.2
-	C25.3,47.2,25.2,47.2,25.2,47.2z"/>
-<path class="st1" d="M25.2,3.7c11.7,0,21.1,9.5,21.1,21.1S36.9,46,25.2,46S4.1,36.5,4.1,24.9l0,0C4.1,13.2,13.6,3.7,25.2,3.7
-	L25.2,3.7 M25.2,1.4c-13,0-23.5,10.5-23.5,23.5s10.5,23.5,23.5,23.5s23.5-10.5,23.5-23.5l0,0C48.7,11.9,38.2,1.4,25.2,1.4
-	C25.2,1.4,25.2,1.4,25.2,1.4z"/>
-<g>
-	<title>MapPin-blue</title>
-	<polygon class="st2" points="34.5,27.8 32.5,21.8 28,21.8 27.9,27.8 	"/>
-	<polygon class="st2" points="23.5,21.8 19,21.8 17.1,27.8 23.4,27.8 	"/>
-	<path class="st2" d="M37.9,35.3l-2.2-6.6H28l0,0c0,1.4-1.1,2.5-2.5,2.5c-1.4,0-2.5-1.1-2.5-2.5h-7.5l-2.2,6.6H37.9z"/>
-	<path class="st3" d="M25.7,30c-0.4,0-0.7-0.3-0.7-0.7V18.8c0-0.4,0.3-0.7,0.7-0.7s0.7,0.3,0.7,0.7v10.4C26.4,29.7,26.1,30,25.7,30z
-		"/>
-	<path class="st4" d="M29.1,13.6c-0.2-0.4-0.5-0.8-0.8-1.2c-0.3-0.3-0.7-0.6-1.2-0.8c-0.5-0.2-1-0.3-1.5-0.3c-0.5,0-1,0.1-1.5,0.3
-		c-0.4,0.2-0.8,0.5-1.2,0.8c-0.3,0.3-0.6,0.7-0.8,1.2c-0.2,0.5-0.3,1-0.3,1.5c0,0.5,0.1,1,0.3,1.5c0.2,0.4,0.5,0.9,0.8,1.2
-		c0.2,0.2,0.3,0.3,0.5,0.4c0.2,0.1,0.4,0.3,0.7,0.4l0,0c0.2,0.1,0.5,0.2,0.7,0.2c0.5,0.1,1,0.1,1.5,0c0.3,0,0.5-0.1,0.7-0.2l0,0
-		c0.2-0.1,0.5-0.2,0.7-0.4c0.2-0.1,0.4-0.3,0.5-0.4c0.3-0.3,0.6-0.8,0.7-1.2c0.2-0.5,0.3-1,0.3-1.5C29.4,14.6,29.3,14.1,29.1,13.6z"
-		/>
-</g>
-</svg>
diff --git a/education/index.yml b/education/index.yml
index adc8d30041..1da8d77fdb 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -8,7 +8,7 @@ metadata:
   title: Microsoft 365 Education Documentation
   description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
   ms.topic: hub-page
-  ms.date: 11/06/2023
+  ms.date: 07/22/2024
 
 productDirectory:
   title: For IT admins
diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md
index 21664c95bd..712eec4c91 100644
--- a/education/windows/edu-take-a-test-kiosk-mode.md
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 title: Configure Take a Test in kiosk mode
 description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
-ms.date: 11/08/2023
+ms.date: 09/06/2024
 ms.topic: how-to
 ---
 
@@ -26,7 +26,7 @@ The other options allow you to configure Take a Test in kiosk mode using a local
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 
-# [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+# [:::image type="icon" source="images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
 
 You can use Intune for Education or a custom profile in Microsoft Intune:
 
diff --git a/education/windows/images/icons/windows-os.svg b/education/windows/images/icons/windows-os.svg
deleted file mode 100644
index da64baf975..0000000000
--- a/education/windows/images/icons/windows-os.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048" width="18" height="18" >
-  <path d="M0 0h961v961H0V0zm1087 0h961v961h-961V0zM0 1087h961v961H0v-961zm1087 0h961v961h-961v-961z" fill="#0078D4" />
-</svg>
\ No newline at end of file
diff --git a/education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png b/education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png
deleted file mode 100644
index 69b81c91e4..0000000000
Binary files a/education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_Package_ready.png b/education/windows/images/suspcs/1810_SUSPC_Package_ready.png
deleted file mode 100644
index b296fb3f84..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_Package_ready.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_Product_key.png b/education/windows/images/suspcs/1810_SUSPC_Product_key.png
deleted file mode 100644
index 3619edb5bf..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_Product_key.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_Take_Test.png b/education/windows/images/suspcs/1810_SUSPC_Take_Test.png
deleted file mode 100644
index d7920a492f..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_Take_Test.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_USB.png b/education/windows/images/suspcs/1810_SUSPC_USB.png
deleted file mode 100644
index 9e6be13a46..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_USB.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_available_settings.png b/education/windows/images/suspcs/1810_SUSPC_available_settings.png
deleted file mode 100644
index a208aa1fa8..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_available_settings.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_personalization.png b/education/windows/images/suspcs/1810_SUSPC_personalization.png
deleted file mode 100644
index bbcbf878f0..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_personalization.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_select_Wifi.png b/education/windows/images/suspcs/1810_SUSPC_select_Wifi.png
deleted file mode 100644
index f0f54c55c9..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_select_Wifi.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_summary.png b/education/windows/images/suspcs/1810_SUSPC_summary.png
deleted file mode 100644
index de83332463..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_summary.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_Sign_In_SUSPC.png b/education/windows/images/suspcs/1810_Sign_In_SUSPC.png
deleted file mode 100644
index b4ac241f72..0000000000
Binary files a/education/windows/images/suspcs/1810_Sign_In_SUSPC.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_choose_account_SUSPC.png b/education/windows/images/suspcs/1810_choose_account_SUSPC.png
deleted file mode 100644
index c702fc87ea..0000000000
Binary files a/education/windows/images/suspcs/1810_choose_account_SUSPC.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_name-devices_SUSPC.png b/education/windows/images/suspcs/1810_name-devices_SUSPC.png
deleted file mode 100644
index 6cfe014572..0000000000
Binary files a/education/windows/images/suspcs/1810_name-devices_SUSPC.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_suspc_settings.png b/education/windows/images/suspcs/1810_suspc_settings.png
deleted file mode 100644
index c42bf2337e..0000000000
Binary files a/education/windows/images/suspcs/1810_suspc_settings.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_suspc_timezone.png b/education/windows/images/suspcs/1810_suspc_timezone.png
deleted file mode 100644
index 1a4dfb7aa1..0000000000
Binary files a/education/windows/images/suspcs/1810_suspc_timezone.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-admin-token-delete-1807.png b/education/windows/images/suspcs/suspc-admin-token-delete-1807.png
deleted file mode 100644
index 0656dbb899..0000000000
Binary files a/education/windows/images/suspcs/suspc-admin-token-delete-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-enable-shared-pc-1807.png b/education/windows/images/suspcs/suspc-enable-shared-pc-1807.png
deleted file mode 100644
index 52fb68f830..0000000000
Binary files a/education/windows/images/suspcs/suspc-enable-shared-pc-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getstarted_050817.png b/education/windows/images/suspcs/suspc_getstarted_050817.png
deleted file mode 100644
index 124905676a..0000000000
Binary files a/education/windows/images/suspcs/suspc_getstarted_050817.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_runpackage_getpcsready.png b/education/windows/images/suspcs/suspc_runpackage_getpcsready.png
deleted file mode 100644
index f3e4cab25a..0000000000
Binary files a/education/windows/images/suspcs/suspc_runpackage_getpcsready.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_setup_removemediamessage.png b/education/windows/images/suspcs/suspc_setup_removemediamessage.png
deleted file mode 100644
index 94e9ddb900..0000000000
Binary files a/education/windows/images/suspcs/suspc_setup_removemediamessage.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png b/education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png
deleted file mode 100644
index bbd10c89c4..0000000000
Binary files a/education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_wcd_featureslist.png b/education/windows/images/suspcs/suspc_wcd_featureslist.png
deleted file mode 100644
index 32b9211799..0000000000
Binary files a/education/windows/images/suspcs/suspc_wcd_featureslist.png and /dev/null differ
diff --git a/education/windows/images/suspcs/win10_1703_oobe_firstscreen.png b/education/windows/images/suspcs/win10_1703_oobe_firstscreen.png
deleted file mode 100644
index 0d5343d0b4..0000000000
Binary files a/education/windows/images/suspcs/win10_1703_oobe_firstscreen.png and /dev/null differ
diff --git a/education/windows/index.yml b/education/windows/index.yml
index 942a90b16b..4bc8fe8393 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -9,20 +9,19 @@ metadata:
   ms.collection:
     - education
     - tier1
-    - essentials-navigation
   author: paolomatarazzo
   ms.author: paoloma
   manager: aaroncz
-  ms.date: 10/30/2023
+  ms.date: 07/22/2024
 
 highlightedContent:
   items:
   - title: Get started with Windows 11 SE
     itemType: get-started
     url: windows-11-se-overview.md
-  - title: Windows 11, version 22H2
+  - title: Windows 11, version 23H2
     itemType: whats-new
-    url: /windows/whats-new/whats-new-windows-11-version-22H2
+    url: /windows/whats-new/whats-new-windows-11-version-23h2
   - title: Explore all Windows trainings and learning paths for IT pros
     itemType: learn
     url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
@@ -40,7 +39,7 @@ productDirectory:
           text: "Tutorial: deploy and manage Windows devices in a school"
         - url: /education/windows/tutorial-school-deployment/enroll-autopilot
           text: Enrollment in Intune with Windows Autopilot
-        - url: use-set-up-school-pcs-app.md
+        - url: suspcs/index.md
           text: Deploy devices with Set up School PCs
         - url: /windows/deployment
           text: Learn more about Windows deployment >
@@ -79,7 +78,7 @@ productDirectory:
           text: Set up a shared or guest Windows device
         - url: /education/windows/take-tests-in-windows
           text: Take tests and assessments in Windows
-        - url: set-up-school-pcs-provisioning-package.md
+        - url: /education/windows/suspcs/provisioning-package
           text: Provisioning package settings
         - url: https://www.youtube.com/watch?v=2ZLup_-PhkA
           text: "Video: Use the Set up School PCs App"
@@ -137,4 +136,4 @@ additionalContent:
             - text: Microsoft Intune community
               url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
             - text: Microsoft Support community
-              url: https://answers.microsoft.com/windows/forum
\ No newline at end of file
+              url: https://answers.microsoft.com/
diff --git a/education/windows/suspcs/images/landing-page.png b/education/windows/suspcs/images/landing-page.png
new file mode 100644
index 0000000000..1d0acdbe96
Binary files /dev/null and b/education/windows/suspcs/images/landing-page.png differ
diff --git a/education/windows/suspcs/images/splash-screen.png b/education/windows/suspcs/images/splash-screen.png
new file mode 100644
index 0000000000..b5218029c4
Binary files /dev/null and b/education/windows/suspcs/images/splash-screen.png differ
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/suspcs/index.md
similarity index 73%
rename from education/windows/use-set-up-school-pcs-app.md
rename to education/windows/suspcs/index.md
index b7d2153dce..3e41143df7 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/suspcs/index.md
@@ -2,14 +2,15 @@
 title: Use Set up School PCs app
 description: Learn how to use the Set up School PCs app and apply the provisioning package.
 ms.topic: how-to
-ms.date: 11/09/2023
+ms.date: 07/09/2024
 appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Use the Set up School PCs app
 
-IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows devices for students. The app configures devices with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student device in Microsoft Intune. You can then manage all the settings the app configures through Intune.
+IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows devices for students. During setup, student devices can be enrolled in Microsoft Intune, so that you can manage all the settings the app configures through Intune.
 
 With Set up School PCs you can:
 
@@ -18,7 +19,9 @@ With Set up School PCs you can:
 - Use Windows Update and maintenance hours to keep student devices up-to-date, without interfering with class time
 - Lock down student devices to prevent activity that aren't beneficial to their education
 
-This article describes how to use the Set up School PCs app. To learn more about the app's functionality, review the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).
+This article describes how to use the Set up School PCs app. To learn more about the app's functionality, review the [Technical reference for the Set up School PCs app](reference.md).
+
+:::image type="content" source="images/splash-screen.png" alt-text="Screenshot of the SUSPCs splash screen." border="false":::
 
 ## Requirements
 
@@ -95,10 +98,13 @@ We strongly recommend that you avoid changing preset policies. Changes can slow
 
 The **Set up School PCs** app guides you through the configuration choices for the student PCs.  To begin, open the app on your device and select **Get started**.
 
-![Launch the Set up School PCs app.](images/suspcs/suspc_getstarted_050817.png)
-
-### Package name
+:::image type="content" source="images/landing-page.png" alt-text="Screenshot of the SUSPCs landing page." border="false":::
 
+:::row:::
+  :::column span="1":::
+        ### Package name
+    :::column-end:::
+  :::column span="3":::
 Type a unique name to help distinguish your school's provisioning packages. The name appears:
 
 - On the local package folder
@@ -106,59 +112,57 @@ Type a unique name to help distinguish your school's provisioning packages. The
 
 A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 1-1-2024)*. The expiration date is 180 days after you create your package.
 
-  ![Example screenshot of the Set up School PCs app, Name your package screen.](images/suspcs/1810_Name_Your_Package_SUSPC.png)
-
 After you select **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.
 
-To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. You can access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](/entra/identity/role-based-access-control/permissions-reference#user-administrator), and rename the package there.
+To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. You can access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](/entra/identity/role-based-access-control/permissions-reference#user-administrator), and rename the package there.<br><br>
+    :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
 
-### Sign in
 
+### Connect your school's account
+    :::column-end:::
+  :::column span="3":::
 1. Select how you want to sign in
     1. (Recommended) To enable student device to automatically connect and authenticate to Microsoft Entra ID, and management services like Microsoft Intune, select **Sign-in**. Then go to step 3
-    1. To complete setup without signing in, select **Continue without account**. Student devices won't connect to your school's cloud services and their management will be more difficult later. Continue to [Wireless network](#wireless-network)
+    1. To complete setup without signing in, select **Continue without account**. Student devices won't connect to your school's cloud services and their management will be more difficult later. Continue to [Select a wireless network](#select-a-wireless-network)
 1. In the new window, select the account you want to use throughout setup.
 
-    ![Sign-in screen showing the option to "Use this account" or use a different "Work or school account."](images/suspcs/1810_choose_account_suspc.png)
-
     To add an account not listed:
     1. Select **Work or school account** > **Continue**.
     1. Type in the account username and select **Next**.
     1. Verify the user account and password, if prompted.
 
 1. Select **Accept** to allow Set up School PCs to access your account throughout setup
-1. When your account name appears on the page, select **Next**
+1. When your account name appears on the page, select **Next** <br><br>
+    :::column-end:::
+:::row-end:::
 
-      ![Example screenshot of the Set up School PC app, Sign in screen, showing that the user's account name appears at the bottom of the page.](images/suspcs/1810_Sign_In_SUSPC.png)
 
-### Wireless network
+:::row:::
+  :::column span="1":::
+#### Select a wireless network
 
+
+    :::column-end:::
+  :::column span="3":::
 Add and save the wireless network profile that you want student devices to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.
 
-Select your organization's Wi-Fi network from the list of available wireless networks, or select **Add a wireless network** to manually configure it. Then select **Next**
+Select your organization's Wi-Fi network from the list of available wireless networks, or select **Add a wireless network** to manually configure it. Then select **Next**.<br><br>
+    :::column-end:::
+:::row-end:::
 
- ![Example screenshot of the Set up School PC app, Wireless network page with two Wi-Fi networks listed, one of which is selected.](images/suspcs/1810_SUSPC_select_Wifi.png)
-
-### Device names
-
-Create a name to add as a prefix to each device. This name helps you recognize and manage this group of devices in Intune.
-
-To make sure all device names are unique, Set up School PCs automatically appends `_%SERIAL%` to the name. For example, if you add *MATH4* as the prefix, the device names appear as *MATH4* followed by the device serial number.
-
-To keep the default name for your devices, select **Continue with existing names**.
-
-  !["Name these devices" screen with the device field filled in with example device name, "Grd8."](images/suspcs/1810_name-devices_SUSPC.png)
-
-### Settings
 
+:::row:::
+  :::column span="1":::
+#### Configure device settings
+    :::column-end:::
+  :::column span="3":::
 Select more settings to include in the provisioning package. To begin, select the operating system on your student PCs.
 
-![Screenshot of the Current OS version page with the Select OS version menu selected, showing 7 Windows 10 options. All other settings on page are unavailable to select.](images/suspcs/1810_suspc_settings.png)
-
 Setting selections vary based on the OS version you select.
 
-![Example screenshot of the Current OS version page, with Windows 10 version 1803 selected. 4 available settings and 1 unavailable setting are shown, and none are selected.](images/suspcs/1810_SUSPC_available_settings.png)
-
 The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
 
 | Setting | What happens if I select it? | Note |
@@ -170,74 +174,113 @@ The following table describes each setting and lists the applicable Windows 10 v
 | Enable Autopilot Reset | Lets you remotely reset a student's PC from the lock screen, apply the device's original settings, and enroll it in device management (Microsoft Entra ID and MDM). | WinRE must be enabled on the device. |
 | Lock screen background | Change the default screen lock background to a custom image. | Select **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png. |
 
-After you've made your selections, select **Next**.
+After you've made your selections, select **Next**.<br><br>
+    :::column-end:::
+:::row-end:::
 
-### Time zone
 
+:::row:::
+  :::column span="1":::
+#### Name devices
+    :::column-end:::
+  :::column span="3":::
+Create a name to add as a prefix to each device. This name helps you recognize and manage this group of devices in Intune.
+
+To make sure all device names are unique, Set up School PCs automatically appends `_%SERIAL%` to the name. For example, if you add *MATH4* as the prefix, the device names appear as *MATH4* followed by the device serial number.
+
+To keep the default name for your devices, select **Continue with existing names**.<br><br>
+    :::column-end:::
+:::row-end:::
+
+
+:::row:::
+  :::column span="1":::
+#### Select time zone
+    :::column-end:::
+  :::column span="3":::
 > [!WARNING]
 > If you are using the Autounattend.xml file to reimage your school PCs, do not specify a time zone in the file. If you set the time zone in the file *and* in this app, you will encounter an error.
 
-Choose the time zone where your school's devices are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, select **Next**.
+Choose the time zone where your school's devices are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, select **Next**.<br><br>
+    :::column-end:::
+:::row-end:::
 
-![Choose PC time zone page with the time zone menu expanded to show all time zone selections.](images/suspcs/1810_suspc_timezone.png)
 
-### Product key
+:::row:::
+  :::column span="1":::
+#### Change product key
+    :::column-end:::
+  :::column span="3":::
+Optionally, type in a 25-digit product key to upgrade or change the edition of Windows on your student devices. If you don't have a product key, select **Continue without change**.<br><br>
+    :::column-end:::
+:::row-end:::
 
-Optionally, type in a 25-digit product key to upgrade or change the edition of Windows on your student devices. If you don't have a product key, select **Continue without change**.
 
-![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/suspcs/1810_suspc_product_key.png)
+:::row:::
+  :::column span="1":::
+#### Set up the Take a Test app
+    :::column-end:::
+  :::column span="3":::
 
-### Take a Test
-
-Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student devices so that students can't access anything else on the device.
+   Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student devices so that students can't access anything else on the device.
 
 1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' devices
 
-    ![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/suspcs/1810_SUSPC_Take_Test.png)
-
 1. Select from the advanced settings. Available settings include:
     - Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the device's keyboard
     - Allow teachers to monitor online tests: Enables screen capture in the Take a Test app
 1. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to select or enter the link to view the assessment
-1. Select **Next**
+1. Select **Next**<br><br>
+column-end:::
+:::row-end:::
 
-### Personalization
+
+:::row:::
+  :::column span="1":::
+#### Choose backgrounds
+    :::column-end:::
+  :::column span="3":::
 
 Upload custom images to replace the student devices' default desktop and lock screen backgrounds. Select **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.
 
-If you don't want to upload custom images or use the images that appear in the app, select **Continue without personalization**. This option doesn't apply any customizations, and instead uses the devices' default or preset images.
+If you don't want to upload custom images or use the images that appear in the app, select **Continue without personalization**. This option doesn't apply any customizations, and instead uses the devices' default or preset images.<br><br>
+    :::column-end:::
+:::row-end:::
 
-![Example image of the Set up School PCs app, Personalization screen, showing the default desktop and lock screen background photos, a Browse button under each photo, a blue Next button, and a Continue without personalization button.](images/suspcs/1810_SUSPC_personalization.png)
-
-### Summary
 
+:::row:::
+  :::column span="1":::
+#### Summary
+    :::column-end:::
+  :::column span="3":::
 Review all of the settings for accuracy and completeness
 
 1. To make changes now, select any page along the left side of the window
 2. When finished, select **Accept**
 
-![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Time zone, Take a Test. Accept button is available and the page contains three links on the right-hand side to help and support.](images/suspcs/1810_SUSPC_summary.png)
-
 > [!NOTE]
 > To make changes to a saved package, you have to start over.
 
-### Insert USB
+<br><br>
+    :::column-end:::
+:::row-end:::
 
+:::row:::
+  :::column span="1":::
+
+#### Save the package
+    :::column-end:::
+  :::column span="3":::
 1. Insert a USB drive. The **Save** button lights up when your computer detects the USB
 1. Choose your USB drive from the list and select **Save**
-
-    ![Insert a USB drive now screen with USB drive selection highlighted. Save button is blue and active.](images/suspcs/1810_SUSPC_USB.png)
-
-1. When the package is ready, you see the filename and package expiration date. You can also select **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and select **Next**
-
-![Your provisioning package is ready screen with package filename and expiration date. Shows an active blue, Next button, and a gray Add a USB button.](images/suspcs/1810_SUSPC_Package_ready.png)
+1. When the package is ready, you see the filename and package expiration date. You can also select **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and select **Next**<br><br>
+    :::column-end:::
+:::row-end:::
 
 ## Run package - Get PCs ready
 
 Complete each step on the **Get PCs ready** page to prepare student devices for set-up. Then select **Next**.
 
-![Your provisioning package is ready! screen with 3 steps to get student devices ready for setup. Save button is active.](images/suspcs/suspc_runpackage_getpcsready.png)
-
 ## Run package - Install package on PC
 
 The provisioning package on your USB drive is named SetupSchoolPCs_<*devicename*>(Expires <*expiration date*>.ppkg. A provisioning package applies settings to Windows without reimaging the device.
@@ -245,20 +288,11 @@ The provisioning package on your USB drive is named SetupSchoolPCs_<*devicename*
 When used in context of the Set up School PCs app, the word *package* refers to your provisioning package. The word *provisioning* refers to the act of installing the package on the student device. This section describes how to apply the settings to a device in your school.
 
 > [!IMPORTANT]
-> The devices must have a new or reset Windows image and must not already have been through first-run setup experience (which is referred to as *OOBE*). For instructions about how to reset a devices's image, see [Prepare existing PC account for new setup](use-set-up-school-pcs-app.md#prepare-existing-pc-account-for-new-setup).
+> The devices must have a new or reset Windows image and must not already have been through first-run setup experience (which is referred to as *OOBE*). For instructions about how to reset a devices's image, see [Prepare existing PC account for new setup](#prepare-existing-pc-account-for-new-setup).
 
 1. Start with the student device turned off or with the device on the first-run setup screen. If the device is past the account setup screen, reset the device to start over. To reset the it, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**
-
-    ![Example screenshot of the first screen the Windows 10 PC setup for OOBE. United States is selected as the region and the Yes button is active.](images/suspcs/win10_1703_oobe_firstscreen.png)
-
 1. Insert the USB drive. Windows automatically recognizes and installs the package
-
-    ![Screen showing that the installation is automatically beginning, with a loading bar showing the status on the installation.](images/suspcs/suspc_studentpcsetup_installingsetupfile.png)
-
 1. When you receive the message that it's okay to remove the USB drive, remove it from the device. If there are more devices to set up, insert the USB drive into the next one
-
-     ![Screen with message telling user to remove the USB drive.](images/suspcs/suspc_setup_removemediamessage.png)
-
 1. If you didn't set up the package with Microsoft Entra join, continue the Windows device setup experience. If you did configure the package with Microsoft Entra join, the device is ready for use and no further configurations are required
 
 If successful, you'll see a setup complete message. The PCs start up on the lock screen, with your school's custom background. Upon first use, students and teachers can connect to your school's network and resources.
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/suspcs/provisioning-package.md
similarity index 94%
rename from education/windows/set-up-school-pcs-provisioning-package.md
rename to education/windows/suspcs/provisioning-package.md
index 8b49992af0..677b9b7b6f 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/suspcs/provisioning-package.md
@@ -4,6 +4,7 @@ description: Learn about the settings that are configured in the provisioning pa
 ms.date: 04/10/2024
 ms.topic: reference
 appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
@@ -28,7 +29,7 @@ For a more detailed look at the policies, see the Windows article [Set up shared
 | Policy name | Default value | Description |
 |--|--|--|
 | Enable Shared PC mode | True | Configures the PCs so they're in shared PC mode. |
-| Set education policies | True | School-optimized settings are applied to the PCs so that they're appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](./configure-windows-for-education.md). |
+| Set education policies | True | School-optimized settings are applied to the PCs so that they're appropriate for an educational environment.|
 | Account Model | Only guest, Domain-joined only, or Domain-joined and guest | Controls how users can sign in on the PC. Configurable from the Set up School PCs app. Choosing domain-joined enables any user in the domain to sign in. Specifying the guest option adds the Guest option to the sign-in screen and enable anonymous guest access to the PC. |
 | Deletion policy | Delete at disk space threshold and inactive threshold | Delete at disk space threshold starts deleting accounts when available disk space falls below the threshold you set for disk level deletion. It stops deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they haven't signed in within the number of days specified by inactive threshold policy. |
 | Disk level caching | 50% | Sets 50% of total disk space to be used as the disk space threshold for account caching. |
@@ -120,13 +121,3 @@ Review the table below to estimate your expected provisioning time. A package th
 | Default settings + apps | Wi-Fi | 10 to 15 minutes |
 | Default settings + remove preinstalled apps (CleanPC) | Wi-Fi | 60 minutes |
 | Default settings + other settings (Not CleanPC) | Wi-Fi | 5 minutes |
-
-## Next steps
-
-Learn more about setting up devices with the Set up School PCs app.
-
-- [Microsoft Entra join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
-- [Set up School PCs technical reference](set-up-school-pcs-technical.md)
-- [Set up Windows 10 devices for education](set-up-windows-10.md)
-
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/suspcs/reference.md
similarity index 92%
rename from education/windows/set-up-school-pcs-technical.md
rename to education/windows/suspcs/reference.md
index 213c75c26f..278344c047 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/suspcs/reference.md
@@ -4,6 +4,7 @@ description: Describes the purpose of the Set up School PCs app for Windows 10 d
 ms.topic: overview
 ms.date: 01/16/2024
 appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
@@ -12,7 +13,7 @@ appliesto:
 The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The app, which is available for Windows 10 version 1703 and later, configures and saves school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs.
 
 If your school uses Microsoft Entra ID or Office 365, the Set up
-School PCs app will create a setup file. This file joins the PC to your Microsoft Entra tenant. The app also helps set up PCs for use with or without Internet connectivity.  
+School PCs app will create a setup file. This file joins the PC to your Microsoft Entra tenant. The app also helps set up PCs for use with or without Internet connectivity.
 
 ## Join devices to Microsoft Entra ID
 
@@ -46,4 +47,4 @@ The following table describes the Set up School PCs app features and lists each
 >[!NOTE]
 >You can only use the Set up School PCs app to set up PCs that are connected to Microsoft Entra ID.
 
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](index.md).
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index f7c44f77e7..244868ff4c 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -1,7 +1,7 @@
 ---
 title: Take a Test app technical reference
 description: List of policies and settings applied by the Take a Test app.
-ms.date: 11/02/2023
+ms.date: 09/06/2024
 ms.topic: reference
 ---
 
@@ -15,7 +15,7 @@ Assessment vendors can use Take a Test as a platform to lock down the operating
 
 ## PC lock-down for assessment
 
- When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.  
+ When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
 
 When running above the lock screen:
 
@@ -64,7 +64,7 @@ When Take a Test is running, the following functionality is available to student
     - Assistive technology that might be running
     - Lock screen (not available if student is using a dedicated test account)
 
-    > [!NOTE] 
+    > [!NOTE]
     > The app will exit if the student signs in to an account from the lock screen.
     > Progress made in the test may be lost or invalidated.
 - The student can exit the test by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd>
diff --git a/education/windows/toc.yml b/education/windows/toc.yml
index 62e4c0d85c..1774ae6103 100644
--- a/education/windows/toc.yml
+++ b/education/windows/toc.yml
@@ -16,18 +16,8 @@ items:
         href: windows-11-se-settings-list.md
       - name: Frequently Asked Questions (FAQ)
         href: windows-11-se-faq.yml
-    - name: Windows in S Mode
-      items:
-      - name: Overview
-        href: /windows/deployment/s-mode?context=/education/context/context
-      - name: Switch Windows edition from S mode
-        href: /windows/deployment/windows-10-pro-in-s-mode?context=/education/context/context
-      - name: Deploy Win32 apps to S Mode devices
-        href: /windows/security/threat-protection/windows-defender-application-control/lob-win32-apps-on-s?context=/education/context/context
-    - name: Considerations for shared and guest devices
+    - name: Shared devices and guests access
       href: /windows/configuration/shared-devices-concepts?context=/education/context/context
-    - name: Windows 10 configuration recommendations for education customers
-      href: configure-windows-for-education.md
     - name: Take tests and assessments in Windows
       href: take-tests-in-windows.md
 - name: How-to-guides
@@ -49,7 +39,7 @@ items:
     - name: Get and deploy Minecraft Education
       href: get-minecraft-for-education.md
     - name: Use the Set up School PCs app
-      href: use-set-up-school-pcs-app.md
+      href: suspcs/index.md
     - name: Upgrade Windows Home to Windows Education on student-owned devices
       href: change-home-to-edu.md
 - name: Reference
@@ -57,9 +47,9 @@ items:
     - name: Set up School PCs
       items:
       - name: Set up School PCs app technical reference
-        href: set-up-school-pcs-technical.md
+        href: suspcs/reference.md
       - name: Provisioning package settings
-        href: set-up-school-pcs-provisioning-package.md
+        href: suspcs/provisioning-package.md
     - name: Take a Test technical reference
       href: take-a-test-app-technical.md
     - name: Shared PC technical reference
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 56477ff62e..e5fd11df2b 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -103,7 +103,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `DigiExam`                                | 14.1.0            | `Win32`    | `Digiexam`                                |
 | `Digital Secure testing browser`          | 15.0.0            | `Win32`    | `Digiexam`                                |
 | `Dolphin Guide Connect`                   | 1.27              | `Win32`    | `Dolphin Guide Connect`                   |
-| `Dragon Professional Individual`          | 15.00.100         | `Win32`    | `Nuance Communications`                   |
+| `Dragon Professional Individual`          | 16.00.200.121       | `Win32`    | `Nuance Communications`                   |
 | `DRC INSIGHT Online Assessments`          | 14.0.0.0          | `Store`  | `Data recognition Corporation`              |
 | `Duo from Cisco`                          | 6.3.0            | `Win32`    | `Cisco`                                   |
 | `Dyknow`                                  | 7.9.13.7          | `Win32`    | `Dyknow`                                  |
@@ -114,7 +114,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `ESET Endpoint Security`                  | 10.1.2046.0       | `Win32`    | `ESET`                                    |
 | `ESET Remote Administrator Agent`         | 10.0.1126.0       | `Win32`    | `ESET`                                    |
 | `eTests`                                  | 4.0.25            | `Win32`    | `CASAS`                                   |
-| `Exam Writepad`                           | 23.12.10.1200      | `Win32`    | `Sheldnet`                                |
+| `Exam Writepad`                           | 24.4.1.1200      | `Win32`    | `Sheldnet`                                |
 | `FirstVoices Keyboard`                    | 15.0.270          | `Win32`    | `SIL International`                       |
 | `FortiClient`                             | 7.2.0.4034+       | `Win32`    | `Fortinet`                                |
 | `Free NaturalReader`                      | 16.1.2            | `Win32`    | `Natural Soft`                            |
@@ -128,7 +128,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `IMT Lazarus`                             | 2.86.0            | `Win32`    | `IMTLazarus`                              |
 | `Inprint`                                 | 3.7.6             | `Win32`    | `Inprint`                                 |
 | `Inspiration 10`                          | 10.11             | `Win32`    | `TechEdology Ltd`                         |
-| `Instashare`                              | 1.3.13.0            | `Win32`    | `Instashare`                            |
+| `Instashare 2`                              | 1.3.13.0         | `Win32`  | `BenQ`                                    |
 | `JAWS for Windows`                        | 2024.2312.53      | `Win32`    | `Freedom Scientific`                      |
 | `Kite Student Portal`                     | 9.0.0.0           | `Win32`    | `Dynamic Learning Maps`                   |
 | `Keyman`                                  | 16.0.142          | `Win32`    | `SIL International`                       |
@@ -170,7 +170,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Remote Help`                             | 5.0.1311.0        | `Win32`    | `Microsoft`                               |
 | `Respondus Lockdown Browser`              | 2.1.1.05          | `Win32`    | `Respondus`                               |
 | `Safe Exam Browser`                       | 3.5.0.544         | `Win32`    | `Safe Exam Browser`                       |
-|`SchoolYear`                               | 3.5.4             | `Win32`    |`SchoolYear`                               |
+|`SchoolYear`                               | 3.7.10            | `Win32`    |`SchoolYear`                               |
 |`School Manager`                           | 3.6.10-1149       | `Win32`    |`Linewize`                                 |
 |`Schoolnet Secure Tester`                  |  2.1.0            | `Win32`    |`School Net`                               |
 |`Scratch`                                  | 3.0               | `Win32`    |`MIT`                                      |
@@ -188,8 +188,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Windows SEB`                             | 3.4.0             | `Win32`    | `Illinois Stateboard of Education`        |
 | `Windows Notepad`                         | 12.0.78           | `Store`    | `Microsoft Corporation`                   |
 | `Zoom`                                    | 5.12.8 (10232)    | `Win32`    | `Zoom`                                    |
-| `ZoomText Fusion`                         | 2024.2310.13.400  | `Win32`    | `Freedom Scientific`                      |
-| `ZoomText Magnifier/Reader`               | 2024.2312.26.400  | `Win32`    | `Freedom Scientific`                      |
+| `ZoomText Fusion`                         | 2024.2403.1.400  | `Win32`    | `Freedom Scientific`                      |
+| `ZoomText Magnifier/Reader`               | 2024.2402.66.400  | `Win32`    | `Freedom Scientific`                      |
 
 ## Add your own applications
 
diff --git a/includes/configure/tab-intro.md b/includes/configure/tab-intro.md
index c9c293a8c5..31046b2203 100644
--- a/includes/configure/tab-intro.md
+++ b/includes/configure/tab-intro.md
@@ -1,9 +1,9 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 08/15/2023
+ms.date: 08/20/2024
 ms.topic: include
 ms.service: windows-client
 ---
 
-The following instructions provide details how to configure your devices. Select the option that best suits your needs.
\ No newline at end of file
+The following instructions provide details about how to configure your devices. Select the option that best suits your needs.
\ No newline at end of file
diff --git a/store-for-business/TOC.yml b/store-for-business/TOC.yml
deleted file mode 100644
index 03ce31fa9e..0000000000
--- a/store-for-business/TOC.yml
+++ /dev/null
@@ -1,84 +0,0 @@
-- name: Microsoft Store for Business
-  href: index.md
-  items: 
-    - name: What's new in Microsoft Store for Business and Education
-      href: whats-new-microsoft-store-business-education.md
-    - name: Sign up and get started
-      href: sign-up-microsoft-store-for-business-overview.md
-      items: 
-        - name: Microsoft Store for Business and Microsoft Store for Education overview
-          href: microsoft-store-for-business-overview.md
-        - name: Prerequisites for Microsoft Store for Business and Education
-          href: prerequisites-microsoft-store-for-business.md
-        - name: Roles and permissions in the Microsoft Store for Business and Education
-          href: roles-and-permissions-microsoft-store-for-business.md
-        - name: "Settings reference: Microsoft Store for Business and Education"
-          href: settings-reference-microsoft-store-for-business.md
-    - name: Find and acquire apps
-      href: find-and-acquire-apps-overview.md
-      items: 
-        - name: Apps in the Microsoft Store for Business and Education
-          href: apps-in-microsoft-store-for-business.md
-        - name: Acquire apps
-          href: acquire-apps-microsoft-store-for-business.md
-        - name: Working with line-of-business apps
-          href: working-with-line-of-business-apps.md
-    - name: Distribute apps
-      href: distribute-apps-to-your-employees-microsoft-store-for-business.md
-      items: 
-        - name: Distribute apps using your private store
-          href: distribute-apps-from-your-private-store.md
-        - name: Assign apps to employees
-          href: assign-apps-to-employees.md
-        - name: Distribute apps with a management tool
-          href: distribute-apps-with-management-tool.md
-        - name: Distribute offline apps
-          href: distribute-offline-apps.md
-    - name: Manage products and services
-      href: manage-apps-microsoft-store-for-business-overview.md
-      items: 
-        - name: App inventory management
-          href: app-inventory-management-microsoft-store-for-business.md
-        - name: Manage orders
-          href: manage-orders-microsoft-store-for-business.md
-        - name: Manage access to private store
-          href: manage-access-to-private-store.md
-        - name: Manage private store settings
-          href: manage-private-store-settings.md
-        - name: Configure MDM provider
-          href: configure-mdm-provider-microsoft-store-for-business.md
-        - name: Manage Windows device deployment with Windows Autopilot Deployment
-          href: add-profile-to-devices.md
-        - name: Microsoft Store for Business and Education PowerShell module - preview
-          href: microsoft-store-for-business-education-powershell-module.md
-        - name: Working with solution providers
-          href: /microsoft-365/commerce/manage-partners
-    - name: Billing and payments
-      href: billing-payments-overview.md
-      items: 
-        - name: Understand your invoice
-          href: billing-understand-your-invoice-msfb.md
-        - name: Payment methods
-          href: payment-methods.md
-        - name: Understand billing profiles
-          href: billing-profile.md
-    - name: Manage settings in the Microsoft Store for Business and Education
-      href: manage-settings-microsoft-store-for-business.md
-      items: 
-        - name: Update account settings
-          href: update-microsoft-store-for-business-account-settings.md
-        - name: Manage user accounts
-          href: manage-users-and-groups-microsoft-store-for-business.md
-    - name: Device Guard signing portal
-      href: device-guard-signing-portal.md
-      items: 
-        - name: Add unsigned app to code integrity policy
-          href: add-unsigned-app-to-code-integrity-policy.md
-        - name: Sign code integrity policy with Device Guard signing
-          href: sign-code-integrity-policy-with-device-guard-signing.md
-    - name: Troubleshoot
-      href: troubleshoot-microsoft-store-for-business.md
-    - name: Notifications
-      href: notifications-microsoft-store-business.md
-    - name: Change history
-      href: sfb-change-history.md
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
deleted file mode 100644
index a5cee55a8b..0000000000
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: Acquire apps in Microsoft Store for Business (Windows 10)
-description: As an admin, you can acquire apps from the Microsoft Store for Business for your employees. Some apps are free, and some have a price. For info on app types that are supported, see Apps in the Microsoft Store for Business.
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.reviewer: 
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Acquire apps in Microsoft Store for Business and Education
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-> [!NOTE]
-> As of April 14th, 2021, only free apps are available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
-
-As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md). The following sections explain some of the settings for shopping.
-
-## App licensing model
-
-The Microsoft Store supports two options to license apps: online and offline. **Online** licensing is the default licensing model. Online licensed apps require users and devices to connect to the Microsoft Store services to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Admins control whether or not offline apps are available in Microsoft Store with an offline app visibility setting. 
-
-For more information on the Microsoft Store licensing model, see [licensing model](./apps-in-microsoft-store-for-business.md#licensing-model).
-
-## Payment options
-
-Some apps are free, and some have a price. Apps can be purchased in the Microsoft Store using your credit card. You can enter your credit card information on **Account Information**, or when you purchase an app. Currently, we accept these credit cards:
-
-- VISA 
-- MasterCard 
-- Discover 
-- American Express 
-- Japan Commercial Bureau (JCB)
-
-## Organization info
-
-There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven't provided it, we'll ask when you make a purchase. Either way works. Here's the info you'll need to provide:
-
-- Legal business address
-- Payment option (credit card)
-
-## Allow users to shop
-
-**Allow users to shop** controls the shopping experience in Microsoft Store for Education. When this setting is on, **Purchasers** and **Basic Purchasers** can purchase products and services from Microsoft Store for Education. If your school chooses to closely control how purchases are made, admins can turn off **Allow users to shop**. When the setting is off:
-
-- The shopping experience is not available 
-- **Purchasers** and **Basic Purchasers** can't purchase products and services from Microsoft Store for Education
-- Admins can't assign shopping roles to users
-- Products and services previously purchased by **Basic Purchasers** can be managed by admins. 
-
-**To manage Allow users to shop setting**
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) 
-2. Select **Manage**, and then select **Settings**. 
-3. On **Shop**, , under **Shopping behavior**, turn on or turn off **Allow users to shop**.
-
-![manage settings to control Basic Purchaser role assignment.](images/sfb-allow-shop-setting.png)
-
-## Allow app requests
-
-People in your org can request license for apps that they need, or that others need. When **Allow app requests** is turned on, app requests are sent to org admins. Admins for your tenant will receive an email with the request, and can decide about making the purchase. 
-
-**To manage Allow app requests**
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) 
-2. Select **Manage**, and then select **Settings**. 
-3. On **Shop**, under **Shopping behavior** turn on or turn off **Allow app requests**.
-
-## Acquire apps
-
-**To acquire an app**  
-
-1. Sign in to https://businessstore.microsoft.com
-2. Select **Shop for my group**, or use Search to find an app. 
-3. Select the app you want to purchase. 
-4. On the product description page, choose your license type - either online or offline. 
-5.  Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and select **Next**.
-6. If you don't have a payment method saved in **Billing & payments**, we will prompt you for one.
-7. Add your credit card or debit card info, and select **Next**. Your card info is saved as a payment option on **Billing & payments - Payment methods**.
-
-You'll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information). 
-
-Microsoft Store adds the app to your inventory. From **Products & services**, you can:
-
-- Distribute the app: add to private store, or assign licenses
-- View app licenses: review current licenses, reclaim and reassign licenses
-- View app details: review the app details page and purchase more licenses
-
-For info on distributing apps, see [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
-
-For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
\ No newline at end of file
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
deleted file mode 100644
index 73cb1cafc3..0000000000
--- a/store-for-business/add-profile-to-devices.md
+++ /dev/null
@@ -1,148 +0,0 @@
----
-title: Manage Windows device deployment with Windows Autopilot Deployment
-description: Add an Autopilot profile to devices. Autopilot profiles control what is included in Windows set up experience for your employees.
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.date: 05/24/2023
-ms.reviewer: 
-ms.topic: conceptual
-ms.localizationpriority: medium
----
-
-# Manage Windows device deployment with Windows Autopilot Deployment
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).
-
-Watch this video to learn more about Windows Autopilot in Microsoft Store for Business. </br>
-
-> [!video https://www.microsoft.com/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
-
-## What is Windows Autopilot?
-In Microsoft Store for Business, you can manage devices for your organization and apply an *Autopilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device.
-
-You can create and apply Autopilot deployment profiles to these devices. The overall process looks like this.
-
-![Block diagram with main steps for using Autopilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png)
-
-Figure 1 - Windows Autopilot Deployment Program process
-
-Autopilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include.
-
-### Autopilot deployment profiles - default settings
-These settings are configured with all Autopilot deployment profiles:
-- Skip Cortana, OneDrive, and OEM registration setup pages
-- Automatically setup for work or school
-- Sign in experience with company or school brand
-
-### Autopilot deployment profiles - optional settings
-These settings are off by default. You can turn them on for your Autopilot deployment profiles:
-- Skip privacy settings
-
-### Support for Autopilot profile settings
-Autopilot profile settings are supported beginning with the version of Windows they were introduced in. This table summarizes the settings and what they are supported on.
-
-| Setting | Supported on  |
-| ------- | ------------- |
-| Deployment default features| Windows 10, version 1703 or later |
-| Skip privacy settings | Windows 10, version 1703 or later |
-| Disable local admin account creation on the device | Windows 10, version 1703 or later |
-| Skip End User License Agreement (EULA) | Windows 10, version 1709 or later. </br> [Learn about Windows Autopilot EULA dismissal](/windows/deployment/Windows-Autopilot-EULA-note) |
-
-
-## Windows Autopilot deployment profiles in Microsoft Store for Business and Education
-You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements:
-- Windows 10, version 1703 or later
-- New devices that have not been through Windows out-of-box experience.
-
-## Add devices and apply Autopilot deployment profile
-To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices.
-
-### Device information file format
-Columns in the device information file need to use this naming and be in this order:
-- Column A: Device Serial Number
-- Column B: Windows Product ID (optional, typically blank)
-- Column C: Hardware Hash
-
-Here's a sample device information file:
-
-![Notepad file showing example entries for Column A (Device Serial Number), Column B (Windows Product ID), and Column C (Hardware Hash).](images/msfb-autopilot-csv.png)
-
-When you add devices, you need to add them to an *Autopilot deployment group*. Use these groups to apply Autopilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an Autopilot deployment group.
-
-> [!NOTE]
-> You can only add devices to a group when you add devices to **Microsoft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again.
-
-**Add and group devices**
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Devices**.
-3. Click **Add devices**, navigate to the *.csv file and select it.
-4. Type a name for a new Autopilot deployment group, or choose one from the list, and then click **Add**. </br>
-If you don't add devices to a group, you can select the individual devices to apply a profile to. <br>
-![Screenshot of Add devices to a group dialog. You can create a new group, or select a current group.](images/add-devices.png)</br>
-
-5. Click the devices or Autopilot deployment group that you want to manage. You need to select devices before you can apply an Autopilot deployment profile. You can switch between seeing groups or devices by clicking **View groups** or **View devices**.
-
-**Apply Autopilot deployment profile**
-1. When you have devices selected, click **Autopilot deployment**.
-2. Choose the Autopilot deployment profile to apply to the selected devices.
-
-    > [!NOTE]
-    > The first time you use Autopilot deployment profiles, you'll need to create one. See [Create Autopilot profile](#create-autopilot-profile).
-
-3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
-
-## Manage Autopilot deployment profiles
-You can manage the Autopilot deployment profiles created in Microsoft Store. You can create a new profile, edit, or delete a profile.
-
-### Create Autopilot profile
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Devices**.
-3. Click **Autopilot deployment**, and then click **Create new profile**.
-4. Name the profile, choose the settings to include, and then click **Create**.</br>
-The new profile is added to the **Autopilot deployment** list.
-
-### Edit or delete Autopilot profile
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Devices**.
-3. Click **Autopilot deployment**, click **Edit your profiles**, and then choose the profile to edit.
-TBD: art
-4. Change settings for the profile, and then click **Save**.</br>
--or-</br>
-Click **Delete profile** to delete the profile.
-
-## Apply a different Autopilot deployment profile to devices
-After you've applied an Autopilot deployment profile to a device, if you decide to apply a different profile, you can remove the profile and apply a new profile.
-
-> [!NOTE]
-> The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
-
-## Autopilot device information file error messages
-Here's info on some of the errors you might see while working with Autopilot deployment profiles in **Microsoft Store for Business and Education**.
-
-| Message Id | Message explanation |
-| ---------- | ------------------- |
-| wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
-| wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003    | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You're over the limit! Divide this device data into multiple .csv files. |
-| wadp004    | Try that again. Something happened on our end. Waiting a bit might help. |
-| wadp005    | Check your .csv file with your device provider. One of the devices on your list has been claimed by another organization. |
-| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
-| wadp007    | Check the info for this device in your .csv file. The device is already registered in your organization. |
-| wadp008    | The device does not meet Autopilot Deployment requirements. |
-| wadp009    | Check with your device provider for an update .csv file. The current file doesn't work |
-| wadp010    | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file
diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md
deleted file mode 100644
index 950fe7b629..0000000000
--- a/store-for-business/app-inventory-management-microsoft-store-for-business.md
+++ /dev/null
@@ -1,206 +0,0 @@
----
-title: App inventory management for Microsoft Store for Business and Microsoft Store for Education (Windows 10)
-description: You can manage all apps that you've acquired on your Apps & Software page.
-ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.date: 05/24/2023
----
-
-# App inventory management for Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. 
-
-All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses.
-
-<!--- ![Image shows Inventory page in Microsoft Store for Business with status status options for an app.](images/wsfb-inventoryaddprivatestore.png) -->
-
-Microsoft Store for Business and Education shows this info for each app in your inventory:
-- Name
-- Last modified
-- Private store status
-- Available licenses
-- Supported devices
-- Access to actions for the app
-
-The last modified date tracks changes about the app as an item in your inventory. The last modified date changes when one of the following happens:
-- First purchase (the date you acquire the app from Microsoft Store for Business)
-- Purchase additional licenses
-- Assign license
-- Reclaim license
-- Refund order (applies to purchased apps, not free apps)
-
-The last modified date does not correspond to when an app was last updated in Microsoft Store. It tracks activity for that app, as an item in your inventory.
-
-## Find apps in your inventory
-
-There are a couple of ways to find specific apps, or groups of apps in your inventory.
-
-**Search** - Use the Search box to search for an app.<br>
-**Refine results** - Use **Refine results** to scope your list of apps by one or more of these app attributes:
-- **License type** - Online or offline licenses. For more info, see [Apps in Microsoft Store for Business](apps-in-microsoft-store-for-business.md#licensing-model).
-- **Supported devices** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory.
-- **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps.
-- **Product type** - Product categories, such as app, or game.
-- **Private store** - Whether or not the app is in the private store, or status if the app is being added or removed from private store.
-
-## Manage apps in your inventory
-Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table.
-
-| Action | Online-licensed app | Offline-licensed app |
-| ------ | ------------------- | -------------------- |
-| Assign to employees | ✔️ |  |
-| Add to private store | ✔️ |  |
-| Remove from private store | ✔️ |  |
-| View license details | ✔️ |  |
-| View product details | ✔️ | ✔️ |
-| Download for offline use | | ✔️ |
-
-The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
-
-## Assign apps
-For online-licensed apps, you can assign apps directly to people in your organization.  
-
-**To assign an app to an employee**
-
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
-2. Click **Manage**, and then choose **Inventory**.
-3. Find an app, click the ellipses, and then choose **Assign to people**.
-4. Type the email address for the employee that you're assigning the app to, and click **Confirm**.
-
-Employees will receive an email with a link that will install the app on their device. Click the link to start the Microsoft Store app, and then click **Install**. Also, in the Microsoft Store app, they can find the app under **My Library**.
-
-There are other options for distributing apps:
-- **Use a management tool** - If you use a management tool that supports Microsoft Store, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your management tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
-- **Distribute from private store** - You can also add apps to your private store, and let people get them on their own. For more information, see [Distribute apps from private store](#distribute-apps-from-private-store)
-
-## Distribute apps from private store
-Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
-
-### Add apps to your private store
-**To make an app in Apps & software available in your private store**
-
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
-2.  Click **Manage**, and then choose **Apps & software**.
-3.  Use **Refine results** to search for online-licensed apps under **License type**.
-4.  From the list of online-licensed apps, click the ellipses for the app you want, and then choose **Add to private store**.
-
-The value under **Private store** for the app will change to pending. It will take approximately thirty-six hours before the app is available in the private store.
-Employees can claim apps that admins added to the private store by doing the following.
-
-### Get and remove private store apps
-**To claim an app from the private store**
-
-1. Sign in to your computer with your Microsoft Entra credentials, and start the Microsoft Store app.
-2. Click the private store tab.
-3. Click the app you want to install, and then click **Install**.
-
-Another way to distribute apps is by assigning them to people in your organization.
-
-If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
-
-**To remove an app from the private store**
-
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
-2. Click **Manage**, and then choose **Products & services**.
-3. Find an app, click the ellipses, choose **Remove from private store**, and then click **Remove**.
-4. Choose the private store collection, and then under **In collection**, switch to **Off**.
-
-The app will still be in your inventory, but your employees will not have access to the app from your private store.
-
-### Private store availability
-On the details page for each app, you can directly assign an app to a user, or for apps in your private store, you can set **Private store availability**.
-
-**Private store availability** allows you to choose which groups of people can see an app in the private store:
-- No one - The app isn't in your private store
-- Everyone - The app is available to anyone in your organization
-- Specific groups - The app is available to all users in assigned security groups
-
-**To assign security groups to an app** 
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
-2. Click **Manage**, and then choose **Products & services**.
-3. Find an app, choose the ellipses, and then choose **View license details**.
-4. Click **Private store availability**, select **Specific groups**, and then click **Assign groups**. 
-5. Enter a name or email address for the security group you want to use, and then click **Add groups**.
-
-## Manage app licenses
-
-For each app in your inventory, you can view and manage license details. This give you another way to assign apps to people in your organization. It also allows you to reclaim app licenses after they've been assigned to people, or claimed by people in your organization.
-
-**To view license details**
-
-1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com).
-2. Click **Manage**, and then choose **Products & services**.
-3. Click an app you want to manage.
-4. On the app details page, you'll see the names of people in your organization who have installed the app and are using one of the licenses. From here, you can:
-
-    - Assign the app to other people in your organization.
-    - Reclaim app licenses.
-    - View app details.
-    - Add the app to your private store, if it is not in the private store.
-
-You can assign the app to more people in your organization, or reclaim licenses.
-
-**To assign an app to more people**
-
-- On the app page, click **Assign users**, type the email address for the person that you're assigning the app to, and click **Assign**.
-
-Microsoft Store updates the list of assigned licenses.
-
-**To reclaim licenses**
-
-- On the app page, choose the person you want to reclaim the license from, click the ellipses, and then click **Reclaim licenses**.
-
-Microsoft Store updates the list of assigned licenses.
-
-## Purchase additional licenses
-You can purchase additional licenses for apps in your Inventory.
-
-**To purchase additional app licenses**
-
-1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com)
-2. Click **Manage**, and then choose **Apps & software**.
-3. From **Apps & software**, click an app.
-4. On the app page, click **Buy more** for additional licenses, or click **Assign users** to manage your current licenses.
-
-You'll have a summary of current license availability.
-
-## <a href="" id="download-offline-licensed-apps"></a>Download offline-licensed app
-Offline licensing is a new feature in Windows 10 and allows apps to be deployed to devices that are not connected to the Internet. This means organizations can deploy apps when users or devices do not have connectivity to the Store.
-
-You can download offline-licensed apps from your inventory. You'll need to download these items:
-- App metadata
-- App package
-- App license
-- App framework
-
-For more information about online and offline licenses, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md#licensing-model).
-
-For more information about downloading offline-licensed apps, see [Download offline apps](distribute-offline-apps.md).
-
-## Manage products programmatically
-
-Microsoft Store for Business and Education provides a set of Admin management APIs. If you organization develops scripts or tools, these APIs allow Admins to programmatically manage items in **Apps & software**. For more information, see [REST API reference for Microsoft Store for Business](/windows/client-management/mdm/rest-api-reference-windows-store-for-business).
-
-You can download a preview PowerShell script that uses REST APIs. The script is available from PowerShell Gallery. You can use to the script to:
-- View items in inventory (**Apps & software**)
-- Manage licenses - assigning and removing
-- Perform bulk options using .csv files - this automates license management for customers with large numbers of licenses
-
-> [!NOTE]
-> The Microsoft Store for Business and Education Admin role is required to manage products and to use the MSStore module. This requires advanced knowledge of PowerShell.
diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md
deleted file mode 100644
index 4438a5efb2..0000000000
--- a/store-for-business/apps-in-microsoft-store-for-business.md
+++ /dev/null
@@ -1,81 +0,0 @@
----
-title: Apps in Microsoft Store for Business and Education (Windows 10)
-description: Microsoft Store for Business has thousands of apps from many different categories.
-ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Apps in Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Microsoft Store for Business and Education has thousands of apps from many different categories.
-
-These app types are supported in Microsoft Store for Business and Education:
-
-- Universal Windows apps for Windows 10
-- Universal Windows apps, by device: phone, Surface Hub, IoT, HoloLens
-
-Apps in your inventory will have at least one of these supported platforms listed for the app:
-
-- Windows 10 desktops
-- Windows 10 phones
-- Windows 10 xbox
-- Windows 10 IOT devices
-- Windows 10 servers
-- Windows 10 \*all devices\*
-- Windows 10 Surface Hub
-- Windows 10 HoloLens
-
-Apps that you acquire from Microsoft Store only work on Windows 10-based devices. Even though an app might list Windows 8 as its supported platform, that tells you what platform the app was originally written for. Apps developed for Windows 8, or Windows Phone 8 will work on Windows 10.
-
-Some apps are free, and some apps charge a price. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time.
-
-Some apps which are available to consumers in Microsoft Store might not be available to organizations in Microsoft Store for Business and Education. App developers can opt-out their apps, and they also need to meet eligibility requirements for Microsoft Store for Business and Education. For more information, see [Organizational licensing options](/windows/uwp/publish/organizational-licensing). 
-
-Line-of-business (LOB) apps are also supported using Microsoft Store. Admins can invite IT devs and ISVs to be LOB publishers. Apps developed by your LOB publishers that are submitted to Microsoft Store are only available to your organization. Once an administrator accepts an app submitted by one of their LOB publishers, the app can be distributed just like any other app. For more information, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
-
-## In-app purchases
-
-Some apps offer you the option to make in-app purchases. In-app purchases are not currently supported for apps that are acquired through Microsoft Store and distributed to employees.
-
-If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization's inventory.
-
-## <a href="" id="licensing-model"></a>Licensing model: online and offline licenses
-
-Microsoft Store supports two options to license apps: online and offline.
-
-### Online licensing
-Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user's Microsoft Entra identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
-
-Distribution options for online-licensed apps include the ability to:
-
-- Assign an app to employees.
-- Add an app to your private store, allowing employees to download the app.
-- Distribute through a management tool.
-
-### Offline licensing
-Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store. This model means organizations can deploy apps when users or devices do not have connectivity to Microsoft Store. Admins control whether or not offline apps are available in Microsoft Store with an offline app visibility setting. 
-
-You have the following distribution options for offline-licensed apps:
-
-- Include the app in a provisioning package, and then use it as part of imaging a device.
-- Distribute the app through a management tool.
-
-For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md
deleted file mode 100644
index db0e139ab0..0000000000
--- a/store-for-business/assign-apps-to-employees.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Assign apps to employees (Windows 10)
-description: Administrators can assign online-licensed apps to employees and students in their organization.
-ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/27/2023
----
-
-# Assign apps to employees
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.
-
-**To assign an app to an employee**
- 
-1.  Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Manage**, and then choose **Apps & software**.
-3.  Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
--OR-
-    Click the app, and then click **Assign User**.
-4.  Type the email address for the person you're assigning the app to, and click **Assign**.
-
-Employees will receive an email with a link that will install the app on their device. Click the link to start Microsoft Store app, and then click **Install**. Also, in Microsoft Store app, they can find the app under **My Library**.
-
- 
-
- 
-
-
-
-
-
diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md
deleted file mode 100644
index 08d60c558e..0000000000
--- a/store-for-business/billing-payments-overview.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Billing and payments overview
-description: Find topics about billing and payment support in Microsoft Store for Business.
-keywords: billing, payment methods, invoices, credit card, debit card
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Billing and payments
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Access invoices and managed your payment methods.
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Understand your invoice](billing-understand-your-invoice-msfb.md) | Information about invoices provided by Microsoft Store for Business.  |
-| [Understand billing profiles](billing-profile.md) | Information about billing profiles and how they relate to invoices.  |
-| [Payment methods](payment-methods.md) | Information about managing payment methods.  |
diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md
deleted file mode 100644
index 43924342b2..0000000000
--- a/store-for-business/billing-profile.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: Understand billing profiles
-description: Learn how billing profiles support invoices
-keywords: billing profile, invoices, charges, managed charges
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/23/2023
-ms.reviewer: 
----
-
-# Understand billing profiles
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices.
-
-Billing profiles include:
-
-- **Payment methods** – Credit cards or check/wire transfer
-- **Contact info** - Billing address and a contact name
-- **Permissions** – Permissions that allow you to change the billing profile, pay bills, or use the payment method on the billing profile to make purchases
-
-Use billing profiles to control your purchases and customize your invoice. A monthly invoice is generated for the products bought using the billing profile. You can customize the invoice such as update the purchase order number and email invoice preference.
-
-A billing profile is automatically created for your billing account during your first purchase. You can create new billing profiles to set up additional invoices when you make a purchase. For example, you use different billing profiles when you make purchases for each department in your organization. On your next billing date, you'll receive an invoice for each billing profile. 
-
-Roles on the billing profiles have permissions to control purchases, and view and manage invoices. Assign these roles to users who track, organize, and pay invoices like members of the procurement team in your organization. 
-
-## View billing profile
-**To view billing profiles**
-1. Sign in to [Microsoft Store for Business]( https://businessstore.microsoft.com/), or M365 admin center. 
-2. Select **Manage**, and then select **Billing and payments**. 
-3. Select **Billing profiles**, and then select a billing profile from the list to see details.
-    - On **Overview**, you can edit billing profile details, and turn on or off sending an invoice by email.
-    - On **Permissions**, you can assign roles to users to pay invoices.
-    - On **Azure credit balance**, Azure customers can see transaction balance history for the azure credits used by that billing profile.
-    - On **Azure credits**, Azure customers can see a list of Azure credits associated with that billing profile, and their expiration dates.
-
-## Need help? Contact us.
-If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
-
-If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com).
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
deleted file mode 100644
index 7a196272c8..0000000000
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ /dev/null
@@ -1,121 +0,0 @@
----
-title: Understand your Microsoft Customer Agreement invoice
-description: Learn how to read and understand your MCA bill
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
-ms.reviewer: 
----
-
-# Understand your Microsoft Customer Agreement invoice
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-The invoice provides a summary of your charges and provides instructions for payment. It's available for
-download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).
-
-## General invoice information
-
-Invoices are your bill from Microsoft. A few things to note:
-
-- **Invoice schedule** - You're invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
-- **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md)
-- **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace. 
-- **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill. 
-
-## Online invoice
-For Store for Business customers, invoices are also available online. A few things to note:
-- **Link to online invoice** - Available from your PDF invoice, and from an email notification.
-- **Invoice details** - Expandable view of the charges on your invoice, so you can see more details for each item.
-- **Pricing details** - Additional information including discounting and pricing details.
-- **Pay online** - Option to make a payment online from the invoice. 
-- **Azure cost management** - For Azure customers, online invoices include a link to Azure cost management. 
-
-**To view your online invoice**
-1. Sign in to [Microsoft Store for Business]( https://businessstore.microsoft.com/). 
-2. Select **Manage**, and then select **Billing and payments**. 
-3. Select an invoice from the list to view your online invoice. 
-
-## Detailed terms and descriptions of your invoice
-The following sections list the important terms that you see on your
-invoice and descriptions for each term.
-
-### Understand the invoice summary
-
-The **Invoice Summary** is on the top of the first page and shows information about your billing profile and how you pay.
-
-![Invoice summary section.](images/invoicesummary.png)
-
-
-| Term | Description |
-| --- | --- |
-| Sold to |Address of your legal entity, found in billing account properties|
-| Bill to |Billing address of the billing profile receiving the invoice, found in billing profile properties|
-| Billing Profile |The name of the billing profile receiving the invoice |
-| P.O. number |An optional purchase order number, assigned by you for tracking |
-| Invoice number |A unique, Microsoft-generated invoice number used for tracking purposes |
-| Invoice date |Date that the invoice is generated, typically five to 12 days after end of the Billing cycle. You can check your invoice date in billing profile properties.|
-| Payment terms |How you pay for your Microsoft bill. *Net 30 days* means you pay by following instructions on your invoice, within 30 days of the invoice date. |
-
-### Understand the billing summary
-The **Billing Summary**  shows the charges against the billing profile since the previous billing period, any credits that were applied, tax, and the total amount due.
-
-
-![Billing summary section.](images/billingsummary.png)
-
-| Term | Description |
-| --- | --- |
-| Charges|Total number of Microsoft charges for this billing profile since the last billing period |
-| Credits |Credits you received from returns |
-| Azure credits applied |Your Azure credits that are automatically applied to Azure charges each billing period |
-| Subtotal |The pre-tax amount due |
-| Tax |The type and amount of tax that you pay, depending on the country/region of your billing profile. If you don't have to pay tax, then you won't see tax on your invoice. |
-| Estimated total savings |The estimated total amount you saved from effective discounts. If applicable, effective discount rates are listed beneath the purchase line items in Details by Invoice Section. |
-
-### Understand your charges
-You'll see the charges, tax, and the total amount due. Azure customers will also see the amount of Azure credits applied. 
-
-`Total = Charges - Azure Credit + Tax`
-
-The details show the cost broken down by product order name. For Azure customers, this might be organized by invoice section. For more information about how invoice sections are used with Azure products, see [Understand invoice sections](/azure/billing/billing-mca-overview#understand-invoice-sections). 
-Within each product order, cost is broken down by service family.
-
-The total amount due for each service family is calculated by subtracting Azure credits from credits/charges and adding tax:
-
-`Total = Charges/Credits - Azure Credit + Tax`
-
-![Details by invoice section.](images/invoicesectiondetails.png)
-
-| Term |Description |
-| --- | --- |
-| Unit price | The effective unit price of the service (in pricing currency) that is used to the rate the usage. This is unique for a product, service family, meter, and offer. |
-| Qty | Quantity purchased or consumed during the billing period |
-| Charges/Credits | Net amount of charges after credits/refunds are applied |
-| Azure Credit | The amount of Azure credits applied to the Charges/Credits|
-| Tax rate | Tax rate(s) depending on country/region |
-| Tax amount | Amount of tax applied to purchase based on tax rate |
-| Total | The total amount due for the purchase |
-
-### How to pay
-At the bottom of the invoice, there are instructions for paying your bill. You can pay by wire or online. If you pay online, you can use a credit or debit card, or Azure credits, if applicable.
-
-### Publisher information
-If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.
-
-## Next steps
-If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/mca-understand-your-invoice).
-
-## Need help? Contact us.
-
-If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
-
-If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary).
diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
deleted file mode 100644
index 74d05180b7..0000000000
--- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Configure an MDM provider (Windows 10)
-description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses.
-ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Configure an MDM provider
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
-
-Your management tool needs to be installed and configured with Microsoft Entra ID, in the same directory that you are using for Store for Business. Once that's done, you can configure it to work with Store for Business
-
-**To configure a management tool in Microsoft Entra ID**
-
-1. Sign in to the Azure Portal as an Administrator.
-2. Click **Microsoft Entra ID**, and then choose your directory.
-4. Click **Mobility (MDM and MAM)**.  
-3. Click **+Add Applications**, find the application, and add it to your directory.
-
-After your management tool is added to your Microsoft Entra directory, you can configure it to work with Microsoft Store. You can configure multiple management tools - just repeat the following procedure.
-
-**To configure a management tool in Microsoft Store for Business**
-
-1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com)
-2. Click **Manage**, click **Settings**.
-3. Under **Distribute**, click **Management tools**.
-3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.**
-
-Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics:
-- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
-- [Manage apps from Microsoft Store for Business with Microsoft Configuration Manager](/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-
-For third-party MDM providers or management servers, check your product documentation.
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
deleted file mode 100644
index a7c0db425c..0000000000
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: Distribute apps using your private store (Windows 10)
-description: The private store is a feature in Microsoft Store for Business and Microsoft Store for Education that organizations receive during the signup process.
-ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Distribute apps using your private store
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
-
-You can make an app available in your private store when you acquire the app, or you can do it later from your inventory. Once the app is in your private store, employees can claim and install the app.
-
-**To acquire an app and make it available in your private store**
-
-1.  Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-
-2.  Click an app, choose the license type, and then click **Get the app** to acquire the app for your organization.
-
-    <!--- ![Image showing Distribute options for app in the Microsoft Store for Business.](images/wsfb-distribute.png) -->
-
-Microsoft Store adds the app to **Products and services**. Click **Manage**, **Apps & software** for app distribution options. 
-
-**To make an app in Apps & software available in your private store**
-
-1.  Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Manage**, and then choose **Products and services**.
-
-    <!--- ![Image showing Manage menu in Microsoft Store for Business.](images/wsfb-manageinventory.png) -->
-
-3.  Click on the application to open the application settings, then select **Private store availability**.
-4.  Select **Everyone** to make application available for all people in your organization.
-
-    <!--- ![Image showing options from Action for each app in Inventory.](images/wsfb-inventoryaddprivatestore.png) -->
-
->[!Note]
- > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be available in **Products & services** before adding it to your private store. For more information, see [Working with line-of-business apps](working-with-line-of-business-apps.md). 
-
-## Private store availability
-You can use security groups to scope which users can install an app from your private store. For more information, see [Private store availability](app-inventory-management-microsoft-store-for-business.md#private-store-availability).
-
-Employees can claim apps that admins added to the private store by doing the following.
-
-**To claim an app from the private store**
-
-1. Sign in to your computer with your Microsoft Entra credentials, and start Microsoft Store app.
-2. Click the **private store** tab.
-3. Click the app you want to install, and then click **Install**.
-
-
-## Related topics
-- [Manage access to private store](manage-access-to-private-store.md)
-- [Manage private store settings](manage-private-store-settings.md)
-- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
diff --git a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
deleted file mode 100644
index ed5f058ffe..0000000000
--- a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Distribute apps to your employees from the Microsoft Store for Business and Education (Windows 10)
-description: Distribute apps to your employees from Microsoft Store for Business or Microsoft Store for Education. You can assign apps to employees,or let employees install them from your private store.
-ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Distribute apps to your employees from Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Distribute apps using your private store](distribute-apps-from-your-private-store.md) | The private store is a feature in Microsoft Store that organizations and schools receive during the signup process. When admins add apps to the private store, all people in the organization can view and download the apps. Only apps with online licenses can be added to the private store. |
-| [Assign apps to employees](assign-apps-to-employees.md) | Admins can assign online-licensed apps to people in their organization. |
-| [Distribute apps with a management tool](distribute-apps-with-management-tool.md) |  Admins can configure a mobile device management (MDM) tool to synchronize your Microsoft Store inventory. Microsoft Store management tool services work with MDM tools to manage content. | 
-| [Distribute offline apps](distribute-offline-apps.md) | Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. This allows organizations to deploy apps to devices without connectivity to the Store. |
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
deleted file mode 100644
index 0d0f36b0db..0000000000
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: Distribute apps with a management tool (Windows 10)
-description: You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
-ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Distribute apps with a management tool
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
-
-Your MDM tool needs to be installed and configured in Microsoft Entra ID, in the same Microsoft Entra directory used with Microsoft Store.
-
-In Microsoft Entra management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Microsoft Entra ID, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) and [Manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business).
-
-Microsoft Store services provide:
-
--   Services for third-party MDM tools.
--   Synchronize app purchases and updates.
--   Synchronize metadata. For offline-licensed apps, also synchronize offline app package and offline licenses.
--   The ability to download offline-licensed apps from Store for Business.
-
-MDM tool requirements:
-
--   Must be a Microsoft Entra application to authenticate against the Store for Business services.
--   Must be configured in Microsoft Entra ID, and Microsoft Store.
--   Microsoft Entra identity is required to authorize Microsoft Store services.
-
-## Distribute offline-licensed apps
-
-If your vendor doesn't support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
-
-This diagram shows how you can use a management tool to distribute offline-licensed app to employees in your organization. Once synchronized from Store for Business, management tools can use the Windows Management framework to distribute applications to devices.
-
-![Image showing flow for distributing offline-licensed app from Microsoft Store for Business to employees in your organization.](images/wsfb-offline-distribute-mdm.png)
-
-## Distribute online-licensed apps
-
-This diagram shows how you can use a management tool to distribute an online-licensed app to employees in your organization. Once synchronized from Microsoft Store, management tools use the Windows Management framework to distribute applications to devices. For online-licensed applications, the management tool calls back to Microsoft Store management services to assign an application prior to issuing the policy to install the application.
-
-![Image showing flow for distributing online-licensed app from Microsoft Store for Business.](images/wsfb-online-distribute-mdm.png)
-
-## Related topics
-
-[Configure MDM Provider](configure-mdm-provider-microsoft-store-for-business.md)
-
-[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
deleted file mode 100644
index eefa9c7b90..0000000000
--- a/store-for-business/distribute-offline-apps.md
+++ /dev/null
@@ -1,82 +0,0 @@
----
-title: Distribute offline apps (Windows 10)
-description: Offline licensing is a new licensing option for Windows 10.
-ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Distribute offline apps
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
-
-## Why offline-licensed apps?
-
-Offline-licensed apps offer an alternative to online apps, and provide additional deployment options. Some reasons to use offline-licensed apps:
-
-- **You don't have access to Microsoft Store services** - If your employees don't have access to the Internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
-
-- **You use imaging to manage devices in your organization** - Offline-licensed apps can be added to images and deployed with Deployment Image Servicing and Management (DISM), or Windows Imaging and Configuration Designer (ICD).
-
-- **Your employees do not have Microsoft Entra accounts** - Microsoft Entra accounts are required for employees that install apps assigned to them from Microsoft Store or that claim apps from a private store.
-
-## Distribution options for offline-licensed apps
-
-You can't distribute offline-licensed apps directly from Microsoft Store. Once you download the items for the offline-licensed app, you have options for distributing the apps:
-
-- **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
-
-- **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](/windows/configuration/provisioning-packages/provisioning-packages).
-
-- **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
-
-  - [Manage apps from Microsoft Store for Business with Microsoft Configuration Manager](/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-  - [Manage apps from Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
-
-For third-party MDM providers or management servers, check your product documentation.
-
-## Download an offline-licensed app
-
-There are several items to download or create for offline-licensed apps. The app package and app license are required; app metadata and app frameworks are optional. This section includes more info on each item, and tells you how to download an offline-licensed app.
-
-- **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata.
-
-- **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
-
-- **App license** - App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
-
-- **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
-
-<a href="" id="download-offline-licensed-app"></a>**To download an offline-licensed app**
-
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**.
-3. Click **Settings**.
-4. Click **Shop**. Search for the **Shopping experience** section, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
-5. Click **Manage**. You now have access to download the appx bundle package metadata and license file.
-6. Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
-
-    - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional.
-    - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required.
-    - **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required.
-    - **To download an app framework**: Find the framework you need to support your app package, and click **Download**. This is optional.
-
-> [!NOTE]
-> You need the framework to support your app package, but if you already have a copy, you don't need to download it again. Frameworks are backward compatible.
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index 4d87a128eb..e29e3bfdae 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -37,7 +37,10 @@
         "tier2"
       ],
       "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Archive",
+      "is_archived": true,
+      "is_retired": true,
+      "ROBOTS": "NOINDEX,NOFOLLOW",
       "ms.author": "trudyha",
       "audience": "ITPro",
       "ms.service": "store-for-business",
@@ -65,7 +68,9 @@
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "alekyaj" 
+        "alekyaj",
+        "aditisrivastava07",
+        "padmagit77"
       ]
     },
     "fileMetadata": {},
diff --git a/store-for-business/education/TOC.yml b/store-for-business/education/TOC.yml
deleted file mode 100644
index edb38bce1a..0000000000
--- a/store-for-business/education/TOC.yml
+++ /dev/null
@@ -1,86 +0,0 @@
-- name: Microsoft Store for Education
-  href: ../index.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-  items: 
-    - name: What's new in Microsoft Store for Business and Education
-      href: ../whats-new-microsoft-store-business-education.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Sign up and get started
-      href: ../sign-up-microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-      items: 
-        - name: Microsoft Store for Business and Education overview
-          href: ../microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Prerequisites for Microsoft Store for Business and Education
-          href: ../prerequisites-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Sign up for Microsoft Store for Business or Microsoft Store for Education
-          href: /microsoft-store/sign-up-microsoft-store-for-business?toc=/microsoft-store/education/toc.json
-        - name: Roles and permissions in the Microsoft Store for Business and Education
-          href: ../roles-and-permissions-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: "Settings reference: Microsoft Store for Business and Education"
-          href: ../settings-reference-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Working with Microsoft Store for Education
-      href: /education/windows/education-scenarios-store-for-business?toc=/microsoft-store/education/toc.json
-    - name: Find and acquire apps
-      href: ../find-and-acquire-apps-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-      items: 
-        - name: Apps in the Microsoft Store for Business and Education
-          href: ../apps-in-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Acquire apps in the Microsoft Store for Business and Education
-          href: ../acquire-apps-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Working with line-of-business apps
-          href: ../working-with-line-of-business-apps.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: "Get Minecraft: Education Edition"
-      href: /education/windows/get-minecraft-for-education?toc=/microsoft-store/education/toc.json
-      items: 
-        - name: "For teachers: get Minecraft Education Edition"
-          href: /education/windows/teacher-get-minecraft?toc=/microsoft-store/education/toc.json
-        - name: "For IT administrators: get Minecraft Education Edition"
-          href: /education/windows/school-get-minecraft?toc=/microsoft-store/education/toc.json
-        - name: "Get Minecraft: Education Edition with Windows 10 device promotion"
-          href: /education/windows/get-minecraft-device-promotion?toc=/microsoft-store/education/toc.json
-    - name: Distribute apps to your employees from the Microsoft Store for Business and Education
-      href: ../distribute-apps-to-your-employees-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-      items: 
-        - name: Distribute apps using your private store
-          href: ../distribute-apps-from-your-private-store.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Assign apps to employees
-          href: ../assign-apps-to-employees.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Distribute apps with a management tool
-          href: ../distribute-apps-with-management-tool.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Distribute offline apps
-          href: ../distribute-offline-apps.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Manage products and services
-      href: ../manage-apps-microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-      items: 
-        - name: App inventory management for Microsoft Store for Business
-          href: ../app-inventory-management-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Manage app orders in Microsoft Store for Business and Education
-          href: ../manage-orders-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Manage access to private store
-          href: ../manage-access-to-private-store.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Manage private store settings
-          href: ../manage-private-store-settings.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Configure MDM provider
-          href: ../configure-mdm-provider-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Manage Windows device deployment with Windows Autopilot Deployment
-          href: ../add-profile-to-devices.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Microsoft Store for Business and Education PowerShell module - preview
-          href: ../microsoft-store-for-business-education-powershell-module.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
-          href: ../manage-mpsa-software-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Device Guard signing portal
-      href: ../device-guard-signing-portal.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-      items: 
-        - name: Add unsigned app to code integrity policy
-          href: ../add-unsigned-app-to-code-integrity-policy.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Sign code integrity policy with Device Guard signing
-          href: ../sign-code-integrity-policy-with-device-guard-signing.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Manage settings in the Microsoft Store for Business and Education
-      href: ../manage-settings-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-      items: 
-        - name: Update Microsoft Store for Business and Microsoft Store for Education account settings
-          href: ../update-microsoft-store-for-business-account-settings.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-        - name: Manage user accounts in Microsoft Store for Business and Education
-          href: ../manage-users-and-groups-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Troubleshoot Microsoft Store for Business
-      href: ../troubleshoot-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
-    - name: Notifications in Microsoft Store for Business and Education
-      href: ../notifications-microsoft-store-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json
diff --git a/store-for-business/find-and-acquire-apps-overview.md b/store-for-business/find-and-acquire-apps-overview.md
deleted file mode 100644
index 0226497186..0000000000
--- a/store-for-business/find-and-acquire-apps-overview.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Find and acquire apps (Windows 10)
-description: Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
-ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Find and acquire apps
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Apps in the Microsoft Store for Business and Education](apps-in-microsoft-store-for-business.md) | Store for Business and Education has thousands of apps from many different categories. |
-| [Acquire apps in the Microsoft Store for Business and Education](acquire-apps-microsoft-store-for-business.md) | You can acquire apps from the Microsoft Store for Business and Education for your employees. |
-| [Working with line-of-business apps](working-with-line-of-business-apps.md) | Your company can make line-of-business (LOB) applications available through Microsoft Store for Business and Education. These apps are custom to your company – they might be internal business apps, or apps specific to your business or industry. |
-
diff --git a/store-for-business/images/aadjwsfb.jpg b/store-for-business/images/aadjwsfb.jpg
deleted file mode 100644
index 428f1a26d4..0000000000
Binary files a/store-for-business/images/aadjwsfb.jpg and /dev/null differ
diff --git a/store-for-business/images/add-devices.png b/store-for-business/images/add-devices.png
deleted file mode 100644
index b8f274c600..0000000000
Binary files a/store-for-business/images/add-devices.png and /dev/null differ
diff --git a/store-for-business/images/autopilot-process.png b/store-for-business/images/autopilot-process.png
deleted file mode 100644
index 56c379fd5f..0000000000
Binary files a/store-for-business/images/autopilot-process.png and /dev/null differ
diff --git a/store-for-business/images/bank-account-icon.png b/store-for-business/images/bank-account-icon.png
deleted file mode 100644
index 664f8c7a6f..0000000000
Binary files a/store-for-business/images/bank-account-icon.png and /dev/null differ
diff --git a/store-for-business/images/billing-acct-roles.png b/store-for-business/images/billing-acct-roles.png
deleted file mode 100644
index 6977bef250..0000000000
Binary files a/store-for-business/images/billing-acct-roles.png and /dev/null differ
diff --git a/store-for-business/images/billingsummary.png b/store-for-business/images/billingsummary.png
deleted file mode 100644
index 9f45179ead..0000000000
Binary files a/store-for-business/images/billingsummary.png and /dev/null differ
diff --git a/store-for-business/images/edu-icon.png b/store-for-business/images/edu-icon.png
deleted file mode 100644
index 49009f7085..0000000000
Binary files a/store-for-business/images/edu-icon.png and /dev/null differ
diff --git a/store-for-business/images/invite-people.png b/store-for-business/images/invite-people.png
deleted file mode 100644
index b004d3ad7f..0000000000
Binary files a/store-for-business/images/invite-people.png and /dev/null differ
diff --git a/store-for-business/images/invoicesectiondetails.png b/store-for-business/images/invoicesectiondetails.png
deleted file mode 100644
index cdaac8423e..0000000000
Binary files a/store-for-business/images/invoicesectiondetails.png and /dev/null differ
diff --git a/store-for-business/images/invoicesummary.png b/store-for-business/images/invoicesummary.png
deleted file mode 100644
index c17e7f0713..0000000000
Binary files a/store-for-business/images/invoicesummary.png and /dev/null differ
diff --git a/store-for-business/images/license-assign-icon.png b/store-for-business/images/license-assign-icon.png
deleted file mode 100644
index 4a5daa933c..0000000000
Binary files a/store-for-business/images/license-assign-icon.png and /dev/null differ
diff --git a/store-for-business/images/lob-sku.png b/store-for-business/images/lob-sku.png
deleted file mode 100644
index 8637fd3f3d..0000000000
Binary files a/store-for-business/images/lob-sku.png and /dev/null differ
diff --git a/store-for-business/images/lob-workflow.png b/store-for-business/images/lob-workflow.png
deleted file mode 100644
index 954b787e6d..0000000000
Binary files a/store-for-business/images/lob-workflow.png and /dev/null differ
diff --git a/store-for-business/images/mc-ee-video-icon.png b/store-for-business/images/mc-ee-video-icon.png
deleted file mode 100644
index 61c8a0f681..0000000000
Binary files a/store-for-business/images/mc-ee-video-icon.png and /dev/null differ
diff --git a/store-for-business/images/mpsa-link.png b/store-for-business/images/mpsa-link.png
deleted file mode 100644
index 74f1496935..0000000000
Binary files a/store-for-business/images/mpsa-link.png and /dev/null differ
diff --git a/store-for-business/images/msfb-add-collection.png b/store-for-business/images/msfb-add-collection.png
deleted file mode 100644
index 0cf1a7d0af..0000000000
Binary files a/store-for-business/images/msfb-add-collection.png and /dev/null differ
diff --git a/store-for-business/images/msfb-autopilot-csv.png b/store-for-business/images/msfb-autopilot-csv.png
deleted file mode 100644
index d150ae4f42..0000000000
Binary files a/store-for-business/images/msfb-autopilot-csv.png and /dev/null differ
diff --git a/store-for-business/images/msfb-click-private-store.png b/store-for-business/images/msfb-click-private-store.png
deleted file mode 100644
index 35642c740e..0000000000
Binary files a/store-for-business/images/msfb-click-private-store.png and /dev/null differ
diff --git a/store-for-business/images/msfb-find-partner.png b/store-for-business/images/msfb-find-partner.png
deleted file mode 100644
index 23759cfb5f..0000000000
Binary files a/store-for-business/images/msfb-find-partner.png and /dev/null differ
diff --git a/store-for-business/images/msfb-products-services.png b/store-for-business/images/msfb-products-services.png
deleted file mode 100644
index 1ddba79518..0000000000
Binary files a/store-for-business/images/msfb-products-services.png and /dev/null differ
diff --git a/store-for-business/images/msfb-provider-list.png b/store-for-business/images/msfb-provider-list.png
deleted file mode 100644
index 2fbafca80f..0000000000
Binary files a/store-for-business/images/msfb-provider-list.png and /dev/null differ
diff --git a/store-for-business/images/msfb-ps-collection-idp.png b/store-for-business/images/msfb-ps-collection-idp.png
deleted file mode 100644
index ddd8907d6b..0000000000
Binary files a/store-for-business/images/msfb-ps-collection-idp.png and /dev/null differ
diff --git a/store-for-business/images/msfb-settings-icon.png b/store-for-business/images/msfb-settings-icon.png
deleted file mode 100644
index 1601965566..0000000000
Binary files a/store-for-business/images/msfb-settings-icon.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1709-app-request.png b/store-for-business/images/msfb-wn-1709-app-request.png
deleted file mode 100644
index e454aca9a9..0000000000
Binary files a/store-for-business/images/msfb-wn-1709-app-request.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1709-edge-ext.png b/store-for-business/images/msfb-wn-1709-edge-ext.png
deleted file mode 100644
index 15170ecfc3..0000000000
Binary files a/store-for-business/images/msfb-wn-1709-edge-ext.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1709-my-org.png b/store-for-business/images/msfb-wn-1709-my-org.png
deleted file mode 100644
index ecb47b6e8a..0000000000
Binary files a/store-for-business/images/msfb-wn-1709-my-org.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1709-o365-csp.png b/store-for-business/images/msfb-wn-1709-o365-csp.png
deleted file mode 100644
index b51d32923a..0000000000
Binary files a/store-for-business/images/msfb-wn-1709-o365-csp.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1709-o365-prepaid.png b/store-for-business/images/msfb-wn-1709-o365-prepaid.png
deleted file mode 100644
index 9bdb360a31..0000000000
Binary files a/store-for-business/images/msfb-wn-1709-o365-prepaid.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1709-search-result-sub-cat.png b/store-for-business/images/msfb-wn-1709-search-result-sub-cat.png
deleted file mode 100644
index de246824f5..0000000000
Binary files a/store-for-business/images/msfb-wn-1709-search-result-sub-cat.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1711-export-user.png b/store-for-business/images/msfb-wn-1711-export-user.png
deleted file mode 100644
index 61efc7307e..0000000000
Binary files a/store-for-business/images/msfb-wn-1711-export-user.png and /dev/null differ
diff --git a/store-for-business/images/msfb-wn-1801-products-services.png b/store-for-business/images/msfb-wn-1801-products-services.png
deleted file mode 100644
index dc98ffd2e4..0000000000
Binary files a/store-for-business/images/msfb-wn-1801-products-services.png and /dev/null differ
diff --git a/store-for-business/images/msft-accept-partner.png b/store-for-business/images/msft-accept-partner.png
deleted file mode 100644
index 6b04d822a4..0000000000
Binary files a/store-for-business/images/msft-accept-partner.png and /dev/null differ
diff --git a/store-for-business/images/office-logo.png b/store-for-business/images/office-logo.png
deleted file mode 100644
index 04d970bb47..0000000000
Binary files a/store-for-business/images/office-logo.png and /dev/null differ
diff --git a/store-for-business/images/perf-improvement-icon.png b/store-for-business/images/perf-improvement-icon.png
deleted file mode 100644
index 74be488894..0000000000
Binary files a/store-for-business/images/perf-improvement-icon.png and /dev/null differ
diff --git a/store-for-business/images/private-store-icon.png b/store-for-business/images/private-store-icon.png
deleted file mode 100644
index f09679693f..0000000000
Binary files a/store-for-business/images/private-store-icon.png and /dev/null differ
diff --git a/store-for-business/images/product-and-service-icon.png b/store-for-business/images/product-and-service-icon.png
deleted file mode 100644
index c18d3c8266..0000000000
Binary files a/store-for-business/images/product-and-service-icon.png and /dev/null differ
diff --git a/store-for-business/images/products-and-services-photoshop.png b/store-for-business/images/products-and-services-photoshop.png
deleted file mode 100644
index f20c074aeb..0000000000
Binary files a/store-for-business/images/products-and-services-photoshop.png and /dev/null differ
diff --git a/store-for-business/images/products-and-services-ppt.png b/store-for-business/images/products-and-services-ppt.png
deleted file mode 100644
index 9b4d77fb7c..0000000000
Binary files a/store-for-business/images/products-and-services-ppt.png and /dev/null differ
diff --git a/store-for-business/images/purchasing-roles.png b/store-for-business/images/purchasing-roles.png
deleted file mode 100644
index e45d9294f5..0000000000
Binary files a/store-for-business/images/purchasing-roles.png and /dev/null differ
diff --git a/store-for-business/images/security-groups-icon.png b/store-for-business/images/security-groups-icon.png
deleted file mode 100644
index 328a60837d..0000000000
Binary files a/store-for-business/images/security-groups-icon.png and /dev/null differ
diff --git a/store-for-business/images/sfb-allow-shop-setting.png b/store-for-business/images/sfb-allow-shop-setting.png
deleted file mode 100644
index 52320751ac..0000000000
Binary files a/store-for-business/images/sfb-allow-shop-setting.png and /dev/null differ
diff --git a/store-for-business/images/skype-icon-wn.png b/store-for-business/images/skype-icon-wn.png
deleted file mode 100644
index d9819ae0ae..0000000000
Binary files a/store-for-business/images/skype-icon-wn.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-distribute.png b/store-for-business/images/wsfb-distribute.png
deleted file mode 100644
index d0482f6ebe..0000000000
Binary files a/store-for-business/images/wsfb-distribute.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-firstrun.png b/store-for-business/images/wsfb-firstrun.png
deleted file mode 100644
index 2673567a1e..0000000000
Binary files a/store-for-business/images/wsfb-firstrun.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-inventory-viewlicense.png b/store-for-business/images/wsfb-inventory-viewlicense.png
deleted file mode 100644
index 9fafad1aff..0000000000
Binary files a/store-for-business/images/wsfb-inventory-viewlicense.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-inventory.png b/store-for-business/images/wsfb-inventory.png
deleted file mode 100644
index b060fb30e4..0000000000
Binary files a/store-for-business/images/wsfb-inventory.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-inventoryaddprivatestore.png b/store-for-business/images/wsfb-inventoryaddprivatestore.png
deleted file mode 100644
index bb1152e35b..0000000000
Binary files a/store-for-business/images/wsfb-inventoryaddprivatestore.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-landing.png b/store-for-business/images/wsfb-landing.png
deleted file mode 100644
index beae0b52af..0000000000
Binary files a/store-for-business/images/wsfb-landing.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-licenseassign.png b/store-for-business/images/wsfb-licenseassign.png
deleted file mode 100644
index 5904abb3b9..0000000000
Binary files a/store-for-business/images/wsfb-licenseassign.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-licensedetails.png b/store-for-business/images/wsfb-licensedetails.png
deleted file mode 100644
index 53e0f5c935..0000000000
Binary files a/store-for-business/images/wsfb-licensedetails.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-licensereclaim.png b/store-for-business/images/wsfb-licensereclaim.png
deleted file mode 100644
index 9f94cd3600..0000000000
Binary files a/store-for-business/images/wsfb-licensereclaim.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-manageinventory.png b/store-for-business/images/wsfb-manageinventory.png
deleted file mode 100644
index 9a544ddc21..0000000000
Binary files a/store-for-business/images/wsfb-manageinventory.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-offline-distribute-mdm.png b/store-for-business/images/wsfb-offline-distribute-mdm.png
deleted file mode 100644
index ec0e77a9a9..0000000000
Binary files a/store-for-business/images/wsfb-offline-distribute-mdm.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-onboard-1.png b/store-for-business/images/wsfb-onboard-1.png
deleted file mode 100644
index 012e91a845..0000000000
Binary files a/store-for-business/images/wsfb-onboard-1.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-onboard-2.png b/store-for-business/images/wsfb-onboard-2.png
deleted file mode 100644
index 2ff98fb1f7..0000000000
Binary files a/store-for-business/images/wsfb-onboard-2.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-onboard-3.png b/store-for-business/images/wsfb-onboard-3.png
deleted file mode 100644
index ed9a61d353..0000000000
Binary files a/store-for-business/images/wsfb-onboard-3.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-onboard-4.png b/store-for-business/images/wsfb-onboard-4.png
deleted file mode 100644
index d99185ddc6..0000000000
Binary files a/store-for-business/images/wsfb-onboard-4.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-onboard-5.png b/store-for-business/images/wsfb-onboard-5.png
deleted file mode 100644
index 68049f4425..0000000000
Binary files a/store-for-business/images/wsfb-onboard-5.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-onboard-7.png b/store-for-business/images/wsfb-onboard-7.png
deleted file mode 100644
index 38b7348b21..0000000000
Binary files a/store-for-business/images/wsfb-onboard-7.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-online-distribute-mdm.png b/store-for-business/images/wsfb-online-distribute-mdm.png
deleted file mode 100644
index 4b0f7cbf3a..0000000000
Binary files a/store-for-business/images/wsfb-online-distribute-mdm.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-paid-app-temp.png b/store-for-business/images/wsfb-paid-app-temp.png
deleted file mode 100644
index 89e3857d07..0000000000
Binary files a/store-for-business/images/wsfb-paid-app-temp.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-permissions-assignrole.png b/store-for-business/images/wsfb-permissions-assignrole.png
deleted file mode 100644
index de2e1785ba..0000000000
Binary files a/store-for-business/images/wsfb-permissions-assignrole.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-private-store-gpo.png b/store-for-business/images/wsfb-private-store-gpo.png
deleted file mode 100644
index 5e7fe44ec2..0000000000
Binary files a/store-for-business/images/wsfb-private-store-gpo.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-privatestore.png b/store-for-business/images/wsfb-privatestore.png
deleted file mode 100644
index 74c9f1690d..0000000000
Binary files a/store-for-business/images/wsfb-privatestore.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-privatestoreapps.png b/store-for-business/images/wsfb-privatestoreapps.png
deleted file mode 100644
index 1ddb543796..0000000000
Binary files a/store-for-business/images/wsfb-privatestoreapps.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-renameprivatestore.png b/store-for-business/images/wsfb-renameprivatestore.png
deleted file mode 100644
index c6db282581..0000000000
Binary files a/store-for-business/images/wsfb-renameprivatestore.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-settings-mgmt.png b/store-for-business/images/wsfb-settings-mgmt.png
deleted file mode 100644
index 2a7b590d19..0000000000
Binary files a/store-for-business/images/wsfb-settings-mgmt.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-settings-permissions.png b/store-for-business/images/wsfb-settings-permissions.png
deleted file mode 100644
index 63d04d270b..0000000000
Binary files a/store-for-business/images/wsfb-settings-permissions.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-wsappaddacct.png b/store-for-business/images/wsfb-wsappaddacct.png
deleted file mode 100644
index 5c0bd9a4ce..0000000000
Binary files a/store-for-business/images/wsfb-wsappaddacct.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-wsappprivatestore.png b/store-for-business/images/wsfb-wsappprivatestore.png
deleted file mode 100644
index 48d9f79892..0000000000
Binary files a/store-for-business/images/wsfb-wsappprivatestore.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-wsappsignin.png b/store-for-business/images/wsfb-wsappsignin.png
deleted file mode 100644
index c2c2631a94..0000000000
Binary files a/store-for-business/images/wsfb-wsappsignin.png and /dev/null differ
diff --git a/store-for-business/images/wsfb-wsappworkacct.png b/store-for-business/images/wsfb-wsappworkacct.png
deleted file mode 100644
index 5eb9035124..0000000000
Binary files a/store-for-business/images/wsfb-wsappworkacct.png and /dev/null differ
diff --git a/store-for-business/index.md b/store-for-business/index.md
deleted file mode 100644
index b018c5e595..0000000000
--- a/store-for-business/index.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Microsoft Store for Business and Education (Windows 10)
-description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school.
-ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: high
-ms.date: 05/24/2023
----
-
-# Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
-
-> [!NOTE]
->
-> - As of April 14, 2021, all apps that charge a base price above free are no longer available to buy in the Microsoft Store for Business and Education. If you've already bought a paid app, you can still use it, but no new purchases are possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you can't buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use from the private store. Apps with a base price of "free" are still available. This change doesn't impact apps in the Microsoft Store on Windows 10.
->
-> - Also as of April 14, 2021, you must sign in with your Microsoft Entra account before you browse Microsoft Store for Business and Education.
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Sign up and get started](sign-up-microsoft-store-for-business-overview.md) | IT admins can sign up for the Microsoft Store for Business and Education, and get started working with apps. |
-| [Find and acquire apps](find-and-acquire-apps-overview.md) | Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization. |
-| [Manage apps](manage-apps-microsoft-store-for-business-overview.md) | Manage settings and access to apps in Microsoft Store for Business and Education. |
-| [Device Guard signing portal](device-guard-signing-portal.md) | Device Guard signing is a Device Guard feature that is available in the Microsoft Store for Business and Education. It gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files. |
-| [Manage settings in the Microsoft Store for Business and Education](manage-settings-microsoft-store-for-business.md) | You can add users and groups, as well as update some of the settings associated with the Microsoft Entra tenant |
-| [Troubleshoot Microsoft Store for Business and Education](troubleshoot-microsoft-store-for-business.md) | Troubleshooting topics for Microsoft Store for Business and Education. |
diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md
deleted file mode 100644
index 7ebf151814..0000000000
--- a/store-for-business/manage-access-to-private-store.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Manage access to private store (Windows 10)
-description: You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
-ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.date: 05/24/2023
----
-
-# Manage access to private store
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
-> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-
-## Microsoft Store for Business tab removed
-
-In April 2023, the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. The Microsoft Store for Business tab will continue to be available on Hololens devices. Users will no longer be able to see products added to the private store within the Microsoft Store app and will need to go to the [Microsoft Store for Business](https://businessstore.microsoft.com/) website to access the private store.
-
-The [ApplicationManagement/RequirePrivateStoreOnly](/windows/client-management/mdm/policy-configuration-service-provider#ApplicationManagement_RequirePrivateStoreOnly) MDM policy and **Only display the private store within the Microsoft Store app** Group policy will block access to the Microsoft Store app entirely. With those policies in place, users may see one of the following errors in the Microsoft Store app.
-
-1. Microsoft Store is blocked + Check with your IT or system administrator + Report this problem + Code 0x700704E
-2. Try that again + Page could not be loaded. Please try that again + Refresh the page + Code 0x80131500
-3. This place is off-limits + Not sure how you got here, but there's nothing for you here. + Report this problem + Refresh this Page.
-
-## Manage private store access
-
-You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
-
-You can control the set of apps that are available to your employees and students, and not show the full set of applications that are in Microsoft Store. Using the private store with the Microsoft Store for Business and Education, admins can curate the set of apps that are available.
-
-The private store is a feature in Store for Business that organizations receive during the sign up process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab on the [Microsoft Store for Business site](https://businessstore.microsoft.com/store/private-store), and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
-
-## Related topics
-
-[Distribute apps using your private store](distribute-apps-from-your-private-store.md)\
-[Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
deleted file mode 100644
index ead437bd5b..0000000000
--- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Manage products and services in Microsoft Store for Business (Windows 10)
-description: Manage apps, software, devices, products and services in Microsoft Store for Business.
-ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Manage apps in Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**.
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Manage access to private store](manage-access-to-private-store.md) | You can manage access to your private store in Store for Business. |
-| [App inventory management for Microsoft Store for Business and Education](app-inventory-management-microsoft-store-for-business.md) | You can manage all apps that you've acquired on your **Apps & software** page. |
-| [Manage private store settings](manage-private-store-settings.md) | The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all employees in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store. |
-| [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) | For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Microsoft Store management tool services work with your third-party management tool to manage content. |
-| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. |
-| [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | Use PowerShell cmdlets to automate basic app license assignment.  |
-| [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | Software purchased with the Microsoft Products and Services Agreement (MPSA) can be managed in Microsoft Store for Business and Education. This allows customers to manage online software purchases in one location. |
diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md
deleted file mode 100644
index 22ae3cf389..0000000000
--- a/store-for-business/manage-orders-microsoft-store-for-business.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: Manage app orders in Microsoft Store for Business or Microsoft Store for Education (Windows 10)
-description: You can view your order history with Microsoft Store for Business or Microsoft Store for Education.
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
-ms.reviewer: 
----
-
-# Manage app orders in Microsoft Store for Business and Education
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.
-
-**Order history** lists orders in chronological order and shows:
-
-- Date ordered
-- Product name
-- Product publisher
-- Total cost
-- Order status.
-
-Click to expand an order, and the following info is available:
-
-- Who purchased the app
-- Order number
-- Quantity purchased
-- Cost breakdown
-- Links to view your invoice, buy more, or request a refund
-
-## Invoices
-
-Invoices for orders are available approximately 24 hours after your purchase. The link opens a .pdf that you can save for your records.
-
-## Refund an order
-
-Refunds work a little differently for free apps, and apps that have a price. In both cases, you must reclaim licenses before requesting a refund.
-
-**Refunds for free apps**
-
-For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory.
-
-**Refunds for apps that have a price**
-
-There are a few requirements for apps that have a price:
-
-- **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30.
-- **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization.
-- **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory.
-
-**To refund an order**
-
-Reclaim licenses, and then request a refund. If you haven't assigned licenses, start on step 5.
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then choose **Apps & software**.
-3. Find the app you want to refund, click the ellipses under **Actions**, and then choose **View license details**.
-4.  Select the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**.
-5. Click **Order history**, click the order you want to refund, and click **Refund order**.
-
-For free apps, the app will be removed from your inventory in **Apps & software**.
-
-For apps with a price, your payment option will be refunded with the cost of the app, and the app will be removed from your inventory.
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
deleted file mode 100644
index fe4d105828..0000000000
--- a/store-for-business/manage-private-store-settings.md
+++ /dev/null
@@ -1,115 +0,0 @@
----
-title: Manage private store settings (Windows 10)
-description: The private store is a feature in the Microsoft Store for Business and Microsoft Store for Education that organizations receive during the sign up process.
-ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.date: 05/24/2023
-ms.localizationpriority: medium
----
-
-# Manage private store settings
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.
-
-The name of your private store is shown on a tab in Microsoft Store app, or on [Microsoft Store for Business](https://businessstore.microsoft.com), or [Microsoft Store for Education](https://educationstore.microsoft.com).
-
-![Image showing Microsoft Store app with private store tab highlighted.](images/wsfb-wsappprivatestore.png)
-
-You can change the name of your private store in Microsoft Store.
-
-## Change private store name
-**To change the name of your private store**
-
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Settings**, click **Distribute**.
-3.  In the **Private store** section, click **Change**.
-4.  Type a new display name for your private store, and click **Save**.
-
-    ![Image showing Private store dialog used to change private store display name.](images/wsfb-renameprivatestore.png)
-
-## Private store collections
-You can create collections of apps within your private store. Collections allow you to group or categorize apps - you might want a group of apps for different job functions in your company, or classes in your school.
-
-**To add a Collection to your private store**
-
-You can add a collection to your private store from the private store, or from the details page for an app.
-
-**From private store**
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click your private store.</br>
-
-    ![Image showing private store name on Microsoft Store for Business store UI.](images/msfb-click-private-store.png)
-3. Click **Add a Collection**.</br>
-
-    ![Image showing Add a Collection.](images/msfb-add-collection.png)
-
-4. Type a name for your collection, and then click **Next**.
-5. Add at least one product to your collection, and then click **Done**. You can search for apps and refine results based on the source of the app, or the supported devices.
-
-> [!NOTE]
-> New collections require at least one app, or they will not be created.
-
-**From app details page**
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Products & services**.
-3. Under **Apps & software**, choose an app you want to include in a new collection.
-4. Under **Private Store Collections**, click **Add a collection**.
-
-    ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png)
-
-5. Type a name for your collection, and then click **Next**.
-6. Add at least one product to your collection, and then click **Done**.
-
-Currently, changes to collections will generally show within minutes in the Microsoft Store app on Windows 10. In some cases, it may take up an hour.
-
-## Edit Collections
-If you've already added a Collection to your private store, you can easily add and remove products, or rename the collection.
-
-**To add or remove products from a collection**
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click your private store.</br>
-
-    ![Image showing private store name on Microsoft Store for Business store UI.](images/msfb-click-private-store.png)
-
-3. Click the ellipses next to the collection name, and click **Edit collection**.
-4. Add or remove products from the collection, and then click **Done**.
-
-You can also add an app to a collection from the app details page.
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Products & services**.
-3. Under **Apps & software**, choose an app you want to include in a new collection.
-4. Under **Private Store Collections**, turn on the collection you want to add the app to.
-
-    ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png)
-
-## Private store performance
-We've recently made performance improvements for changes in the private store. This table includes common actions, and the current estimate for amount of time required for the change.
-
-| Action                                                 | Estimated time |
-| ------------------------------------------------------ | -------------- |
-| Add a product to the private store <br> - Apps recently added to your inventory, including line-of-business (LOB) apps and new purchases, will take up to 36 hours to add to the private store. That time begins when the product is purchased, or added to your inventory. <br> - It will take an additional 36 hours for the product to be searchable in private store, even if you see the app available from the private store tab. | - 15 minutes: available on private store tab <br> - 36 hours: searchable in private store <br> - 36 hours: searchable in private store tab |
-| Remove a product from private store |  - 15 minutes: private store tab <br> - 36 hours: searchable in private store |
-| Accept a new LOB app into your inventory (under **Products & services**) | - 15 minutes: available on private store tab <br> - 36 hours: searchable in private store |
-| Create a new collection | 15 minutes|
-| Edit or remove a collection | 15 minutes |
-| Create private store tab | 4-6 hours |
-| Rename private store tab | 4-6 hours |
diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md
deleted file mode 100644
index 7ae3789d4b..0000000000
--- a/store-for-business/manage-settings-microsoft-store-for-business.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Manage settings for Microsoft Store for Business and Microsoft Store for Education (Windows 10)
-description: You can add users and groups, as well as update some of the settings associated with the Microsoft Entra tenant.
-ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Manage settings for Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-You can add users and groups, as well as update some of the settings associated with the Microsoft Entra tenant.
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Update Microsoft Store for Business and Education account settings](update-microsoft-store-for-business-account-settings.md) | **Billing - Account profile**  in Microsoft Store for Business shows information about your organization that you can update. Payment options can be managed on **Billing - Payment methods**, and offline license settings can be managed on **Settings - Shop**. |
-| [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md) | Microsoft Store for Business manages permissions with a set of roles. You can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md) and to groups.|
-| [Understand your invoice](billing-understand-your-invoice-msfb.md) | Information on invoices for products and services bought under the Microsoft Customer Agreement.|
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
deleted file mode 100644
index 792c6de5e0..0000000000
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)
-description: Microsoft Store for Business and Microsoft Store for Education manages permissions with a set of roles. Currently, you can assign these roles to individuals in your organization, but not to groups.
-ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Manage user accounts in Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.
-
-<a name='why-azure-ad-accounts'></a>
-
-## Why Microsoft Entra accounts?
-For organizations planning to use the private store feature with Store for Business, we recommend that you also configure cloud domain join. This provides a seamless integration between the identity your admin and employees will use to sign in to Windows and Microsoft Store for Business.
-
-Microsoft Entra ID is an Azure service that provides identity and access management capabilities using the cloud. It is primarily designed to provide this service for cloud- or web-based applications that need to access your local Active Directory information. Microsoft Entra identity and access management includes:
-
-- Single sign-on to any cloud and on-premises web app.
-- Works with multiple platforms and devices.
-- Integrate with on-premises Active Directory.
-
-For more information on Microsoft Entra ID, see [About Office 365 and Microsoft Entra ID](/previous-versions//dn509517(v=technet.10)), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
-
-<a name='add-user-accounts-to-your-azure-ad-directory'></a>
-
-## Add user accounts to your Microsoft Entra directory
-If you created a new Microsoft Entra directory when you signed up for Store for Business, you'll have a directory set up with one user account - the global administrator. That global administrator can add user accounts to your Microsoft Entra directory. However, adding user accounts to your Microsoft Entra directory will not give those employees access to Store for Business. You'll need to assign Store for Business roles to your employees. For more information, see [Roles and permissions in the Store for Business.](roles-and-permissions-microsoft-store-for-business.md)
-
-You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://portal.azure.com/) to add user accounts to your Microsoft Entra directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
-
-For more information, see:
-- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users)
-- [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory)
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
deleted file mode 100644
index cc4aa9686d..0000000000
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ /dev/null
@@ -1,156 +0,0 @@
----
-title: Microsoft Store for Business and Education PowerShell module - preview
-description: Preview version of PowerShell module
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
-ms.date: 05/24/2023
-ms.reviewer: 
----
-
-# Microsoft Store for Business and Education PowerShell module - preview
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
-
-> [!NOTE]
-> This is a preview and not intended for production environments. For production environments, continue to use **Microsoft Store for Business and Education** or your MDM tool to manage licenses. The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
-
-You can use the PowerShell module to:
-- View items you've purchased - shown in **Products & services**
-- Manage licenses - assigning and removing
-- Perform bulk operations with .csv files - automates license management for customers with larger numbers of licenses
-
->[!NOTE]
->Assigning apps to groups is not supported via this module. Instead, we recommend leveraging the Microsoft Entra ID or [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview) Modules to save members of a group to a CSV file and follow instructions below on how to use CSV file to manage assignments.
-
-## Requirements
-To use the Microsoft Store for Business and Education PowerShell module, you'll need:
-- Administrator permission for the device
-- Admin role for Microsoft Store for Business and Education
-
-
-## Get started with Microsoft Store for Business and Education PowerShell module
-All of the **Microsoft Store for Business and Education** PowerShell cmdlets follow the *Verb*-MSStore*Noun* pattern to clearly indicate that they work with **Microsoft Store for Business and Education** PowerShell module. You will need to install the module on your Windows 10 device once and then import it into each PowerShell session you start.
-
-## Install Microsoft Store for Business and Education PowerShell module
-> [!NOTE]
-> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](https://www.microsoft.com/download/details.aspx?id=54616). The framework is included with Windows 10 by default).
-
-To install **Microsoft Store for Business and Education PowerShell** with PowerShellGet, run this command:
-
-```powershell
-# Install the Microsoft Store for Business and Education PowerShell module from PowerShell Gallery
-
-Install-Module -Name MSStore
-```
-
-## Import Microsoft Store for Business and Education PowerShell module into the PowerShell session
-Once you install the module on your Windows 10 device, you will need to then import it into each PowerShell session you start.
-
-```powershell
-# Import the MSStore module into this session
-
-Import-Module -Name MSStore
-```
-
-Next, authorize the module to call **Microsoft Store for Business and Education** on your behalf. This step is required once, per user of the PowerShell module.
-
-To authorize the PowerShell module, run this command. You'll need to sign-in with your work or school account, and authorize the module to access your tenant.
-
-```powershell
-# Grant MSStore Access to your Microsoft Store for Business and Education
-
-Grant-MSStoreClientAppAccess
-```
-You will be prompted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Microsoft Graph PowerShell cmdlets are loaded and ready to be used.
-
-## View items in Products and Services
-Service management should encounter no breaking changes as a result of the separation of Azure Service Management and **Microsoft Store for Business and Education PowerShell** preview.
-
-```powershell
-# View items in inventory (Apps & software)
-
-Get-MSStoreInventory
-```
-
->[!TIP]
->**Get-MSStoreInventory** won't return the product name for line-of-business apps. To get the product ID and SKU for a line-of-business app:
->
->1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com/).
->2. Click **Manage** and then choose **Apps & software**.
->3. Click the line-of-business app. The URL of the page will contain the product ID and SKU as part of the URL. For example:
->![Url after apps/ is product id and next is SKU.](images/lob-sku.png)
-
-## View people assigned to a product
-Most items in **Products and Services** in **Microsoft Store for Business and Education** need to be assigned to people in your org. You can view the people in your org assigned to a specific product by using these commands:
-
-```powershell
-# View products assigned to people
-
-Get-MSStoreSeatAssignments -ProductId 9NBLGGH4R2R6 -SkuId 0016
-```
-
-> [!Important]
-> Microsoft Store for Business and Education identifies Minecraft: Education Edition license types using a combination of Product ID and SKU ID. To manage license assignments for your Minecraft: Education Edition, you need to specify Product and SKU IDs for the licenses you want to manage in the cmdlet. The following table lists the Product and SKU IDs.
-
-
-| License Type | Product ID | SKU ID |
-| ------------ | -----------| -------|
-| Purchased through Microsoft Store for Business and Education with a credit card | CFQ7TTC0K5DR | 0001 |
-| Purchased through Microsoft Store for Business and Education with an invoice | CFQ7TTC0K5DR | 0004 |
-| Purchased through Microsoft Volume Licensing Agreement | CFQ7TTC0K5DR | 0002 |
-| Acquired through Windows 10 device promotion | CFQ7TTC0K5DR | 0005 |
-
-## Assign or reclaim products
-Once you have enumerated items in **Products and Service**, you can assign or reclaim licenses to and from people in your org.
-
-These commands assign a product to a user and then reclaim it.
-
-```powershell
-# Assign Product (Product ID and SKU ID combination) to a User (user@host.com)
-
-Add-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user@myorganization.onmicrosoft.com'
-
-# Reclaim a product (Product ID and SKU ID combination) from a User (user@host.com)
-
-Remove-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user@myorganization.onmicrosoft.com'
-```
-
-## Assign or reclaim a product with a .csv file
-You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for "Principal Names" (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
-
-**To assign or reclaim seats in bulk:**
-
-```powershell
-# Assign Product (Product ID and SKU ID combination) to a User (user@host.com)
-
-Add-MSStoreSeatAssignments  -ProductId 9NBLGGH4R2R6 -SkuId 0016 -PathToCsv C:\People.csv  -ColumnName UserPrincipalName
-
-# Reclaim a product (Product ID and SKU ID combination) from a User (user@host.com)
-
-Remove-MSStoreSeatAssignments  -ProductId 9NBLGGH4R2R6 -SkuId 0016 -PathToCsv C:\People.csv -ColumnName UserPrincipalName
-```
-
-## Uninstall Microsoft Store for Business and Education PowerShell module
-You can remove **Microsoft Store for Business and Education PowerShell** from your computer by running the following PowerShell Command.
-
-```powershell
-# Uninstall the MSStore Module
-
-Get-InstalledModule -Name "MSStore" -RequiredVersion 1.0 | Uninstall-Module
-```
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
deleted file mode 100644
index c0e3db882e..0000000000
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ /dev/null
@@ -1,389 +0,0 @@
----
-title: Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)
-description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps.
-ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
-ms.reviewer: 
-ms.pagetype: store
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Microsoft Store for Business and Microsoft Store for Education overview
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-> [!NOTE]
-> As of April 14th, 2021, only free apps are available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
-
-Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options. There will be no support for Microsoft Store for Business and Education on Windows 11.
-
-> [!IMPORTANT]
-> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.
-
-## Features
-Organizations or schools of any size can benefit from using Microsoft Store for Business or Microsoft Store for Education:
-
-- **Scales to fit the size of your business** - For smaller businesses, with Microsoft Entra accounts or Office 365 accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate Microsoft Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
-- **Bulk app acquisition** - Acquire apps in volume from Microsoft Store for Business.
-- **Centralized management** – Microsoft Store provides centralized management for inventory, billing, permissions, and order history. You can use Microsoft Store to view, manage and distribute items purchased from:
-    - **Microsoft Store for Business** – Apps acquired from Microsoft Store for Business
-    - **Microsoft Store for Education** – Apps acquired from Microsoft Store for Education
-    - **Office 365** – Subscriptions
-    - **Volume licensing** - Apps purchased with volume licensing
-- **Private store** - Create a private store for your business that's easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices. 
-- **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices:
-    - Distribute through Microsoft Store services. You can assign apps to individual employees, or make apps available to all employees in your private store.
-    - Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
-    - Offline licensing model allows you to distribute apps without connecting to Store services, and for managing images.
-- **Line-of-business apps** - Privately add and distribute your internal line-of-business apps using any of the distribution options.
-- **App license management**: Admins can reclaim and reuse app licenses. Online and offline licenses allow you to customize how you decide to deploy apps.
-- **Up-to-date apps** - Microsoft Store manages the update process for apps with online licenses. Apps are automatically updated so you are always current with the most recent software updates and product features. Store for Business apps also uninstall cleanly, without leaving behind extra files, for times when you need to switch apps for specific employees.
-- **Office app launcher** Office apps while working with Microsoft Store for Business. 
-- **Find a partner** – Search and find a Microsoft Partner who can assist you with Microsoft solutions for your business. 
-
-## Prerequisites
-
-You'll need this software to work with Store for Business and Education.
-
-### Required
-
-- Admins working with Store for Business and Education need a browser compatible with Microsoft Store running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, or current versions of Microsoft Edge, Chrome or Firefox. JavaScript must be supported and enabled.
-- Employees using apps from Store for Business and Education need at least Windows 10, version 1511 running on a PC or mobile device.
-
-Microsoft Entra accounts for your employees:
-
-- Admins need Microsoft Entra accounts to sign up for Store for Business and Education, and then to sign in, get apps, distribute apps, and manage app licenses. You can sign up for Microsoft Entra accounts as part of signing up for Store for Business and Education.
-- Employees need Microsoft Entra account when they access Store for Business content from Windows devices.
-- If you use a management tool to distribute and manage online-licensed apps, all employees will need a Microsoft Entra account
-- For offline-licensed apps, Microsoft Entra accounts are not required for employees.
-- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don't have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education. 
-
-For more information on Microsoft Entra ID, see [About Office 365 and Microsoft Entra ID](/previous-versions//dn509517(v=technet.10)), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
-
-### Optional
-
-While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. A couple of things to note about management tools:
-
-- Need to integrate with Windows 10 management framework and Microsoft Entra ID.
-- Need to sync with the Store for Business inventory to distribute apps.
-
-## How does the Store for Business and Education work?
-
-## Sign up!
-
-The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we'll quickly create an account for you. You must be a Global Administrator for your organization.
-
-## Set up
-
-After your admin signs up for the Store for Business and Education, they can assign roles to other employees in your company or school. The admin needs Microsoft Entra user Admin permissions to assign Microsoft Store for Business and Education roles. These are the roles and their permissions.
-
-| Permission | Account settings | Acquire apps | Distribute apps | Device Guard signing |
-| ---------- | ---------------- | ------------ | --------------- | -------------------- |
-| Admin | ✔️ | ✔️ | ✔️ |  |
-| Purchaser |  | ✔️ | ✔️ |  |
-| Device Guard signer |  |  |  | ✔️ |
-| Basic purchaser |  | ✔️ | ✔️ |  |
-
-> [!NOTE]
-> Currently, the Basic purchaser role is only available for schools using Microsoft Store for Education. For more information, see [Microsoft Store for Education permissions](/education/windows/education-scenarios-store-for-business?toc=%2fmicrosoft-store%2feducation%2ftoc.json#manage-domain-settings).
-
-In some cases, admins will need to add Microsoft Entra accounts for their employees. For more information, see [Manage user accounts and groups](manage-users-and-groups-microsoft-store-for-business.md).
-
-Also, if your organization plans to use a management tool, you'll need to configure your management tool to sync with Store for Business and Education.
-
-## Get apps and content
-
-Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time. 
-
-**App types** - These app types are supported in the Store for Business and Education:
-
-- Universal Windows Platform apps
-- Universal Windows apps, by device: Phone, Surface Hub, IOT devices, HoloLens
-
-Apps purchased from the Store for Business and Education only work on Windows 10 devices.
-
-Line-of-business (LOB) apps are also supported through Microsoft Store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization through Store for Business and Education. These apps can be distributed using the distribution methods discussed in this topic. For more information, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
-
-**App licensing model**
-
- Store for Business and Education supports two license options for apps: online and offline. **Online** licensing is the default licensing model and is similar to the licensing model for Microsoft Store. Online licensed apps require users and devices to connect to Microsoft Store services to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt in their apps for offline licensing when they submit them to the developer center.
-
-For more information, see [Apps in Microsoft Store for Business](apps-in-microsoft-store-for-business.md#licensing-model).
-
-## Distribute apps and content
-
-App distribution is handled through two channels, either through the Microsoft Store for Business, or using a management tool. You can use either, or both distribution methods in your organization.
-
-**Distribute with Store for Business and Education**:
-- Email link – After purchasing an app, Admins can send employees a link in an email message. Employees can click the link to install the app.
-- Curate private store for all employees – A private store can include content you've purchased from Microsoft Store for Business, and your line-of-business apps that you've submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
-- To use the options above users must be signed in with a Microsoft Entra account on a Windows 10 device. Licenses are assigned as individuals install apps. 
-
-**Using a management tool** – For larger organizations that want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options:
-- Scoped content distribution – Ability to scope content distribution to specific groups of employees.
-- Install apps for employees – Employees are not responsible for installing apps. Management tool installs apps for employees.
-
-Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps.
-
-For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
-
-## Manage Microsoft Store for Business settings and content
-
-Once you are signed up with the Business store and have purchased apps, Admins can manage Store for Business settings and inventory.
-
-**Manage Microsoft Store for Business settings**
-- Assign and change roles for employees or groups
-- Device Guard signing
-- Register a management server to deploy and install content
-- Manage relationships with LOB publishers
-- Manage offline licenses
-- Update the name of your private store
-
-**Manage inventory**
-- Assign app licenses to employees
-- Reclaim and reassign app licenses
-- Manage app updates for all apps, or customize updates for each app. Online apps will automatically update from the Store. Offline apps can be updated using a management server.
-- Download apps for offline installs
-
-For more information, see [Manage settings in the Store for Business](manage-settings-microsoft-store-for-business.md) and [Manage apps](manage-apps-microsoft-store-for-business-overview.md).
-
-## Supported markets
-
-Store for Business and Education is currently available in these markets.
-
-### Support for free and paid products
-
-- Afghanistan
-- Algeria
-- Andorra
-- Angola
-- Anguilla
-- Antigua and Barbuda
-- Argentina
-- Australia
-- Austria
-- Bahamas
-- Bahrain
-- Bangladesh
-- Barbados
-- Belgium
-- Belize
-- Bermuda
-- Benin
-- Bhutan
-- Bolivia
-- Bonaire
-- Botswana
-- Brunei Darussalam
-- Bulgaria
-- Burundi
-- Cambodia
-- Cameroon
-- Canada
-- Cayman Islands
-- Chile
-- Colombia
-- Comoros
-- Costa Rica
-- Côte D'ivoire
-- Croatia
-- Curçao
-- Cyprus
-- Czech Republic
-- Denmark
-- Dominican Republic
-- Ecuador
-- Egypt
-- El Salvador
-- Estonia
-- Ethiopia
-- Faroe Islands
-- Fiji
-- Finland
-- France
-- French Guiana
-- French Polynesia
-- Germany
-- Ghana
-- Greece
-- Greenland
-- Guadeloupe
-- Guatemala
-- Honduras
-- Hong Kong SAR
-- Hungary
-- Iceland
-- Indonesia
-- Iraq
-- Ireland
-- Israel
-- Italy
-- Jamaica
-- Japan
-- Jersey
-- Jordan
-- Kenya
-- Kuwait
-- Laos
-- Latvia
-- Lebanon
-- Libya
-- Liechtenstein
-- Lithuania
-- Luxembourg
-- Madagascar
-- Malawi
-- Malaysia
-- Maldives
-- Mali
-- Malta
-- Marshall Islands
-- Martinique
-- Mauritius
-- Mayotte
-- Mexico
-- Mongolia
-- Montenegro
-- Morocco
-- Mozambique
-- Myanamar
-- Namibia
-- Nepal
-- Netherlands
-- New Caledonia
-- New Zealand
-- Nicaragua
-- Nigeria
-- North Macedonia
-- Norway
-- Oman
-- Pakistan
-- Palestinian Authority
-- Panama
-- Papua New Guinea
-- Paraguay
-- Peru
-- Philippines
-- Poland
-- Portugal
-- Qatar
-- Republic of Cabo Verde
-- Reunion
-- Romania
-- Rwanda
-- Saint Kitts and Nevis
-- Saint Lucia
-- Saint Martin
-- Saint Vincent and the Grenadines
-- San marino
-- Saudi Arabia
-- Senegal
-- Serbia
-- Seychelles
-- Singapore
-- Sint Maarten
-- Slovakia
-- Slovenia
-- South Africa
-- Spain
-- Sri Lanka
-- Suriname
-- Sweden
-- Switzerland
-- Tanzania
-- Thailand
-- Timor-Leste
-- Togo
-- Tonga
-- Trinidad and Tobago
-- Tunisia
-- Türkiye
-- Turks and Caicos Islands
-- Uganda
-- United Arab Emirates
-- United Kingdom
-- United States
-- Uruguay
-- Vatican City
-- Viet Nam
-- Virgin Islands, U.S.
-- Zambia
-- Zimbabwe
-
-
-### Support for free apps
-Customers in these markets can use Microsoft Store for Business and Education to acquire free apps:
-- Russia 
-
-### Support for free apps and Minecraft: Education Edition
-Customers in these markets can use Microsoft Store for Business and Education to acquire free apps and Minecraft: Education Edition:  
-- Albania
-- Aremenia
-- Azerbaijan
-- Belarus
-- Bosnia and Herzegovina
-- Brazil
-- Georgia
-- India
-- Isle of Man
-- Kazakhstan
-- Korea
-- Monaco
-- Republic of Moldova
-- Taiwan
-- Tajikistan
-- Ukraine 
-
-### Support to only manage products
-Customers in these markets can use Microsoft Store for Business and Education only to manage products that they've purchased from other channels. For example, they might have purchased products through Volume Licensing Service Center. However, they can't purchase apps directly from Microsoft Store for Business and Education. 
-- Puerto Rico
-
-This table summarize what customers can purchase, depending on which Microsoft Store they are using. 
-
-| Store | Free apps | Minecraft: Education Edition |
-| ----- | --------- | ---------------------------- |
-| Microsoft Store for Business | supported | not supported |
-| Microsoft Store for Education | supported | supported; invoice payment required |
-
-> [!NOTE]
-> **Microsoft Store for Education customers with support for free apps and Minecraft: Education Edition**
-> - Admins can acquire free apps from **Microsoft Store for Education**.
-> - Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](/education/windows/school-get-minecraft#invoices). 
-> - Teachers, or people with the Basic Purchaser role, can acquire free apps, but not **Minecraft: Education Edition**. 
-
-## Privacy notice
-
-Store for Business and Education services get names and email addresses of people in your organization from Microsoft Entra ID. This information is needed for these admin functions:
-- Granting and managing permissions
-- Managing app licenses 
-- Distributing apps to people (names appear in a list that admins can select from)
-
-Store for Business and Education does not save names, or email addresses.
-
-Your use of Store for Business and Education is also governed by the [Microsoft Store for Business and Education Services Agreement](https://businessstore.microsoft.com/servicesagreement). 
-
-Information sent to Store for Business and Education is subject to the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement/).
-
-## <a href="" id="isv-wsfb"></a>ISVs and Store for Business and Education
-
-Developers in your organization, or ISVs can create content specific to your organization. In Store for Business and Education, we call these line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this:
-- Admin invites devs to be LOB publishers for your organization. These devs can be internal devs, or external ISVs.
-- LOB publishers accept the invitation, develop apps, and submits the app to the Windows Dev Center. LOB publishers use Enterprise associations when submitting the app to make the app exclusive to your organization.
-- Admin adds the app to Microsoft Store for Business or Microsoft Store for Education inventory.
-
-Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in Store for Business and Education. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in Store for Business and Education will work only on Windows 10.
-
-For more information on line-of-business apps, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md
deleted file mode 100644
index e1edf848cc..0000000000
--- a/store-for-business/notifications-microsoft-store-business.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Notifications in Microsoft Store for Business and Education (Windows 10)
-description: Notifications alert you to issues or outages with Microsoft Store for Business and Education.
-keywords: notifications, alerts
-ms.assetid: 
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Notifications in Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store. 
-
-## Notifications for admins
-
-| Store area | Notification message | Customer impact |
-| ---------- | -------------------- | --------------- |
-| General | We're on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Microsoft Entra outage. |
-| Manage | We're on it. Something happened on our end with management for apps and software. We're working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history.  |
-| Shop | We're on it. Something happened on our end with purchasing. We're working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
-| Private store | We're on it. Something happened on our end with your organization's private store. People in your organization can't download apps right now. We're working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
-| Acquisition and licensing | We're on it. People in your org might not be able to install or use certain apps. We're working to fix the problem. | People in your org might not be able to claim a license from your private store. |
-| Partner | We're on it. Something happened on our end with Find a Partner. We're working to fix the problem. | You might not be able to search for a partner.  |
diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md
deleted file mode 100644
index 0e5b708958..0000000000
--- a/store-for-business/payment-methods.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Payment methods for commercial customers
-description: Learn what payment methods are available in Store for Business and M365 admin center
-keywords: payment method, credit card, debit card, add credit card, update payment method
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
-ms.reviewer: 
----
-
-# Payment methods
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
-- VISA
-- MasterCard
-- Discover
-- American Express
-- Japan Commercial Bureau (JCB)
-
-> [!NOTE]
-> Not all cards available in all countries/regions. When you add a payment option, Microsoft Store for Business shows which cards are available in your region.
-
-## Add a payment method
-
-**To add a new payment option**
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
-2. Select **Manage**, select **Billing & payments**, and then select **Payments methods**.
-3. Select **Add a payment options**, and then select the type of credit card that you want to add.
-4. Add information to required fields, and then select **Add**.
-
-Once you select **Add**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any issues.
-
-> [!NOTE]
-> When adding credit or debit cards, you may be prompted to enter a CVV. The CVV is only used for verification purposes and is not stored in our systems after validation.
-
-## Edit payment method
-**To update a payment option**
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, click **Billing & payments**, and then click **Payments methods**.
-3. Select the payment option that you want to update, select the ellipses, and then choose **Edit payment method**.
-4. Enter any updated information in the appropriate fields, and then se;ect**Save**.
-
-Once you click **Update**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems.
-
-> [!NOTE]
-> Certain actions, like updating or adding a payment option, require temporary "test authorization" transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md
deleted file mode 100644
index ac4b271b5d..0000000000
--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: Prerequisites for Microsoft Store for Business and Education (Windows 10)
-description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
-ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Prerequisites for Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-> [!NOTE]
-> As of April 14th, 2021, only free apps are available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
-
-> [!IMPORTANT]
-> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.
-
-There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
-
-## Prerequisites
-
-You'll need this software to work with Microsoft Store for Business or Education.
-
-### Required
-
--   IT Pros that are administering Microsoft Store for Business and Education need a browser compatible with Microsoft Store for Business and Education running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox. Javascript needs to be supported and enabled. 
--   Employees using apps from Microsoft Store for Business and Education need at least Windows 10, version 1511 running on a PC or mobile device.
-
-Microsoft Entra ID or Office 365 accounts for your employees:
--   IT Pros need Microsoft Entra ID or Office 365 accounts to sign up for Microsoft Store for Business and Education, and then to sign in, get apps, distribute apps, and manage app licenses.
--   Employees need Microsoft Entra accounts when they access Microsoft Store for Business or Education content from Windows-based devices.
--   If you use a management tool to distribute and manage online-licensed apps, all employees will need a Microsoft Entra account.
-
-For more information on Microsoft Entra ID, see [About Office 365 and Microsoft Entra ID](/previous-versions//dn509517(v=technet.10)), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
-
-### Optional
-
-While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. If you're considering using management tools, check with the management tool vendor to see if they support Microsoft Store for Business and Education. The management tool will need to:
-
--   Integrate with the Windows 10 management framework and Microsoft Entra ID.
--   Sync with Microsoft Store for Business and Education inventory to distribute apps.
-
-## Proxy configuration
-
-If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs:
-
-- `login.live.com`
-- `login.windows.net`
-- `account.live.com`
-- `clientconfig.passport.net`
-- `windowsphone.com`
-- `*.wns.windows.com`
-- `*.microsoft.com`
-- `*.s-microsoft.com`
-- `www.msftncsi.com` (prior to Windows 10, version 1607)
-- `www.msftconnecttest.com/connecttest.txt` (replaces `www.msftncsi.com` starting with Windows 10, version 1607)
- 
-Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps.
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
deleted file mode 100644
index 368df86b94..0000000000
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ /dev/null
@@ -1,125 +0,0 @@
----
-title: Microsoft Store for Business and Education release history
-description: Know the release history of Microsoft Store for Business and Microsoft Store for Education.
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.date: 01/11/2024
-ms.reviewer: 
----
-
-# Microsoft Store for Business and Education release history
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-
-Because Microsoft Store for Business and Education will be retired, we no longer release new and improved features. Here's a summary of new or updated features in previous releases.
-
-Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
-
-## January 2024
-
-**Removal of private store capability from Microsoft Store for Business and Education**
-
-The private store tab and associated functionality was removed from the Microsoft Store for Business and Education portal. This includes the ability to add apps to private groups and to download and install apps from the private store.  
-
-We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
-
-## May 2023
-
-**Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs**
-
-The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
-
-Users on Windows 10 PCs can no longer do the following tasks:
-
-- see Line of Business (LOB) products listed in the Microsoft Store for Business tab
-- acquire or install [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps)
-- assign licenses for existing [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) using the Store for Business portal or Store for Business app
-
-[Offline app](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) distribution and licensing scenarios aren't impacted by this change.
-
-We recommend that you add your apps through the new Microsoft Store app experience in Intune. If an app isn’t available in the Microsoft Store, you must retrieve an app package from the vendor and install it as an LOB app or Win32 app. For instructions, read the following articles:
-
-- [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
-- [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
-- [Add, assign, and monitor a Win32 app in Microsoft Intune](/mem/intune/apps/apps-win32-add)
-
-Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
-
-## April 2023
-
-- **Tab removed from Microsoft Store apps on Windows 11 PCs** – The Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. [Get more info](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed)
-
-## October 2018
-
-- **Use security groups with Private store apps** - On the details page for apps in your private store, you can set Private store availability. This allows you to choose which security groups can see an app in the private store. [Get more info](app-inventory-management-microsoft-store-for-business.md)
-
-## September 2018
-
-- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](/microsoft-store/manage-private-store-settings#private-store-performance)
-
-## August 2018
-- **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](./acquire-apps-microsoft-store-for-business.md#allow-app-requests)
-
-## July 2018
-
-- Bug fixes and performance improvements.
-
-## June 2018
-
-- **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection.
-- **Performance improvements in private store** - We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. [Get more info](./manage-private-store-settings.md#private-store-performance)
-
-## May 2018
-
-- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.  
-
-## April 2018
-
-- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We'll figure out who's in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we'll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
-- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. 
-- **Office 365 subscription management** -  We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
-
-## March 2018
-
-- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](./manage-private-store-settings.md#private-store-performance)
-- **Private store collection updates** - We've made it easier to find apps when creating private store collections – now you can search and filter results. 
- [Get more info](./manage-private-store-settings.md#private-store-collections) 
-- **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
-- **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.
-
-## January and February 2018
-
-- **One place for apps, software, and subscriptions** - The new **Products &amp; services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services.
-- **Create collections of apps in your private store** - Use **collections** to customize your private store. Collections allow you to create groups of apps that are commonly used in your organization or school -- you might create a collection for a Finance department, or a 6th-grade class. [Get more info](./manage-private-store-settings.md#private-store-collections)
-- **Upgrade Office 365 trial subscription** - Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal.
-- **Supporting Microsoft Product and Services Agreement customers** - If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details.
-- **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role.
-
-## December 2017
-
-- Bug fixes and performance improvements.
-
-## November 2017
-
-- **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
-
-## October 2017
-
-- Bug fixes and performance improvements.
-
-## September 2017
-
-- **Manage Windows device deployment with Windows Autopilot Deployment** - In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device. [Get more info](add-profile-to-devices.md)
-- **Request an app** - People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](./acquire-apps-microsoft-store-for-business.md#acquire-apps)
-- **My organization** - **My organization** shows you all Agreements that apply to your organization. You can also update profile info for you org, such as mailing address and email associated with your account.
-- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redeeming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
-- **Manage Office 365 subscriptions acquired by partners** - Office 365 subscriptions purchased for your organization by a partner or reseller can be managed in Microsoft Store for Business. Admins can assign and manage licenses for these subscriptions.
-- **Edge extensions in Microsoft Store** - Edge Extensions are now available from Microsoft Store! You can acquire and distribute them from Microsoft Store for Business just like any other app.
-- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.
diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
deleted file mode 100644
index 842c7e3e8e..0000000000
--- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md
+++ /dev/null
@@ -1,103 +0,0 @@
----
-title: Roles and permissions in Microsoft Store for Business and Education (Windows 10)
-description: The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Microsoft Entra tenant. Once the Global Admin has signed in, they can give permissions to others employees.
-keywords: roles, permissions
-ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Roles and permissions in Microsoft Store for Business and Education
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-> [!NOTE]
-> As of April 14th, 2021, only free apps are available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
-
-The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Microsoft Entra tenant. Once the Global Admin has signed in, they can give permissions to others employees.
-
-Microsoft Store for Business and Education has a set of roles that help admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Microsoft Entra account to access the Store. Global Administrators and global user accounts that are used with other Microsoft services, such as Azure, or Office 365 can sign in to Microsoft Store. Global user accounts have some permissions in Microsoft Store, and Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store.
-
-## Global user account permissions in Microsoft Store
-
-This table lists the global user accounts and the permissions they have in Microsoft Store.
-
-|| Global Administrator | Billing Administrator |
-| ------------------------------ | --------------------- | --------------------- |
-| **Sign up for Microsoft Store for Business and Education** |  ✔️       | ✔️             |
-| **Modify company profile settings** | ✔️                    | ✔️                     |
-| **Purchase apps**                  |  ✔️                    | ✔️                     |
-| **Distribute apps**                |  ✔️                    | ✔️                     |
-| **Purchase subscription-based software**  |  ✔️             | ✔️                     |
-
-- **Global Administrator** and **Billing Administrator** - IT Pros with these accounts have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
-
-## Microsoft Store roles and permissions
-
-Microsoft Store for Business has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Microsoft Entra account to access Microsoft Store.
-
-This table lists the roles and their permissions.
-
-|| Admin | Purchaser | Device Guard signer |
-| ------------------------------ | ------ | --------  | ------------------- |
-| **Assign roles**                   | ✔️      |           |                     |
-| **Manage Microsoft Store for Business and Education settings** |  ✔️ |           |                     |
-| **Acquire apps**                   | ✔️      | ✔️         |                     |
-| **Distribute apps**                | ✔️      | ✔️         |                     |
-| **Sign policies and catalogs**     | ✔️      |           |                     |
-| **Sign Device Guard changes**      | ✔️      |           |  ✔️                   |
-
-These permissions allow people to:
-
-- **Manage Microsoft Store settings**:
-    - Account information (view only)
-    - Device Guard signing
-    - LOB publishers
-    - Management tools
-    - Offline licensing
-    - Permissions
-    - Private store
-
-- **Acquire apps** - Acquire apps from Microsoft Store and add them to your inventory.
-
-- **Distribute apps** - Distribute apps that are in your inventory.
-    - Admins can assign apps to people, add apps to the private store, or use a management tool.
-    - Purchasers can assign apps to people.
-
-**To assign roles to people**
-
-1. Sign in to Microsoft Store for Business or Microsoft Store for Education.
-
-    >[!Note]
-    >You need to be a Global Administrator, or have the Microsoft Store Admin role to access the **Permissions** page.
-
-    To assign roles, you need to be a Global Administrator or a Store Administrator.
-
-2. Click **Settings**, and then choose **Permissions**.
-
-    OR
-
-    Click **Manage**, and then click **Permissions** on the left-hand menu.
-
-    <!--- ![Image showing Permissions page in Microsoft Store for Business.](images/wsfb-settings-permissions.png) -->
-
-3. Click **Add people**, type a name, choose the role you want to assign, and click **Save**.
-
-    <!--- ![Image showing Assign roles to people box in Microsoft Store for Business.](images/wsfb-permissions-assignrole.png) -->
-
-4. If you don't find the name you want, you might need to add people to your Microsoft Entra directory. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md).
diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md
deleted file mode 100644
index 365a4304f2..0000000000
--- a/store-for-business/settings-reference-microsoft-store-for-business.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Settings reference Microsoft Store for Business and Education (Windows 10)
-description: The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
-ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Settings reference: Microsoft Store for Business and Education
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
-
-| Setting              | Description  | Location under **Manage** |
-| -------              | -----------  | ------------------------------ |
-| Billing account information  | Manage organization information. For more information, see [Manage settings for the Microsoft Store for Business and Education](update-microsoft-store-for-business-account-settings.md).| **Billing accounts** |
-| Payment options  | Manage payment options. For more information, see [Manage settings for the Microsoft Store for Business and Education](payment-methods.md).| **Billing & payments - Payment methods** |
-| Private store | Update the name for your private store. The new name will be displayed on a tab in the Store. For more information, see [Manage private store settings](manage-private-store-settings.md). | **Settings - Distribute** |
-| Offline licensing  | Configure whether or not to make offline-licensed apps available in the Microsoft Store for Business and Education. For more information, see [Distribute offline apps](distribute-offline-apps.md). | **Settings - Shop** |
-| Allow users to shop  | Configure whether or not people in your organization or school can see and use the shop function in Store for Business or Store for Education. For more information, see [Allow users to shop](acquire-apps-microsoft-store-for-business.md#allow-users-to-shop). | **Settings - Shop** |
-| Make everyone a Basic Purchaser  | Allow everyone in your organization to automatically become a Basic Purchaser. This allows them to purchase apps and manage them. For more information, see [Make everyone a Basic Purchaser](/education/windows/education-scenarios-store-for-business#basic-purchaser-role). | **Settings - Shop** |
-| App request | Configure whether or not people in your organization can request apps for admins to purchase. For more information, see [Distribute offline apps](acquire-apps-microsoft-store-for-business.md). | **Settings - Shop** |
-| Management tools | Management tools that are synced with Microsoft Entra ID are listed on this page. You can choose one to use for managing app updates and distribution. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md). | **Settings - Distribute** |
-| Device Guard signing | Use the Device Guard signing portal to add unsigned apps to a code integrity policy, or to sign code integrity policies. For more information, see [Device Guard signing portal](device-guard-signing-portal.md). | **Settings - Devices**  |
-| Permissions   | Manage permissions for your employees. For more information, see [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md). | **Permissions - Roles**, **Permissions - Purchasing roles**, and **Permissions - Blocked basic purchasers** |
-| Line-of-business (LOB) publishers  | Invite devs to become LOB publishers for your organization. Existing LOB publishers are listed on the page, and you can deactivate or invite them again. For more information, see [Work with line-of-business apps](working-with-line-of-business-apps.md). | **Permissions - Line-of-business apps** |
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
deleted file mode 100644
index 0bd887f0d4..0000000000
--- a/store-for-business/sfb-change-history.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-title: Change history for Microsoft Store for Business and Education
-description: Summary of topic changes for Microsoft Store for Business and Microsoft Store for Education. 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-author: TrudyHa
-ms.author: TrudyHa
-ms.topic: conceptual
-ms.date: 3/2/2019
-ms.reviewer: 
-manager: dansimp
-ms.localizationpriority: medium
----
-
-# Change history for Microsoft Store for Business and Microsoft Store for Education  
-
-## March 2019
-
-| New or changed topic | Description |
-| --- | --- |
-| [Understand your Microsoft Customer Agreement invoice](billing-understand-your-invoice-msfb.md) | New topic |
-| [Understand billing profiles](billing-profile.md) | New topic |
-| [Payment methods](payment-methods.md) | New topic |
-| [Update Microsoft Store for Business and Microsoft Store for Education account settings](update-microsoft-store-for-business-account-settings.md) | Update with information on billing accounts. |
-| [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md) | Add info for purchasing roles and permissions. |
-
-## April 2018
-
-| New or changed topic | Description |
-| --- | --- |
-| [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store#a-href-idblock-store-group-policyablock-microsoft-store-using-group-policy) | Update on app updates when Microsoft Store is blocked. |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
-
-## March 2018
-
-| New or changed topic | Description |
-| --- | --- |
-| [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | New |
-| [Manage private store settings](manage-private-store-settings.md) | Update for adding private store performance improvements. |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
-| [Roles and permissions in Microsoft Store for Business](roles-and-permissions-microsoft-store-for-business.md) | Update |
-
-## February 2018
-
-| New or changed topic | Description |
-| --- | --- |
-| [Manage private store settings](manage-private-store-settings.md) | Update for adding private store collections. |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
-
-## November 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
-
-## October 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | Update. Add profile settings with supported build info.  |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
-
-## September 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | New |
-| [Acquire apps](acquire-apps-microsoft-store-for-business.md#acquire-apps) | New |
-| [Settings reference: Microsoft Store for Business and Education](manage-settings-microsoft-store-for-business.md) </br> and </br> [Update Microsoft Store for Business and Microsoft Store for Education account settings](update-microsoft-store-for-business-account-settings.md) | Updates for UI changes in **Settings**. |
-
-## July 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New |
-| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
-| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education.  |
-
-## June 2017
-
-| New or changed topic | Description |
-| -------------------- | ----------- |
-| [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. |
-| [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices.  |
-| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
deleted file mode 100644
index 7a1837372b..0000000000
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Sign up and get started (Windows 10)
-description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps.
-ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Sign up and get started
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
-
-> [!NOTE]
-> As of April 14th, 2021, only free apps are available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Microsoft Store for Business and Education overview](./microsoft-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
-| [Prerequisites for Microsoft Store for Business and Education](./prerequisites-microsoft-store-for-business.md) | There are a few prerequisites for using [Microsoft Store for Business and Education.](/microsoft-store/prerequisites-microsoft-store-for-business) |
-| [Roles and permissions in Microsoft Store for Business and Education](./roles-and-permissions-microsoft-store-for-business.md)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Microsoft Entra tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
-| [Settings reference: Microsoft Store for Business and Education](./settings-reference-microsoft-store-for-business.md) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md
deleted file mode 100644
index 80b2786116..0000000000
--- a/store-for-business/troubleshoot-microsoft-store-for-business.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-title: Troubleshoot Microsoft Store for Business (Windows 10)
-description: Troubleshooting topics for Microsoft Store for Business.
-ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Troubleshoot Microsoft Store for Business
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Troubleshooting topics for Microsoft Store for Business.
-
-## Can't find apps in private store
-
-The private store for your organization is a page in Microsoft Store app that contains apps that are private to your organization. After your organization acquires an app, your Store for Business admin can add it to your organization's private store. Your private store usually has a name that is close to the name of your organization or company. If you can't see your private store, there are a couple of things to check:
-
-- **No apps in the private store** - The private store page is only available in Microsoft Store on Windows 10 if there are apps added to your private store. You won't see your private store page with no apps listed on it. If your Microsoft Store for Business admin has added an app to the private store, and the private store page is still not available, they can check the private store status for the app on **Product & services - Apps**. If the status under **Private store** is **Add in progress**, wait and check back.
-- **Signed in with the wrong account** - If you have multiple accounts that you use in your organization, you might be signed in with the wrong account. Or, you might not be signed in. Use this procedure to sign in with your organization account.
-
-**To sign in with organization account in Microsoft Store app**
-
-1.  Click the people icon in Microsoft Store app, and click **Sign in**.
-
-    ![Sign in to Store app with a different account.](images/wsfb-wsappsignin.png)
-
-2.  Click **Add account**, and then click **Work or school account**.
-
-    ![Choose an account to use.](images/wsfb-wsappaddacct.png)
-
-3.  Type the email account and password, and click **Sign in**.
-
-    ![Sign in for work or school account.](images/wsfb-wsappworkacct.png)
-
-4.  You should see the private store for your organization. In our example, the page is named **Contoso publishing**.
-
-    ![Private store with name highlighted.](images/wsfb-wsappprivatestore.png)
-
-    Click the private store to see apps in your private store.
-
-    ![Private store for Contoso publishing.](images/wsfb-privatestoreapps.png)
-
-## Troubleshooting Microsoft Store for Business integration with Microsoft Configuration Manager
-
-If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration).
-
-## Still having trouble?
-
-If you are still having trouble using Microsoft Store or installing an app, Admins can sign in and look for topics on our **Support** page.
-   
-**To view Support page** 
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
-2.Choose **Manage**> **Support**. 
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
deleted file mode 100644
index 03b03469ee..0000000000
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ /dev/null
@@ -1,146 +0,0 @@
----
-title: Update your Billing account settings
-description: The billing account page in Microsoft Store for Business and Microsoft Store for Education, and M365 admin center shows information about your organization that you can update, including country or region, organization contact info, agreements with Microsoft and admin approvals.
-keywords: billing accounts, organization info
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Update Billing account settings
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-A billing account contains defining information about your organization.
-
-> [!NOTE]
-> Billing accounts are available in Microsoft Store for Business, and the Microsoft 365 admin center. For more information, see [Understand your Microsoft billing account](/microsoft-365/commerce/manage-billing-accounts).
-
-The **Billing account** page allows you to manage organization information, purchasing agreements that you have with Microsoft, and admin approvals. The organization information and payment options are required before you can shop for products that have a price.
-
-## Organization information
-
-We need your business address, email contact, and tax-exemption certificates that apply to your country/region or locale.
-
-### Business address and email contact
-
-Before purchasing apps that have a fee, you need to add or update your organization's business address, contact email address, and contact name.
-
-We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we'll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don't have an address, we'll ask you to enter it during your first purchase.
-
-We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization's Office 365 or Microsoft Entra tenant that is used with Microsoft Store.
-
-**To update billing account information**
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com)
-2. Select **Manage**, and then select  **Billing accounts**.
-3. On **Overview**, select **Edit billing account information**.
-4. Make your updates, and then select **Save**. 
-
-### Organization tax information
-Taxes for Microsoft Store for Business purchases are determined by your business address. Businesses in these countries/regions can provide their VAT number or local equivalent:
-- Austria
-- Belgium
-- Bulgaria
-- Croatia
-- Cyprus
-- Czech Republic
-- Denmark
-- Estonia
-- Finland
-- France
-- Germany
-- Greece
-- Hungary
-- Ireland
-- Italy
-- Latvia
-- Liechtenstein
-- Lithuania
-- Luxembourg
-- Malta
-- Monaco
-- Netherlands
-- Norway
-- Poland
-- Portugal
-- Romania
-- Slovakia
-- South Africa
-- Spain
-- Sweden
-- Switzerland
-- United Kingdom
-
-These countries can provide their VAT number or local equivalent on their **Billing account** information.
-
-|Market| Tax identifier |
-|------|----------------|
-| Australia | ABN (optional) |
-| Brazil | CNPJ (required) |
-| India | GSTIN (optional), PAN ID (required) |
-| Isle of Man | VAT ID (optional) |
-| New Zealand | GST Registration number (optional) |
-| Monaco | VAT ID (optional) |
-| Taiwan | VAT ID (optional) |
-
-### Tax-exempt status
-
-If you qualify for tax-exempt status in your market, start a service request to establish tax exempt status for your organization.
-
-**To start a service request**
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
-2. Select **Manage**, click **Support**, and then under **Store settings & configuration** select **Create technical support ticket**.
-
-You'll need this documentation:
-
-|Country/Region or locale | Documentation |
-|------------------|----------------|
-| United States | Sales Tax Exemption Certificate |
-| Canada | Certificate of Exemption (or equivalent letter of authorization) |
-| Ireland | 13B/56A Tax Exemption Certificate|
-| International organizations that hold tax exemption | Certification / letter confirmation from local tax authorities |
-
-### Calculating tax
-
-Sales taxes are calculated against the unit price, and then aggregated.
-
-For example:<br>
-(unit price X tax rate) X quantity = total sales tax
-
--or-
-
-($1.29 X .095) X 100 = $12.25
-
-## Agreements
-Each billing account includes access to the purchasing agreements your organization has signed with Microsoft. This could include:
-- Microsoft Enterprise Agreement
-- Select agreements
-- Open agreements
-- Microsoft customer agreement
-
-If you there is an updated version of the Microsoft customer agreement for you to sign, you'll be prompted to on **Agreements**, or during a purchase. 
-<!--- ## Offline licensing
-
-Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business. This model means organizations can deploy apps when users or devices do not have connectivity to the Store. For more information on Microsoft Store for Business licensing model, see [licensing model](./apps-in-microsoft-store-for-business.md#licensing-model).
-
-Admins can decide whether or not offline licenses are shown for apps in Microsoft Store.
-
-**To set offline license visibility**
-
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Settings - Shop**.
-3. Under **Shopping experience** turn on or turn off  **Show offline apps**,to show availability for offline-licensed apps.
-
-You have the following distribution options for offline-licensed apps:
-- Include the app in a provisioning package, and then use it as part of imaging a device.
-- Distribute the app through a management tool.
-For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-with-management-tool.md). -->
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
deleted file mode 100644
index 4af32aae83..0000000000
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ /dev/null
@@ -1,93 +0,0 @@
----
-title: Whats new in Microsoft Store for Business and Education
-description: Learn about the newest features in Microsoft Store for Business and Microsoft Store for Education.
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.date: 06/21/2024
-ms.reviewer: 
----
-
-# What's new in Microsoft Store for Business and Education
-
-## Latest updates for Store for Business and Education
-
-**June 2024**
-
-The Microsoft Store for Business and Microsoft Store for Education portals will retire on August 15, 2024. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-intune-integration-with-the-microsoft-store-on-windows/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). If you are using offline licensing, you can use the [WinGet Download command](/windows/package-manager/winget/download) to continue to access offline apps and license files.
-
-## Previous releases and updates
-
-**January 2024**
-
-**Removal of private store capability from Microsoft Store for Business and Education**
-
-The private store tab and associated functionality was removed from the Microsoft Store for Business and Education portal. This includes the ability to add apps to private groups and to download and install apps from the private store.  
-
-We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
-
-[May 2023](release-history-microsoft-store-business-education.md#may-2023)
-- Tab removed from Microsoft Store apps on Windows 10 PCs.
-
-[April 2023](release-history-microsoft-store-business-education.md#april-2023)
-- Tab removed from Microsoft Store apps on Windows 11 PCs.
-
-[October 2018](release-history-microsoft-store-business-education.md#october-2018)
-- Use security groups with Private store apps
-
-[September 2018](release-history-microsoft-store-business-education.md#september-2018)
-- Performance improvements
-
-[August 2018](release-history-microsoft-store-business-education.md#august-2018)
-- App requests 
-
-[July 2018](release-history-microsoft-store-business-education.md#july-2018)
-- Bug fixes and performance improvements
-
-[June 2018](release-history-microsoft-store-business-education.md#june-2018)
-- Change order within private store collection
-- Performance improvements in private store
-
-[May 2018](release-history-microsoft-store-business-education.md#may-2018)
-- Immersive Reading app available in Microsoft Store for Education
-
-[April 2018](release-history-microsoft-store-business-education.md#april-2018)
-- Assign apps to larger groups
-- Change collection order in private store
-- Office 365 subscription management
-
-[March 2018](release-history-microsoft-store-business-education.md#march-2018)
-- Performance improvements in private store
-- Private store collection updates
-- Manage Skype communication credits
-- Upgrade Office 365 trial subscription
-
-[January &amp; February, 2018](release-history-microsoft-store-business-education.md#january-and-february-2018)
-- One place for apps, software, and subscriptions
-- Create collections of apps in your private store
-- Upgrade Office 365 trial subscription
-- Supporting Microsoft Product and Services Agreement customers
-- Microsoft Product and Services Agreement customers can invite people to take roles
-
-[December 2017](release-history-microsoft-store-business-education.md#december-2017)
-- Bug fixes and performance improvements
-
-[November 2017](release-history-microsoft-store-business-education.md#november-2017)
-- Export list of Minecraft: Education Edition users
-- Bug fixes and performance improvements
-
-[October 2017](release-history-microsoft-store-business-education.md#october-2017)
-- Bug fixes and performance improvements 
-
-[September 2017](release-history-microsoft-store-business-education.md#september-2017)
-- Manage Windows device deployment with Windows Autopilot Deployment
-- Request an app
-- My organization
-- Manage prepaid Office 365 subscriptions
-- Manage Office 365 subscriptions acquired by partners
-- Edge extensions in Microsoft Store
-- Search results in Microsoft Store for Business
diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md
deleted file mode 100644
index 408165a16a..0000000000
--- a/store-for-business/working-with-line-of-business-apps.md
+++ /dev/null
@@ -1,112 +0,0 @@
----
-title: Working with line-of-business apps (Windows 10)
-description: Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your organization – they might be internal business apps, or apps specific to your school, business, or industry.
-ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 05/24/2023
----
-
-# Working with line-of-business apps
-
-**Applies to:**
-
-- Windows 10
-
-> [!IMPORTANT]
->
-> - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization – they might be internal apps, or apps specific to your school, business, or industry.
-
-Developers within your organization, or ISVs that you invite, can become LOB publishers and submit apps to Microsoft Store for your company or school. Once an LOB publisher submits an app for your company, the app is only available to your company. LOB publishers submit apps through the Windows Dev Center using the same process as all apps that are in Microsoft Store, and then can be managed or deployed using the same process as any other app that has been acquired through Microsoft Store.
-
-One advantage of making apps available through Microsoft Store for Business is that the app has been signed by Microsoft Store, and uses the standard Microsoft Store policies. For organizations that can't submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](/windows/application-management/sideload-apps-in-windows-10) is also supported on Windows 10.
-
-## Adding LOB apps to your private store
-
-Admins and ISVs each own different parts of the process for getting LOB apps created, submitted, and deployed to your employees or students. Admins use Microsoft Store for Business  or Microsoft Store for Education portal; ISVs or devs use the Windows Dev center on MSDN. 
-
-Here's what's involved:
-
-- Microsoft Store for Business admin invites a developer or ISV to become an LOB publisher for your company.
-- LOB publisher develops and submits app to Microsoft Store, tagging the app so it is only available to your company.
-- Microsoft Store for Business admin accepts the app and can distribute the app to employees in your company.
-
-You'll need to set up:
-
-- Your company needs to be signed up with Microsoft Store for Business or Microsoft Store for Education.
-- LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
-- LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
-
-The process and timing look like this:
-![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for Microsoft Store for Business admin, LOB publisher, and Developer.](images/lob-workflow.png)
-
-## Add an LOB publisher (Admin)
-
-Admins need to invite developer or ISVs to become an LOB publisher.
-
-### To invite a developer to become an LOB publisher
-
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
-2. Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
-3. On the Line-of business publishers page, click **Invite** to send an email invitation to a developer.
-
-   >[!Note]
-   > This needs to be the email address listed in contact info for the developer account.
-  
-## Submit apps (LOB publisher)
-
-The developer receives an email invite to become an LOB publisher for your company. Once they accept the invite, they can log in to the Windows Dev Center to create an app submission for your company. The info here assumes that devs or ISVs have an active developer account.
-
-After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](/windows/uwp/publish/app-submissions) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
-
-## To create a new submission for an app
-
-1. Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
-2. On the App overview page, under **Action**, click **Update**.
-
-    -OR-
-
-    Submit your app following the guidelines in [App submissions](/windows/uwp/publish/app-submissions). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
-
-3. On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
-4. Under **Organizational licensing**, click **Show options**.
-
-    Organizational licensing options apply to all apps, not just LOB apps:
-
-    - **Store-managed (online) volume licensing** - This is required. You must select this item to make your app available as an a LOB app. By default, it will be selected. This won't make the app available to anyone outside of the enterprise(s) that you selected in **Distribution and visibility**.
-
-    - **Disconnected (offline) licensing** - This is optional for LOB apps.
-
-5. Click **Save** to save your changes and start the app submission process.
-
-For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
-
- >[!Note]
- > In order to get the LOB app, the organization must be located in a [supported market](./microsoft-store-for-business-overview.md#supported-markets), and you must not have excluded that market when submitting your app.
-
-## Add app to inventory (admin)
-
-After an ISV submits the LOB app for your company or school, someone with Microsoft Store for Business and Education admin permissions needs to accept the app.
-
-### To add the LOB app to your inventory
-
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
-2. Click **Manage**, click **Products & services**, and then choose **New LOB apps**.
-3. Click the ellipses under **Action** for the app you want to add to your inventory, and then choose **Add to inventory**.
-
-After you add the app to your inventory, you can choose how to distribute the app. For more information, see:
-
-- [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md)
-- [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
-- [Assign apps to employees](assign-apps-to-employees.md)
-- [Distribute offline apps](distribute-offline-apps.md)
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 128c0cfc00..b3fbf2eaaa 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -51,7 +51,6 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Windows Application Management",
       "contributors_to_exclude": [
         "dstrome2",
         "rjagiewich",
@@ -63,19 +62,16 @@
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "beccarobins"
+        "beccarobins",
+        "padmagit77",
+        "aditisrivastava07"
       ],
       "searchScope": [
         "Windows 10"
       ]
     },
-    "fileMetadata": {
-      "feedback_system": {
-        "app-v/**/*.*": "None"
-      }
-    },
     "template": [],
     "dest": "win-app-management",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 2a00963aef..73dbb919ae 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -5,7 +5,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 10/03/2017
-ms.topic: article
+ms.topic: conceptual
 ms.service: windows-client
 ms.subservice: itpro-apps
 ms.localizationpriority: medium
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index 7a3b8812e1..ae406114d7 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -9,7 +9,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 08/18/2023
+  ms.date: 06/28/2024
   ms.topic: landing-page
   ms.service: windows-client
   ms.subservice: itpro-apps
@@ -40,22 +40,3 @@ landingContent:
             url: per-user-services-in-windows.md
           - text: Changes to Service Host grouping in Windows 10
             url: svchost-service-refactoring.md
-
-  - title: Application Virtualization (App-V)
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: App-V overview
-            url: /microsoft-desktop-optimization-pack/app-v/appv-for-windows
-          - text: Getting started with App-V
-            url: /microsoft-desktop-optimization-pack/app-v/appv-getting-started
-          - text: Planning for App-V
-            url: /microsoft-desktop-optimization-pack/app-v/appv-planning-for-appv
-          - text: Deploying App-V
-            url: /microsoft-desktop-optimization-pack/app-v/appv-deploying-appv
-          - text: Operations for App-V
-            url: /microsoft-desktop-optimization-pack/app-v/appv-operations
-          - text: Troubleshooting App-V
-            url: /microsoft-desktop-optimization-pack/app-v/appv-troubleshooting
-          - text: Technical Reference for App-V
-            url: /microsoft-desktop-optimization-pack/app-v/appv-technical-reference
diff --git a/windows/application-management/overview-windows-apps.md b/windows/application-management/overview-windows-apps.md
index ab58f88f99..dac0bbafdb 100644
--- a/windows/application-management/overview-windows-apps.md
+++ b/windows/application-management/overview-windows-apps.md
@@ -4,7 +4,7 @@ description: Learn about the different types of apps that run on Windows. For ex
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.date: 08/28/2023
+ms.date: 09/03/2024
 ms.topic: overview
 ms.service: windows-client
 ms.subservice: itpro-apps
@@ -31,7 +31,7 @@ For more information on deploying Microsoft 365 apps, see the [Deployment guide
 
 ### Power Apps
 
-These apps are custom, low-code apps to connect to business data, modernize processes, and solve unique challenges. Power Apps are available online and on-premises, can run in a web browser, and on mobile devices. They can be created by business analysts and professional developers. 
+These apps are custom, low-code apps to connect to business data, modernize processes, and solve unique challenges. Power Apps are available online and on-premises, can run in a web browser, and on mobile devices. They can be created by business analysts and professional developers.
 
 For more information, see [What is Power Apps?](/power-apps/powerapps-overview).
 
@@ -126,9 +126,7 @@ For more information, see:
 When you use the Microsoft Store app, Windows users can download apps from the public store. They can also download apps provided by your organization, which is called the *private store*. If your organization creates its own apps, you can use [Windows Package Manager](/windows/package-manager) to add apps to the private store.
 
 > [!NOTE]
-> Retirement of the Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
->
-> For more information, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/bc-p/3771217). This blog post describes the new Microsoft Store experience for both Windows 11 and Windows 10. To learn about other options for getting and managing apps, see [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft).
+> The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring). There will be no support for Microsoft Store for Business and Education for Windows 11.
 
 To help manage the Microsoft Store on your devices, you can use policies:
 
@@ -182,7 +180,7 @@ App-V allows Win32 apps to be used as virtual apps.
 
 On an on-premises server, you install and configure the App-V server components, and then install your Win32 apps. On Windows Enterprise client devices, you use the App-V client components to run the virtualized apps. They allow users to open the virtual apps using the icons and file names they're familiar with. Users use the apps as if they're installed locally.
 
-The benefit is to deliver virtual apps in real time, and as-needed. For more information, see [Application Virtualization (App-V) for Windows overview](./app-v/appv-for-windows.md).
+The benefit is to deliver virtual apps in real time, and as-needed. For more information, see [Application Virtualization (App-V) for Windows overview](/microsoft-desktop-optimization-pack/app-v/appv-for-windows).
 
 ## Manage apps
 
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 90281afcd3..65f0231016 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -4,8 +4,8 @@ description: Use the Company Portal app in Windows 11 devices to access the priv
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.date: 04/04/2023
-ms.topic: article
+ms.date: 09/03/2023
+ms.topic: conceptual
 ms.service: windows-client
 ms.subservice: itpro-apps
 ms.localizationpriority: medium
@@ -104,4 +104,4 @@ If you use a third party or partner MDM provider, be sure to configure the setti
 
 ## Windows Package Manager
 
-If your organization creates its own apps, your app developers can use [Windows Package Manager](/windows/package-manager/) to deploy apps. For more information on Intune and Windows Package Manager, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423).
+If your organization creates its own apps, your app developers can use [Windows Package Manager](/windows/package-manager/) to deploy apps. For more information on Intune and Windows Package Manager, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423) and [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml
index 7e86c36a76..eaea302b9c 100644
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@@ -1,255 +1,17 @@
 items:
 - name: Manage Windows applications
   href: index.yml
-- name: Application management
-  items:
-    - name: Overview of apps in Windows
-      href: overview-windows-apps.md
-    - name: Sideload line of business (LOB) apps
-      href: sideload-apps-in-windows.md
-    - name: Private app repo on Windows 11
-      href: private-app-repository-mdm-company-portal-windows-11.md
-    - name: Remove background task resource restrictions
-      href: enterprise-background-activity-controls.md
-    - name: Service host grouping in Windows 10
-      href: svchost-service-refactoring.md
-    - name: Per-user services in Windows
-      href: per-user-services-in-windows.md
-    - name: Keep removed apps from returning during an update
-      href: remove-provisioned-apps-during-update.md
-- name: Application Virtualization (App-V)
-  items:
-    - name: App-V for Windows overview
-      href: /microsoft-desktop-optimization-pack/app-v/appv-for-windows
-    - name: Getting Started
-      items:
-        - name: Getting Started with App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-getting-started
-        - name: What's new
-          items:
-            - name: What's new in App-V for Windows 10, version 1703 and earlier
-              href: /microsoft-desktop-optimization-pack/app-v/appv-about-appv
-            - name: Release Notes for App-V for Windows 10, version 1607
-              href: /microsoft-desktop-optimization-pack/app-v/appv-release-notes-for-appv-for-windows
-            - name: Release Notes for App-V for Windows 10, version 1703
-              href: /microsoft-desktop-optimization-pack/app-v/appv-release-notes-for-appv-for-windows-1703
-        - name: Evaluating App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-evaluating-appv
-        - name: High Level Architecture for App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-high-level-architecture
-    - name: Planning
-      items:
-        - name: Planning for App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-planning-for-appv
-        - name: Preparing your environment
-          items:
-            - name: Preparing your environment for App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-preparing-your-environment
-            - name: App-V Prerequisites
-              href: /microsoft-desktop-optimization-pack/app-v/appv-prerequisites
-            - name: App-V security considerations
-              href: /microsoft-desktop-optimization-pack/app-v/appv-security-considerations
-        - name: Planning to deploy
-          items:
-            - name: Planning to Deploy App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-to-deploy-appv
-            - name: App-V Supported Configurations
-              href: /microsoft-desktop-optimization-pack/app-v/appv-supported-configurations
-            - name: App-V Capacity Planning
-              href: /microsoft-desktop-optimization-pack/app-v/appv-capacity-planning
-            - name: Planning for High Availability with App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-for-high-availability-with-appv
-            - name: Planning to Deploy App-V with an Electronic Software Distribution System
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions
-            - name: Planning for the App-V Server Deployment
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-for-appv-server-deployment
-            - name: Planning for the App-V Sequencer and Client Deployment
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-for-sequencer-and-client-deployment
-            - name: Planning for Using App-V with Office
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-for-using-appv-with-office
-            - name: Planning to Use Folder Redirection with App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-folder-redirection-with-appv
-            - name: App-V Planning Checklist
-              href: /microsoft-desktop-optimization-pack/app-v/appv-planning-checklist
-    - name: Deploying
-      items:
-        - name: Deploying App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-appv
-        - name: App-V sequencer and client configuration
-          items:
-            - name: Deploying the App-V Sequencer and Configuring the Client
-              href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-the-appv-sequencer-and-client
-            - name: About Client Configuration Settings
-              href: /microsoft-desktop-optimization-pack/app-v/appv-client-configuration-settings
-            - name: Enable the App-V desktop client
-              href: /microsoft-desktop-optimization-pack/app-v/appv-enable-the-app-v-desktop-client
-            - name: How to Install the Sequencer
-              href: /microsoft-desktop-optimization-pack/app-v/appv-install-the-sequencer
-        - name: App-V server deployment
-          items:
-            - name: Deploying the App-V Server
-              href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-the-appv-server
-            - name: How to Deploy the App-V Server
-              href: /microsoft-desktop-optimization-pack/app-v/appv-deploy-the-appv-server
-            - name: How to Deploy the App-V Server Using a Script
-              href: /microsoft-desktop-optimization-pack/app-v/appv-deploy-the-appv-server-with-a-script
-            - name: How to Deploy the App-V Databases by Using SQL Scripts
-              href: /microsoft-desktop-optimization-pack/app-v/appv-deploy-appv-databases-with-sql-scripts
-            - name: How to Install the Publishing Server on a Remote Computer
-              href: /microsoft-desktop-optimization-pack/app-v/appv-install-the-publishing-server-on-a-remote-computer
-            - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-              href: /microsoft-desktop-optimization-pack/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers
-            - name: How to install the Management Server on a Standalone Computer and Connect it to the Database
-              href: /microsoft-desktop-optimization-pack/app-v/appv-install-the-management-server-on-a-standalone-computer
-            - name: About App-V Reporting
-              href: /microsoft-desktop-optimization-pack/app-v/appv-reporting
-            - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-              href: /microsoft-desktop-optimization-pack/app-v/appv-install-the-reporting-server-on-a-standalone-computer
-        - name: App-V Deployment Checklist
-          href: /microsoft-desktop-optimization-pack/app-v/appv-deployment-checklist
-        - name: Deploying Microsoft Office 2016 by Using App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-microsoft-office-2016-with-appv
-        - name: Deploying Microsoft Office 2013 by Using App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-microsoft-office-2013-with-appv
-        - name: Deploying Microsoft Office 2010 by Using App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-microsoft-office-2010-wth-appv
-        - name: Operations
-          items:
-            - name: Operations for App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-operations
-            - name: Creating and managing virtualized applications
-              items:
-                - name: Creating and Managing App-V Virtualized Applications
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-creating-and-managing-virtualized-applications
-                - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-auto-provision-a-vm
-                - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-auto-batch-sequencing
-                - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-auto-batch-updating
-                - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-sequence-a-new-application
-                - name: How to Modify an Existing Virtual Application Package
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-modify-an-existing-virtual-application-package
-                - name: How to Create and Use a Project Template
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-and-use-a-project-template
-                - name: How to Create a Package Accelerator
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-a-package-accelerator
-                - name: How to Create a Virtual Application Package Using an App-V Package Accelerator
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-a-virtual-application-package-package-accelerator
-            - name: Administering App-V
-              items:
-                - name: Administering App-V Virtual Applications by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-administering-virtual-applications-with-the-management-console
-                - name: About App-V Dynamic Configuration
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-dynamic-configuration
-                - name: How to Connect to the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-connect-to-the-management-console
-                - name: How to Add or Upgrade Packages by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-add-or-upgrade-packages-with-the-management-console
-                - name: How to Configure Access to Packages by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-configure-access-to-packages-with-the-management-console
-                - name: How to Publish a Package by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-publish-a-packages-with-the-management-console
-                - name: How to Delete a Package in the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-delete-a-package-with-the-management-console
-                - name: How to Add or Remove an Administrator by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-add-or-remove-an-administrator-with-the-management-console
-                - name: How to Register and Unregister a Publishing Server by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console
-                - name: How to Create a Custom Configuration File by Using the App-V Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-a-custom-configuration-file-with-the-management-console
-                - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console
-                - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-customize-virtual-application-extensions-with-the-management-console
-                - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console
-            - name: Connection groups
-              items:
-                - name: Managing Connection Groups
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-managing-connection-groups
-                - name: About the Connection Group Virtual Environment
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-connection-group-virtual-environment
-                - name: About the Connection Group File
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-connection-group-file
-                - name: How to Create a Connection Group
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-a-connection-group
-                - name: How to Create a Connection Group with User-Published and Globally Published Packages
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages
-                - name: How to Delete a Connection Group
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-delete-a-connection-group
-                - name: How to Publish a Connection Group
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-publish-a-connection-group
-                - name: How to Make a Connection Group Ignore the Package Version
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-configure-connection-groups-to-ignore-the-package-version
-                - name: How to Allow Only Administrators to Enable Connection Groups
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-allow-administrators-to-enable-connection-groups
-            - name: Deploying App-V packages with ESD
-              items:
-                - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD)
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions
-                - name: How to deploy App-V Packages Using Electronic Software Distribution
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions
-                - name: How to Enable Only Administrators to Publish Packages by Using an ESD
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions
-            - name: Using the management console
-              items:
-                - name: Using the App-V client management console
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-using-the-client-management-console
-                - name: Automatically clean up unpublished packages on the App-V client
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-auto-clean-unpublished-packages
-            - name: Migrating
-              items:
-                - name: Migrating to App-V from a previous version
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-migrating-to-appv-from-a-previous-version
-                - name: How to convert a package created in a previous version of App-V
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv
-            - name: Maintenance
-              items:
-                - name: Maintaining App-V
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-maintaining-appv
-                - name: How to Move the App-V Server to Another Computer
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-move-the-appv-server-to-another-computer
-            - name: Administering App-V with Windows PowerShell
-              items:
-                - name: Administering App-V by using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-administering-appv-with-powershell
-                - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help
-                - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell
-                - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell
-                - name: How to Modify Client Configuration by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-modify-client-configuration-with-powershell
-                - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server
-                - name: How to Apply the User Configuration File by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-apply-the-user-configuration-file-with-powershell
-                - name: How to Apply the Deployment Configuration File by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-apply-the-deployment-configuration-file-with-powershell
-                - name: How to Sequence a Package  by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-sequence-a-package-with-powershell
-                - name: How to Create a Package Accelerator by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-create-a-package-accelerator-with-powershell
-                - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-enable-reporting-on-the-appv-client-with-powershell
-                - name: How to Install the App-V Databases and Convert the Associated Security Identifiers  by Using Windows PowerShell
-                  href: /microsoft-desktop-optimization-pack/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell
-        - name: Troubleshooting App-V
-          href: /microsoft-desktop-optimization-pack/app-v/appv-troubleshooting
-        - name: Technical Reference
-          items:
-            - name: Technical Reference for App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-technical-reference
-            - name: Available Mobile Device Management (MDM) settings for App-V
-              href: /microsoft-desktop-optimization-pack/app-v/appv-available-mdm-settings
-            - name: Performance Guidance for Application Virtualization
-              href: /microsoft-desktop-optimization-pack/app-v/appv-performance-guidance
-            - name: Application Publishing and Client Interaction
-              href: /microsoft-desktop-optimization-pack/app-v/appv-application-publishing-and-client-interaction
-            - name: Viewing App-V Server Publishing Metadata
-              href: /microsoft-desktop-optimization-pack/app-v/appv-viewing-appv-server-publishing-metadata
-            - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
-              href: /microsoft-desktop-optimization-pack/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment
+- name: Overview of apps in Windows
+  href: overview-windows-apps.md
+- name: Sideload line of business (LOB) apps
+  href: sideload-apps-in-windows.md
+- name: Private app repo on Windows 11
+  href: private-app-repository-mdm-company-portal-windows-11.md
+- name: Remove background task resource restrictions
+  href: enterprise-background-activity-controls.md
+- name: Service host grouping in Windows 10
+  href: svchost-service-refactoring.md
+- name: Per-user services in Windows
+  href: per-user-services-in-windows.md
+- name: Keep removed apps from returning during an update
+  href: remove-provisioned-apps-during-update.md
diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
index 27c5fb235c..eefc2151ab 100644
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -5,18 +5,18 @@ ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Microsoft Entra integration with MDM
 
-Microsoft Entra ID is the world's largest enterprise cloud identity management service. It's used by organizations to access Microsoft 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows experiences for organizational users (such as store access or OS state roaming) use Microsoft Entra ID as the underlying identity infrastructure. Windows integrates with Microsoft Entra ID, allowing devices to be registered in Microsoft Entra ID and enrolled into MDM in an integrated flow.
+Microsoft Entra ID is the world's largest enterprise cloud identity management service. It's used by organizations to access Microsoft 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows experiences for organizational users (such as store access or OS state roaming) use Microsoft Entra ID as the underlying identity infrastructure. Windows integrates with Microsoft Entra ID, allowing devices to be registered in Microsoft Entra ID and enrolled into Mobile Device Management (MDM) in an integrated flow.
 
 Once a device is enrolled in MDM, the MDM:
 
 - Can enforce compliance with organization policies, add or remove apps, and more.
 - Can report a device's compliance in Microsoft Entra ID.
-- Microsoft Entra ID can allow access to organization resources or applications secured by Microsoft Entra ID to devices that comply with policies.
+- Can allow access to organization resources or applications secured by Microsoft Entra ID to devices that comply with policies.
 
 To support these rich experiences with their MDM product, MDM vendors can integrate with Microsoft Entra ID.
 
@@ -24,23 +24,21 @@ To support these rich experiences with their MDM product, MDM vendors can integr
 
 There are several ways to connect your devices to Microsoft Entra ID:
 
-- [Join device to Microsoft Entra ID](/azure/active-directory/devices/concept-azure-ad-join)
-- [Join device to on-premises AD and Microsoft Entra ID](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
-- [Add a Microsoft work account to Windows](/azure/active-directory/devices/concept-azure-ad-register)
+- [Join device to Microsoft Entra ID](/entra/identity/devices/concept-directory-join)
+- [Join device to on-premises AD and Microsoft Entra ID](/entra/identity/devices/concept-hybrid-join)
+- [Add a Microsoft work account to Windows](/entra/identity/devices/concept-device-registration)
 
 In each scenario, Microsoft Entra authenticates the user and the device. It provides a verified unique device identifier that can be used for MDM enrollment. The enrollment flow provides an opportunity for the MDM service to render its own UI, using a web view. MDM vendors should use the UI to render the Terms of Use (TOU), which can be different for company-owned and bring-your-own-device (BYOD) devices. MDM vendors can also use the web view to render more UI elements, such as asking for a one-time PIN.
 
 In Windows 10, the web view during the out-of-the-box scenario is displayed as full-screen by default, providing MDM vendors with the capability to create a seamless edge-to-edge user experience. However, in Windows 11 the web view is rendered within an iframe. It's important that MDM vendors who integrate with Microsoft Entra ID respect the Windows design guidelines. This step includes using a responsive web design and respecting the Windows accessibility guidelines. For example, include the forward and back buttons that are properly wired to the navigation logic. More details are provided later in this article.
 
-For Microsoft Entra enrollment to work for an Active Directory Federated Services (AD FS) backed Microsoft Entra account, you must enable password authentication for the intranet on the ADFS service. For more information, see [Configure Azure MFA as authentication provider with AD FS](/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa).
+For Microsoft Entra enrollment to work for an Active Directory Federated Services (AD FS) backed Microsoft Entra account, you must enable password authentication for the intranet on the ADFS service. For more information, see [Configure Microsoft Entra multifactor authentication as authentication provider with AD FS](/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa).
 
 Once a user has a Microsoft Entra account added to Windows and enrolled in MDM, the enrollment can be managed through **Settings** > **Accounts** > **Access work or school**. Device management of either Microsoft Entra join for organization scenarios or BYOD scenarios is similar.
 
 > [!NOTE]
 > Users can't remove the device enrollment through the **Access work or school** user interface because management is tied to the Microsoft Entra ID or work account.
 
-<a name='mdm-endpoints-involved-in-azure-ad-integrated-enrollment'></a>
-
 ### MDM endpoints involved in Microsoft Entra integrated enrollment
 
 Microsoft Entra MDM enrollment is a two-step process:
@@ -64,17 +62,15 @@ To support Microsoft Entra enrollment, MDM vendors must host and expose a **Term
 
     The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Microsoft Entra ID using the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this article.
 
-<a name='make-mdm-a-reliable-party-of-azure-ad'></a>
-
 ## Make MDM a reliable party of Microsoft Entra ID
 
 To participate in the integrated enrollment flow outlined in the previous section, the MDM must consume access tokens issued by Microsoft Entra ID. To report compliance with Microsoft Entra ID, the MDM must authenticate itself to Microsoft Entra ID and obtain authorization in the form of an access token that allows it to invoke the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api).
 
 ### Cloud-based MDM
 
-A cloud-based MDM is a SaaS application that provides device management capabilities in the cloud. It's a multi-tenant application. This application is registered with Microsoft Entra ID in the home tenant of the MDM vendor. When an IT admin decides to use this MDM solution, an instance of this application is made visible in the tenant of the customer.
+A cloud-based MDM is a SaaS application that provides device management capabilities in the cloud. It's a multitenant application. This application is registered with Microsoft Entra ID in the home tenant of the MDM vendor. When an IT admin decides to use this MDM solution, an instance of this application is made visible in the tenant of the customer.
 
-The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. For more information about how to add multi-tenant applications to Microsoft Entra ID, see the [Integrate an app that authenticates users and calls Microsoft Graph using the multi-tenant integration pattern (SaaS)](https://go.microsoft.com/fwlink/p/?LinkId=613661) code sample on GitHub.
+The MDM vendor must first register the application in their home tenant and mark it as a multitenant application. For more information about how to add multitenant applications to Microsoft Entra ID, see the [Integrate an app that authenticates users and calls Microsoft Graph using the multitenant integration pattern (SaaS)](https://go.microsoft.com/fwlink/p/?LinkId=613661) code sample on GitHub.
 
 > [!NOTE]
 > For the MDM provider, if you don't have an existing Microsoft Entra tenant with a Microsoft Entra subscription that you manage, follow these step-by-step guides:
@@ -82,7 +78,7 @@ The MDM vendor must first register the application in their home tenant and mark
 > - [Quickstart: Create a new tenant in Microsoft Entra ID](/azure/active-directory/fundamentals/active-directory-access-create-new-tenant) to set up a tenant.
 > - [Associate or add an Azure subscription to your Microsoft Entra tenant](/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory) to add a subscription, and manage it via the Azure Portal.
 
-The MDM application uses keys to request access tokens from Microsoft Entra ID. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Microsoft Entra ID, in the customer tenant where the managed device belongs.
+The MDM application uses keys to request access tokens from Microsoft Entra ID. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multitenant MDM application to authenticate itself with Microsoft Entra ID, in the customer tenant where the managed device belongs.
 
 > [!NOTE]
 > All MDM apps must implement Microsoft Entra v2 tokens before we certify that integration works. Due to changes in the Microsoft Entra app platform, using Microsoft Entra v2 tokens is a hard requirement. For more information, see [Microsoft identity platform access tokens](/azure/active-directory/develop/access-tokens#token-formats).
@@ -107,8 +103,6 @@ For cloud-based MDM, you can roll over the application keys without requiring a
 
 For the on-premises MDM, the Microsoft Entra authentication keys are within the customer tenant and the customer's administrator must roll over the keys. To improve security, provide guidance to customers about rolling over and protecting the keys.
 
-<a name='publish-your-mdm-app-to-azure-ad-app-gallery'></a>
-
 ## Publish your MDM app to Microsoft Entra app gallery
 
 IT administrators use the Microsoft Entra app gallery to add an MDM for their organization to use. The app gallery is a rich store with over 2400 SaaS applications that are integrated with Microsoft Entra ID.
@@ -124,7 +118,7 @@ The following table shows the required information to create an entry in the Mic
 
 | Item                | Description                                                                                                                                                                                                    |
 |---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Application ID**  | The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multi-tenant app.                                                                               |
+| **Application ID**  | The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multitenant app.                                                                               |
 | **Publisher**       | A string that identifies the publisher of the app.                                                                                                                                                             |
 | **Application URL** | A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL isn't used for the actual enrollment. |
 | **Description**     | A brief description of your MDM app, which must be under 255 characters.                                                                                                                                       |
@@ -191,7 +185,7 @@ The following claims are expected in the access token passed by Windows to the T
 |-----------|----------------------------------------------------------------------------------------------|
 | Object ID | Identifier of the user object corresponding to the authenticated user.                       |
 | UPN       | A claim containing the user principal name (UPN) of the authenticated user.                  |
-| TID       | A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.       |
+| TID       | A claim representing the tenant ID of the tenant. In the previous example, it's Fabrikam.       |
 | Resource  | A sanitized URL representing the MDM application. Example: `https://fabrikam.contosomdm.com` |
 
 > [!NOTE]
@@ -206,7 +200,7 @@ https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm
 Authorization: Bearer eyJ0eXAiOi
 ```
 
-The MDM is expected to validate the signature of the access token to ensure it is issued by Microsoft Entra ID and that the recipient is appropriate.
+The MDM is expected to validate the signature of the access token to ensure it's issued by Microsoft Entra ID and that the recipient is appropriate.
 
 ### Terms of Use content
 
@@ -260,8 +254,6 @@ The following table shows the error codes.
 | Microsoft Entra token validation failed                                                                 | 302         | unauthorized_client | unauthorized_client         |
 | internal service error                                                                           | 302         | server_error        | internal service error      |
 
-<a name='enrollment-protocol-with-azure-ad'></a>
-
 ## Enrollment protocol with Microsoft Entra ID
 
 With Azure integrated MDM enrollment, there's no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.
@@ -284,8 +276,6 @@ With Azure integrated MDM enrollment, there's no discovery phase and the discove
 |EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL|Not supported|Supported|Supported|
 |CSPs accessible during enrollment|Windows 10 support: <br/>- DMClient <br/>- CertificateStore <br/>- RootCATrustedCertificates <br/> - ClientCertificateInstall <br/>- EnterpriseModernAppManagement <br/> - PassportForWork <br/> - Policy <br/> - w7 APPLICATION|||
 
-<a name='management-protocol-with-azure-ad'></a>
-
 ## Management protocol with Microsoft Entra ID
 
 There are two different MDM enrollment types that integrate with Microsoft Entra ID, and use Microsoft Entra user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users.
@@ -318,8 +308,6 @@ There are two different MDM enrollment types that integrate with Microsoft Entra
   - Use the JWT Token Handler extension for WIF to validate the contents of the access token and extract claims required for use. For more information, see [JwtSecurityTokenHandler Class](/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler).
   - Refer to the Microsoft Entra authentication code samples to get a sample for working with access tokens. For an example, see [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667).
 
-<a name='device-alert-1224-for-azure-ad-user-token'></a>
-
 ## Device Alert 1224 for Microsoft Entra user token
 
 An alert is sent when the DM session starts and there's a Microsoft Entra user logged in. The alert is sent in OMA DM package #1. Here's an example:
@@ -372,15 +360,13 @@ Here's an example.
 </SyncBody>
 ```
 
-<a name='report-device-compliance-to-azure-ad'></a>
-
 ## Report device compliance to Microsoft Entra ID
 
 Once a device is enrolled with the MDM for management, organization policies configured by the IT administrator are enforced on the device. MDM evaluates the device compliance with configured policies and then reports it to Microsoft Entra ID. This section covers the Graph API call you can use to report a device compliance status to Microsoft Entra ID.
 
 For a sample that illustrates how an MDM can obtain an access token using OAuth 2.0 client\_credentials grant type, see [Daemon\_CertificateCredential-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613822).
 
-- **Cloud-based MDM** - If your product is a cloud-based multi-tenant MDM service, you have a single key configured for your service within your tenant. To obtain authorization, use this key to authenticate the MDM service with Microsoft Entra ID.
+- **Cloud-based MDM** - If your product is a cloud-based multitenant MDM service, you have a single key configured for your service within your tenant. To obtain authorization, use this key to authenticate the MDM service with Microsoft Entra ID.
 - **On-premises MDM** - If your product is an on-premises MDM, customers must configure your product with the key used to authenticate with Microsoft Entra ID. This key configuration is because each on-premises instance of your MDM product has a different tenant-specific key. So, you may need to expose a configuration experience in your MDM product that enables administrators to specify the key to be used to authenticate with Microsoft Entra ID.
 
 ### Use Microsoft Graph API
@@ -415,8 +401,6 @@ Response:
 - Success - HTTP 204 with No Content.
 - Failure/Error - HTTP 404 Not Found. This error may be returned if the specified device or tenant can't be found.
 
-<a name='data-loss-during-unenrollment-from-azure-active-directory-join'></a>
-
 ## Data loss during unenrollment from Microsoft Entra join
 
 When a user is enrolled into MDM through Microsoft Entra join and then disconnects the enrollment, there's no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message doesn't indicate the loss of WIP data.
diff --git a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index ab7c3e0a1c..aca40777f6 100644
--- a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -2,7 +2,7 @@
 title: Automatic MDM enrollment in the Intune admin center
 description: Automatic MDM enrollment in the Intune admin center
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Automatic MDM enrollment in the Intune admin center
diff --git a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
index d9938c6409..c248120cff 100644
--- a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
@@ -1,13 +1,13 @@
 ---
 title: Bulk enrollment
-description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices.
+description: Bulk enrollment is an efficient way to set up an MDM server to manage a large number of devices without the need to reimage the devices.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Bulk enrollment using Windows Configuration Designer
 
-Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. You can use the [Provisioning CSP](mdm/provisioning-csp.md) for bulk enrollment, except for the Microsoft Entra join enrollment scenario.
+Bulk enrollment is an efficient way to set up an MDM server to manage a large number of devices without the need to reimage the devices. You can use the [Provisioning CSP](mdm/provisioning-csp.md) for bulk enrollment, except for the Microsoft Entra join enrollment scenario.
 
 ## Typical use cases
 
@@ -68,7 +68,7 @@ Using the WCD, create a provisioning package using the enrollment information re
     ![bulk enrollment screenshot.](images/bulk-enrollment.png)
 
 1. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
-1. When you're done adding all the settings, on the **File** menu, select **Save**.
+1. After adding all the settings, select **Save** on the **File** menu.
 1. On the main menu, select **Export** > **Provisioning package**.
 
     ![icd menu for export.](images/bulk-enrollment2.png)
@@ -120,7 +120,7 @@ Using the WCD, create a provisioning package using the enrollment information re
    For detailed descriptions of these settings, see [Provisioning CSP](mdm/provisioning-csp.md).
 
 1. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
-1. When you're done adding all the settings, on the **File** menu, select **Save**.
+1. After adding all the settings, select **Save** on the **File** menu.
 1. Export and build the package (steps 10-13 in previous section).
 1. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
 1. Apply the package to your devices.
@@ -142,7 +142,7 @@ Using the WCD, create a provisioning package using the enrollment information re
 - If the provisioning engine receives a failure from a CSP, it retries provisioning three times in a row.
 - If all immediate attempts fail, a delayed task is launched to try provisioning again later. It will retry four times at a decaying rate of 15 minutes -> 1 hr -> 4 hr -> "Next System Start". These attempts are run from the SYSTEM context.
 - It also retries the provisioning each time it's launched, if started from somewhere else as well.
-- In addition, provisioning will be restarted in the SYSTEM context after a sign in and the [system has been idle](/windows/win32/taskschd/task-idle-conditions).
+- In addition, provisioning will be restarted in the SYSTEM context after a sign in and the [system is idle](/windows/win32/taskschd/task-idle-conditions).
 
 ## Related articles
 
diff --git a/windows/client-management/certificate-authentication-device-enrollment.md b/windows/client-management/certificate-authentication-device-enrollment.md
index e53a80cc55..2cea712e44 100644
--- a/windows/client-management/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/certificate-authentication-device-enrollment.md
@@ -2,7 +2,7 @@
 title: Certificate authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Certificate authentication device enrollment
diff --git a/windows/client-management/certificate-renewal-windows-mdm.md b/windows/client-management/certificate-renewal-windows-mdm.md
index 573cbe71b2..66d42a4d90 100644
--- a/windows/client-management/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/certificate-renewal-windows-mdm.md
@@ -2,7 +2,7 @@
 title: Certificate Renewal
 description: Learn how to find all the resources that you need to provide continuous access to client certificates.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Certificate Renewal
@@ -19,7 +19,7 @@ Windows supports automatic certificate renewal, also known as Renew On Behalf Of
 > [!NOTE]
 > Certificate renewal of the enrollment certificate through ROBO is only supported with Microsoft PKI.
 
-Auto certificate renewal is the only supported MDM client certificate renewal method for the device that's enrolled using WAB authentication. Meaning, the AuthPolicy is set to Federated. It also means if the server supports WAB authentication, then the MDM certificate enrollment server MUST also support client TLS to renew the MDM client certificate.
+Auto certificate renewal is the only supported MDM client certificate renewal method for a device enrolled using WAB authentication. Meaning, the AuthPolicy is set to Federated. It also means if the server supports WAB authentication, then the MDM certificate enrollment server MUST also support client TLS to renew the MDM client certificate.
 
 For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP's](mdm/certificatestore-csp.md) ROBOSupport node under `CertificateStore/My/WSTEP/Renew` URL.
 
@@ -89,7 +89,7 @@ In Windows, the renewal period can only be set during the MDM enrollment phase.
 
 For more information about the parameters, see the [CertificateStore configuration service provider](mdm/certificatestore-csp.md).
 
-Unlike manual certificate renewal, the device doesn't perform an automatic MDM client certificate renewal if the certificate is already expired. To make sure the device has enough time to automatically renew, we recommend you set a renewal period a couple months (40-60 days) before the certificate expires. And, set the renewal retry interval to every few days, like every 4-5 days instead of every seven days (weekly). This change increases the chance that the device will try to connect at different days of the week.
+Unlike manual certificate renewal, the device doesn't perform an automatic MDM client certificate renewal if the certificate is already expired. To make sure the device has enough time to automatically renew, we recommend you set a renewal period a couple months (40-60 days) before the certificate expires. And, set the renewal retry interval to every few days, like every 4-5 days instead of every seven days (weekly). This change increases the chance that the device tries to connect at different days of the week.
 
 ## Certificate renewal response
 
@@ -99,7 +99,7 @@ When RequestType is set to Renew, the web service verifies the following (in add
 - The client's certificate is in the renewal period
 - The certificate is issued by the enrollment service
 - The requester is the same as the requester for initial enrollment
-- For standard client's request, the client hasn't been blocked
+- For standard client's request, the client isn't blocked
 
 After validation is completed, the web service retrieves the PKCS#10 content from the PKCS#7 BinarySecurityToken. The rest is the same as initial enrollment, except that the Provisioning XML only needs to have the new certificate issued by the CA.
 
diff --git a/windows/client-management/client-tools/add-remove-hide-features.md b/windows/client-management/client-tools/add-remove-hide-features.md
index 4fa8c60998..92fa8aaf85 100644
--- a/windows/client-management/client-tools/add-remove-hide-features.md
+++ b/windows/client-management/client-tools/add-remove-hide-features.md
@@ -1,19 +1,9 @@
 ---
 title: Add, remove, or hide Windows features
 description: Learn how to add or remove Windows optional features using the Optional features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.date: 03/28/2024
+ms.date: 07/01/2024
 ms.topic: how-to
-ms.service: windows-client
-ms.subservice: itpro-apps
-ms.localizationpriority: medium
-ms.collection: tier2
 zone_pivot_groups: windows-versions-11-10
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Add, remove, or hide Windows features
@@ -29,7 +19,7 @@ Open the **Optional features** pane in the **Settings** app by selecting the fol
 > [!div class="nextstepaction"]
 > [Optional features](ms-settings:optionalfeatures)
 
-or
+Or
 
 1. Right-click on the **Start** menu and select **Run**.
 
@@ -41,7 +31,7 @@ or
 
    and then select **OK**.
 
-or
+Or
 
 ::: zone pivot="windows-11"
 
diff --git a/windows/client-management/client-tools/administrative-tools-in-windows.md b/windows/client-management/client-tools/administrative-tools-in-windows.md
index 1e319e16a4..785eb740cc 100644
--- a/windows/client-management/client-tools/administrative-tools-in-windows.md
+++ b/windows/client-management/client-tools/administrative-tools-in-windows.md
@@ -1,18 +1,28 @@
 ---
-title: Windows Tools/Administrative Tools
+title: Windows Tools
 description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
-ms.localizationpriority: medium
-ms.date: 08/10/2023
+ms.date: 07/01/2024
 ms.topic: conceptual
+zone_pivot_groups: windows-versions-11-10
 ms.collection:
-- highpri
-- tier2
 - essentials-manage
 ---
 
-# Windows Tools/Administrative Tools
+# Windows Tools
 
-**Windows Tools** is a folder in the Windows 11 Control Panel. **Administrative Tools** is a folder in the Windows 10 Control Panel. These folders contain tools for system administrators and advanced users.
+::: zone pivot="windows-11"
+
+**Windows Tools** is a folder in the Windows 11 Control Panel. This folder contains tools for system administrators and advanced users.
+
+::: zone-end
+
+::: zone pivot="windows-10"
+
+**Administrative Tools** is a folder in the Windows 10 Control Panel. This folder contains tools for system administrators and advanced users.
+
+::: zone-end
+
+::: zone pivot="windows-11"
 
 ## Windows Tools folder
 
@@ -24,6 +34,10 @@ The tools in the folder might vary depending on which edition of Windows you use
 
 :::image type="content" source="images/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="images/win11-windows-tools.png":::
 
+::: zone-end
+
+::: zone pivot="windows-10"
+
 ## Administrative Tools folder
 
 The following graphic shows the **Administrative Tools** folder in Windows 10:
@@ -34,34 +48,7 @@ The tools in the folder might vary depending on which edition of Windows you use
 
 ![Screenshot of the contents of the Administrative Tools folder in Windows 10.](images/admin-tools-folder.png)
 
-## Tools
-
-The tools are located in the folder `C:\Windows\System32\` or its subfolders.
-
-These tools were included in previous versions of Windows. The associated documentation for each tool can help you use them. The following list provides links to documentation for each tool.
-
-- [Component Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731901(v=ws.11))
-- [Computer Management](https://support.microsoft.com/topic/how-to-use-computer-management-in-windows-xp-d5872f93-4498-f4dd-3a34-36d6f569924f)
-- [Defragment and Optimize Drives](https://support.microsoft.com/windows/ways-to-improve-your-computer-s-performance-c6018c78-0edd-a71a-7040-02267d68ea90)
-- [Disk Cleanup](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68)
-- [Event Viewer](/previous-versions/windows/it-pro/windows-2000-server/cc938674(v=technet.10))
-- [iSCSI Initiator](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee338476(v=ws.10))
-- [Local Security Policy](/previous-versions/tn-archive/dd277395(v=technet.10))
-- [ODBC Data Sources](/sql/odbc/admin/odbc-data-source-administrator)
-- [Performance Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749115(v=ws.11))
-- [Print Management](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731857(v=ws.11))
-- [Recovery Drive](https://support.microsoft.com/windows/create-a-recovery-drive-abb4691b-5324-6d4a-8766-73fab304c246)
-- [Registry Editor](/windows/win32/sysinfo/registry)
-- [Resource Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd883276(v=ws.10))
-- [Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772408(v=ws.11))
-- [System Configuration](/troubleshoot/windows-client/performance/system-configuration-utility-troubleshoot-configuration-errors)
-- [System Information](/previous-versions/windows/it-pro/windows-2000-server/cc957818(v=technet.10))
-- [Task Scheduler](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766428(v=ws.11))
-- [Windows Firewall with Advanced Security](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754274(v=ws.11))
-- [Windows Memory Diagnostic](/previous-versions/technet-magazine/cc745953(v=msdn.10))
-
-> [!TIP]
-> If the linked content in this list doesn't provide the information you need to use that tool, send feedback with the **This page** link in the **Feedback** section at the bottom of this article.
+::: zone-end
 
 ## Related articles
 
diff --git a/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md b/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
index 685f872e8a..725c23927a 100644
--- a/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
@@ -1,12 +1,11 @@
 ---
 title: Windows default media removal policy
-description: In Windows 10 and later, the default removal policy for external storage media changed from Better performance to Quick removal.
-ms.date: 08/10/2023
+description: Manage default media removal policy in Windows.
+ms.date: 07/01/2024
 ms.topic: conceptual
-ms.localizationpriority: medium
 ---
 
-# Change in default removal policy for external storage media in Windows
+# Manage default media removal policy
 
 Windows defines two main policies, **Quick removal** and **Better performance**, that control how the system interacts with external storage devices such as USB thumb drives or Thunderbolt-enabled external drives. Beginning in Windows 10 version 1809, the default policy is **Quick removal**. In earlier versions of Windows, the default policy was **Better performance**.
 
@@ -16,7 +15,7 @@ You can change the policy setting for each external device, and the policy that
 
 You can use the storage device policy setting to change the manner in which Windows manages storage devices to better meet your needs. The policy settings have the following effects:
 
-- **Quick removal**: This policy manages storage operations in a manner that keeps the device ready to remove at any time. You can remove the device without using the Safely Remove Hardware process. However, to do this, Windows can't cache disk write operations. This may degrade system performance.
+- **Quick removal**: This policy manages storage operations in a manner that keeps the device ready to remove at any time. You can remove the device without using the Safely Remove Hardware process. However, to do this, Windows can't cache disk write operations. This can degrade system performance.
 - **Better performance**: This policy manages storage operations in a manner that improves system performance. When this policy is in effect, Windows can cache write operations to the external device. However, you must use the Safely Remove Hardware process to remove the external drive. The Safely Remove Hardware process protects the integrity of data on the device by making sure that all cached operations finish.
 
 > [!IMPORTANT]
diff --git a/windows/client-management/client-tools/connect-to-remote-aadj-pc.md b/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
index b47fad81ee..c08492c201 100644
--- a/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
@@ -2,7 +2,7 @@
 title: Connect to remote Microsoft Entra joined device
 description: Learn how to use Remote Desktop Connection to connect to a Microsoft Entra joined device.
 ms.localizationpriority: medium
-ms.date: 08/10/2023
+ms.date: 07/01/2024
 ms.topic: conceptual
 ms.collection:
 - highpri
@@ -14,18 +14,16 @@ ms.collection:
 Windows supports remote connections to devices joined to Active Directory s well as devices joined to Microsoft Entra ID using Remote Desktop Protocol (RDP).
 
 - Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
-- Starting in Windows 10/11, with 2022-10 update installed, you can [use Microsoft Entra authentication to connect to the remote Microsoft Entra device](#connect-with-azure-ad-authentication).
+- Starting in Windows 10/11, with 2022-10 update installed, you can [use Microsoft Entra authentication to connect to the remote Microsoft Entra device](#connect-with-microsoft-entra-authentication).
 
 ## Prerequisites
 
 - Both devices (local and remote) must be running a supported version of Windows.
 - Remote device must have the **Connect to and use this PC from another device using the Remote Desktop app** option selected under **Settings** > **System** > **Remote Desktop**.
-  - It's recommended to select **Require devices to use Network Level Authentication to connect** option.
+  - Select **Require devices to use Network Level Authentication to connect** option is recommended.
 - If the user who joined the device to Microsoft Entra ID is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the device remotely, you must [add users to the Remote Desktop Users group](#add-users-to-remote-desktop-users-group) on the remote device.
 - Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard) is turned off on the device you're using to connect to the remote device.
 
-<a name='connect-with-azure-ad-authentication'></a>
-
 ## Connect with Microsoft Entra authentication
 
 Microsoft Entra authentication can be used on the following operating systems for both the local and remote device:
@@ -64,8 +62,6 @@ The Windows lock screen in the remote session doesn't support Microsoft Entra au
 
 Disconnecting the session also ensures that when the connection is relaunched after a period of inactivity, Microsoft Entra ID reevaluates the applicable conditional access policies.
 
-<a name='connect-without-azure-ad-authentication'></a>
-
 ## Connect without Microsoft Entra authentication
 
 By default, RDP doesn't use Microsoft Entra authentication, even if the remote PC supports it. This method allows you to connect to the remote Microsoft Entra joined device from:
diff --git a/windows/client-management/client-tools/images/allow-rdp.png b/windows/client-management/client-tools/images/allow-rdp.png
deleted file mode 100644
index 55c13b53bc..0000000000
Binary files a/windows/client-management/client-tools/images/allow-rdp.png and /dev/null differ
diff --git a/windows/client-management/client-tools/images/change-def-rem-policy-2.png b/windows/client-management/client-tools/images/change-def-rem-policy-2.png
index d05d5dd16f..d99919de15 100644
Binary files a/windows/client-management/client-tools/images/change-def-rem-policy-2.png and b/windows/client-management/client-tools/images/change-def-rem-policy-2.png differ
diff --git a/windows/client-management/client-tools/images/crossmark.png b/windows/client-management/client-tools/images/crossmark.png
deleted file mode 100644
index 69432ff71c..0000000000
Binary files a/windows/client-management/client-tools/images/crossmark.png and /dev/null differ
diff --git a/windows/client-management/client-tools/images/quick-assist-get.png b/windows/client-management/client-tools/images/quick-assist-get.png
deleted file mode 100644
index fc7ccdd1a4..0000000000
Binary files a/windows/client-management/client-tools/images/quick-assist-get.png and /dev/null differ
diff --git a/windows/client-management/client-tools/images/rdp.png b/windows/client-management/client-tools/images/rdp.png
deleted file mode 100644
index ac088d0b06..0000000000
Binary files a/windows/client-management/client-tools/images/rdp.png and /dev/null differ
diff --git a/windows/client-management/client-tools/images/settings-page-visibility-gp.png b/windows/client-management/client-tools/images/settings-page-visibility-gp.png
index 198fc83a7c..eabe085176 100644
Binary files a/windows/client-management/client-tools/images/settings-page-visibility-gp.png and b/windows/client-management/client-tools/images/settings-page-visibility-gp.png differ
diff --git a/windows/client-management/client-tools/images/systemcollage.png b/windows/client-management/client-tools/images/systemcollage.png
deleted file mode 100644
index d1400e19f4..0000000000
Binary files a/windows/client-management/client-tools/images/systemcollage.png and /dev/null differ
diff --git a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
index 0aaf41776d..052dc9e72a 100644
--- a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
@@ -1,7 +1,7 @@
 ---
 title: Manage Device Installation with Group Policy
 description: Find out how to manage Device Installation Restrictions with Group Policy.
-ms.date: 08/10/2023
+ms.date: 07/01/2024
 ms.topic: conceptual
 ---
 
diff --git a/windows/client-management/client-tools/manage-settings-app-with-group-policy.md b/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
index bf19bb6ad7..fb091f005b 100644
--- a/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
@@ -1,7 +1,7 @@
 ---
 title: Manage the Settings app with Group Policy
 description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
-ms.date: 08/10/2023
+ms.date: 07/01/2024
 ms.topic: conceptual
 ---
 
diff --git a/windows/client-management/client-tools/mandatory-user-profile.md b/windows/client-management/client-tools/mandatory-user-profile.md
index 78e358f1fd..5e64dd2f66 100644
--- a/windows/client-management/client-tools/mandatory-user-profile.md
+++ b/windows/client-management/client-tools/mandatory-user-profile.md
@@ -1,16 +1,13 @@
 ---
 title: Create mandatory user profiles
-description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
-ms.date: 08/10/2023
+description: A mandatory user profile is a special type of preconfigured roaming user profile that administrators can use to specify settings for users.
+ms.date: 07/01/2024
 ms.topic: conceptual
-ms.collection:
-- highpri
-- tier2
 ---
 
 # Create mandatory user profiles
 
-A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but aren't limited to) icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile aren't saved when a mandatory user profile is assigned.
+A mandatory user profile is a roaming user profile that has been preconfigured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but aren't limited to) icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile aren't saved when a mandatory user profile is assigned.
 
 Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles.
 
@@ -118,12 +115,12 @@ In a domain, you modify properties for the user account to point to the mandator
 ### How to apply a mandatory user profile to users
 
 1. Open **Active Directory Users and Computers** (dsa.msc).
-1. Navigate to the user account that you'll assign the mandatory profile to.
+1. Navigate to the user account that you want to assign the mandatory profile to.
 1. Right-click the user name and open **Properties**.
 1. On the **Profile** tab, in the **Profile path** field, enter the path to the shared folder without the extension. For example, if the folder name is `\\server\share\profile.v6`, you would enter `\\server\share\profile`.
 1. Select **OK**.
 
-It may take some time for this change to replicate to all domain controllers.
+It can take some time for this change to replicate to all domain controllers.
 
 ## Apply policies to improve sign-in time
 
diff --git a/windows/client-management/client-tools/quick-assist.md b/windows/client-management/client-tools/quick-assist.md
index 397791e335..91ab1b998a 100644
--- a/windows/client-management/client-tools/quick-assist.md
+++ b/windows/client-management/client-tools/quick-assist.md
@@ -1,9 +1,8 @@
 ---
 title: Use Quick Assist to help users
 description: Learn how IT Pros can use Quick Assist to help users.
-ms.date: 05/09/2024
+ms.date: 07/01/2024
 ms.topic: conceptual
-ms.localizationpriority: medium
 ms.collection:
 - highpri
 - tier1
@@ -107,6 +106,7 @@ For more information, visit [Install Quick Assist](https://support.microsoft.com
 
 To deploy Quick Assist with Intune, see [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft).
 
+<!-- commenting out since Store for Business and Microsoft Store for Education retired May 31, 20203
 ### Install Quick Assist Offline
 
 To install Quick Assist offline, you need to download your APPXBUNDLE and unencoded XML file from [Microsoft Store for Business](https://businessstore.microsoft.com). Visit [Download an offline-licensed app](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app) for more information.
@@ -114,7 +114,7 @@ To install Quick Assist offline, you need to download your APPXBUNDLE and unenco
 1. Start **Windows PowerShell** with Administrative privileges
 1. In PowerShell, change the directory to the location where you saved the file in step 1: `cd <location of package file>`
 1. To install Quick Assist, run the following command: `Add-AppxProvisionedPackage -Online -PackagePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"`
-1. After Quick Assist is installed, run this command to confirm that Quick Assist is installed for the user: `Get-AppxPackage *QuickAssist* -AllUsers`
+1. After Quick Assist is installed, run this command to confirm that Quick Assist is installed for the user: `Get-AppxPackage *QuickAssist* -AllUsers` --> 
 
 ### Microsoft Edge WebView2
 
@@ -134,12 +134,15 @@ Quick Assist for macOS is available for interactions with Microsoft Support. If
 
 ## Disable Quick Assist within your organization
 
-If your organization utilizes another remote support tool such as [Remote Help](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune-remote-help), disable or remove Quick Assist as a best practice, if it isn't used within your environment. This prevents external users from using Quick Assist to gain access to devices within your organization.
+If your organization utilizes another remote support tool such as [Remote Help](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune-remote-help), disable or remove Quick Assist as a best practice, if it isn't used within your environment. This prevents guests from using Quick Assist to gain access to devices within your organization.
 
 ### Disable Quick Assist
 
 To disable Quick Assist, block traffic to the `https://remoteassistance.support.services.microsoft.com` endpoint. This is the primary endpoint used by Quick Assist to establish a session, and once blocked, Quick Assist can't be used to get help or help someone.
 
+> [!NOTE]
+> Blocking the endpoint will disrupt the functionality of Remote Help, as it relies on this endpoint for operation.
+
 ### Uninstall Quick Assist
 
 #### Uninstall via PowerShell
diff --git a/windows/client-management/client-tools/toc.yml b/windows/client-management/client-tools/toc.yml
index 17b21a7926..9600b605e4 100644
--- a/windows/client-management/client-tools/toc.yml
+++ b/windows/client-management/client-tools/toc.yml
@@ -15,7 +15,7 @@ items:
     href: manage-settings-app-with-group-policy.md
   - name: Manage default media removal policy
     href: change-default-removal-policy-external-storage-media.md
-  - name: What version of Windows am I running
-    href: windows-version-search.md
   - name: Windows libraries
     href: windows-libraries.md
+  - name: What version of Windows am I running
+    href: windows-version-search.md
\ No newline at end of file
diff --git a/windows/client-management/client-tools/windows-libraries.md b/windows/client-management/client-tools/windows-libraries.md
index 3486649f20..65a263719f 100644
--- a/windows/client-management/client-tools/windows-libraries.md
+++ b/windows/client-management/client-tools/windows-libraries.md
@@ -2,13 +2,15 @@
 title: Windows Libraries
 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/01/2024
 ---
 
 # Windows libraries
 
 Libraries are virtual containers for users' content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location.
 
+To show libraries in File Explorer, go to **Options**, select the **View** tab, and then select **Show libraries**.
+
 ## Features for Users
 
 Windows libraries provide full content search and rich metadata. Libraries offer the following advantages to users:
diff --git a/windows/client-management/client-tools/windows-version-search.md b/windows/client-management/client-tools/windows-version-search.md
index 2bb838cf72..2c34266131 100644
--- a/windows/client-management/client-tools/windows-version-search.md
+++ b/windows/client-management/client-tools/windows-version-search.md
@@ -1,7 +1,7 @@
 ---
 title: What version of Windows am I running?
 description: Discover which version of Windows you're running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
-ms.date: 08/10/2023
+ms.date: 07/01/2024
 ms.topic: conceptual
 ---
 
@@ -17,8 +17,6 @@ To determine if your device is enrolled in the Long-Term Servicing Channel or th
 
 Select **Start** > **Settings** > **System**, then select **About**. You then see **Edition**, **Version**, and **OS Build** information.
 
-:::image type="content" source="images/systemcollage.png" alt-text="screenshot of the system properties window for a device running Windows 10.":::
-
 ## Using Keyword Search
 
 You can type the following in the search bar and press **ENTER** to see version details for your device.
diff --git a/windows/client-management/config-lock.md b/windows/client-management/config-lock.md
index 30b905a41d..f497c86712 100644
--- a/windows/client-management/config-lock.md
+++ b/windows/client-management/config-lock.md
@@ -2,7 +2,7 @@
 title: Secured-core configuration lock
 description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -63,7 +63,7 @@ The steps to turn on config lock using Microsoft Intune are as follows:
 
 Config lock is designed to ensure that a secured-core PC isn't unintentionally misconfigured. You keep the ability to enable or disable SCPC features, for example, firmware protection. You can make these changes with group policies or MDM services like Microsoft Intune.
 
-:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off.":::
+:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of System Guard protects your device from compromised firmware. The setting is set to Off.":::
 
 ## FAQ
 
diff --git a/windows/client-management/declared-configuration-discovery.md b/windows/client-management/declared-configuration-discovery.md
new file mode 100644
index 0000000000..aabd1dd644
--- /dev/null
+++ b/windows/client-management/declared-configuration-discovery.md
@@ -0,0 +1,197 @@
+---
+title: Windows declared configuration discovery
+description: Learn more about configuring discovery for Windows declared configuration enrollment.
+ms.date: 09/12/2024
+ms.topic: how-to
+---
+
+# Declared configuration discovery
+
+Windows Declared configuration (WinDC) discovery uses a dedicated JSON schema to query enrollment details from the [discovery service endpoint (DS)](/openspecs/windows_protocols/ms-mde2/60deaa44-52df-4a47-a844-f5b42037f7d3#gt_8d76dac8-122a-452b-8c97-b25af916f19b). This process involves sending HTTP requests with specific headers and a JSON body containing details such as user domain, tenant ID, and OS version. The DS responds with the necessary enrollment service URLs and authentication policies based on the enrollment type (Microsoft Entra joined or registered devices).
+
+This article outlines the schema structure for the HTTP request and response bodies, and provides examples to guide the implementation.
+
+## Schema structure
+
+### HTTP request headers
+
+| Header                           | Required | Description                       |
+|----------------------------------|----------|-----------------------------------|
+| `MS-CV: %s`                      | No       | Correlation vector for enrollment |
+| `client-request-id: %s`          | No       | Request ID                        |
+| `Content-Type: application/json` | Yes      | HTTP Content-Type                 |
+
+### HTTP request body (JSON)
+
+| Field | Required | Description |
+|--|--|--|
+| `userDomain` | No | Domain name of the enrolled account |
+| `upn` | No | User Principal Name (UPN) of the enrolled account |
+| `tenantId` | No | Tenant ID of the enrolled account |
+| `emmDeviceId` | No | Enterprise mobility management (EMM) device ID of the enrolled account |
+| `enrollmentType` | Entra joined: No <br>Entra registered: Yes | Enrollment type of the enrolled account. <br><br>Supported Values: <br>- `Device`: Indicates the parent enrollment type is Entra joined (DS response should specify "AuthPolicy": "Federated"). <br>- `User`: Indicates parent enrollment type is Entra registered (DS response should specify "AuthPolicy": "Certificate"). <br>- Legacy case (Entra joined only): If the `enrollmentType` parameter isn't included in the request body, the device should be treated as Entra joined. |
+| `osVersion` | Yes | OS version on the device. The DS can use the `osVersion` to determine if the client platform supports WinDC enrollment. Review [supported platforms](declared-configuration.md#supported-platforms) for details. |
+
+### HTTP DS response body (JSON)
+
+| Field                        | Required | Description                                                                                                                                |
+|------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| `EnrollmentServiceUrl`       | Yes      | URL of the WinDC enrollment service                                                                                       |
+| `EnrollmentVersion`          | No       | Enrollment version                                                                                                                         |
+| `EnrollmentPolicyServiceUrl` | Yes      | Enrollment Policy Service URL                                                                                                              |
+| `AuthenticationServiceUrl`   | Yes      | Authentication Service URL                                                                                                                 |
+| `ManagementResource`         | No       | Management Resource                                                                                                                        |
+| `TouUrl`                     | No       | Terms of use URL                                                                                                                           |
+| `AuthPolicy`                 | Yes      | Authentication policy. Supported values: <br>- `Federated` (required for Entra joined) <br>- `Certificate` (required for Entra registered) |
+| `errorCode`                  | No       | Error code                                                                                                                                 |
+| `message`                    | No       | Status message                                                                                                                             |
+
+## Examples
+
+### Discovery request
+
+**Headers**
+
+`Content-Type: application/json`
+
+**Body**
+
+1. Single template approach: Client sends the **UPN** value in the initial request, along with the **tenantId** parameter.
+
+    1. Microsoft Entra joined:
+
+        ```json
+        {
+            "userDomain" : "contoso.com",
+            "upn" : "johndoe@contoso.com",
+            "tenantId" : "00000000-0000-0000-0000-000000000000",
+            "emmDeviceId" : "00000000-0000-0000-0000-000000000000",
+            "enrollmentType" : "Device",
+            "osVersion" : "10.0.00000.0"
+        }
+        ```
+
+    1. Microsoft Entra registered:
+
+        ```json
+        {
+
+            "userDomain" : "contoso.com",
+            "upn" : "johndoe@contoso.com",
+            "tenantId" : "00000000-0000-0000-0000-000000000000",
+            "emmDeviceId" : "00000000-0000-0000-0000-000000000000",
+            "enrollmentType" : "Device",
+            "osVersion" : "10.0.00000.0"
+        }
+        ```
+
+1. No UPN (legacy)
+
+    1. Microsoft Entra joined:
+
+        ```json
+        {
+            "userDomain" : "contoso.com",
+            "emmDeviceId" : "00000000-0000-0000-0000-000000000000",
+            "enrollmentType" : "Device",
+            "osVersion" : "10.0.00000.0"
+        }
+        ```
+
+    1. Microsoft Entra registered:
+
+        ```json
+        {
+            "userDomain" : "contoso.com",
+            "emmDeviceId" : "00000000-0000-0000-0000-000000000000",
+            "enrollmentType" : "User",
+            "osVersion" : "10.0.00000.0"
+        }
+        ```
+
+1. UPN requested by the server (legacy format). Review [error handling](#error-handling) for details on how the server can request UPN data if it isn't provided in the initial request.
+
+    1. Microsoft Entra joined:
+
+        ```json
+        {
+            "upn" : "johndoe@contoso.com",
+            "emmDeviceId" : "00000000-0000-0000-0000-000000000000",
+            "enrollmentType" : "Device",
+            "osVersion" : "10.0.00000.0"
+        }
+        ```
+
+    1. Microsoft Entra registered:
+
+        ```json
+        {
+            "upn" : "johndoe@contoso.com",
+            "emmDeviceId" : "00000000-0000-0000-0000-000000000000",
+            "enrollmentType" : "User",
+            "osVersion" : "10.0.00000.0"
+        }
+        ```
+
+### Discovery response
+
+**Headers**
+
+`Content-Type: application/json`
+
+**Body**
+
+1. Microsoft Entra joined (requires `"AuthPolicy": "Federated"`):
+
+    ```json
+    {
+        "EnrollmentServiceUrl" : "https://manage.contoso.com/Enrollment/Discovery",
+        "EnrollmentPolicyServiceUrl" : "https://manage.contoso.com/Enrollment/GetPolicies",
+        "AuthenticationServiceUrl" : "https://manage.contoso.com/Enrollment/AuthService",
+        "AuthPolicy" : "Federated",
+        "ManagementResource":"https://manage.contoso.com",
+        "TouUrl" : "https://manage.contoso.com/Enrollment/tou.aspx"
+    }
+    ```
+
+1. Microsoft Entra registered (requires `"AuthPolicy": "Certificate"`):
+
+    ```json
+    {
+        "EnrollmentServiceUrl" : "https://manage.contoso.com/Enrollment/Discovery",
+        "EnrollmentPolicyServiceUrl" : "https://manage.contoso.com/Enrollment/GetPolicies",
+        "AuthenticationServiceUrl" : "https://manage.contoso.com/Enrollment/AuthService",
+        "AuthPolicy" : "Certificate",
+        "ManagementResource":"https://manage.contoso.com",
+        "TouUrl" : "https://manage.contoso.com/Enrollment/tou.aspx"
+    }
+    ```
+
+### Authentication
+
+WinDC enrollment requires different authentication mechanisms for Microsoft Entra joined and registered devices. The WinDC DS must integrate with the authentication model by specifying the appropriate `AuthPolicy` value in the discovery response, based on the `enrollmentType` property of the request.
+
+- **Microsoft Entra joined devices** use **Federated** authentication (Entra device token).
+- **Microsoft Entra registered devices** use **Certificate** authentication (MDM certificate provisioned for the parent enrollment).
+
+#### Rules
+
+- **For Microsoft Entra joined devices**:
+    - **Discovery request**: `"enrollmentType": "Device"`
+    - **Discovery response**: `"AuthPolicy": "Federated"`
+    - **Authentication**: The client uses the Entra device token to authenticate with the WinDC enrollment server.
+
+- **For legacy cases (where `enrollmentType` value is empty)**:
+    - **Discovery request**: `"enrollmentType": ""`
+    - **Discovery response**: `"AuthPolicy": "Federated"`
+    - **Authentication**: The client uses the Entra device token to authenticate with the WinDC enrollment server.
+
+- **For Microsoft Entra registered devices**:
+    - **Discovery request**: `"enrollmentType": "User"`
+    - **Discovery response**: `"AuthPolicy": "Certificate"`
+    - **Authentication**: The client uses the MDM certificate from the parent enrollment to authenticate with the WinDC enrollment server.
+
+## Error handling
+
+- **UPNRequired**: If no UPN value is provided in the discovery request, the DS can set the `errorCode` to **UPNRequired** in the response to trigger the client to retry the request with a UPN value, if available.
+- **WINHTTP_QUERY_RETRY_AFTER**: The server can set this flag to configure the client request to retry after a specified delay. This flag is useful for handling timeout or throttling scenarios.
\ No newline at end of file
diff --git a/windows/client-management/declared-configuration-enrollment.md b/windows/client-management/declared-configuration-enrollment.md
new file mode 100644
index 0000000000..45ba4643d2
--- /dev/null
+++ b/windows/client-management/declared-configuration-enrollment.md
@@ -0,0 +1,51 @@
+---
+title: Windows declared configuration enrollment
+description: Learn more about configuring enrollment for Windows declared configuration protocol.
+ms.date: 09/12/2024
+ms.topic: how-to
+---
+
+# Declared configuration enrollment
+
+Windows declared configuration (WinDC) enrollment uses new [DMClient CSP](mdm/dmclient-csp.md) policies to facilitate dual enrollment for Windows devices. This process involves setting specific configuration service provider (CSP) policies and executing SyncML commands to manage the enrollment state.
+
+The key CSP policies used for WinDC enrollment include:
+
+- [LinkedEnrollment/Enroll](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentenroll)
+- [LinkedEnrollment/Unenroll](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentunenroll)
+- [LinkedEnrollment/EnrollStatus](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentenrollstatus)
+- [LinkedEnrollment/LastError](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentlasterror)
+- [LinkedEnrollment/DiscoveryEndpoint](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentdiscoveryendpoint)
+
+The following SyncML example sets **LinkedEnrolment/DiscoveryEndpoint** and triggers **LinkedEnrollment/Enroll**:
+
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.1">
+    <SyncBody>
+        <Replace>
+           <CmdID>2</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>./Device/Vendor/MSFT/DMClient/Provider/MS%20DM%20SERVER/LinkedEnrollment/DiscoveryEndpoint</LocURI>
+                </Target>
+         <Data>https://discovery.dm.microsoft.com/EnrollmentConfiguration?api-version=1.0</Data>
+            </Item>
+        </Replace>
+        <Final/>
+    </SyncBody>
+</SyncML>
+
+<SyncML xmlns="SYNCML:SYNCML1.1">
+    <SyncBody>
+        <Exec>
+            <CmdID>2</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>./Device/Vendor/MSFT/DMClient/Provider/MS%20DM%20SERVER/LinkedEnrollment/Enroll</LocURI>
+                </Target>
+           </Item>
+        </Exec>
+        <Final/>
+    </SyncBody>
+</SyncML>
+```
diff --git a/windows/client-management/declared-configuration-extensibility.md b/windows/client-management/declared-configuration-extensibility.md
index 3121be77f0..bb2faea5f1 100644
--- a/windows/client-management/declared-configuration-extensibility.md
+++ b/windows/client-management/declared-configuration-extensibility.md
@@ -1,13 +1,13 @@
 ---
-title: Declared configuration extensibility
-description: Learn more about declared configuration extensibility through native WMI providers.
-ms.date: 09/26/2023
+title: Windows declared configuration extensibility
+description: Learn more about Windows declared configuration extensibility through native WMI providers.
+ms.date: 09/12/2024
 ms.topic: how-to
 ---
 
-# Declared configuration extensibility providers
+# Declared configuration extensibility
 
-The declared configuration enrollment, which supports the declared configuration client stack, offers extensibility through native WMI providers. This feature instantiates and interfaces with a Windows Management Instrumentation (WMI) provider that has implemented a management infrastructure (MI) interface. The interface must implement GetTargetResource, TestTargetResource, and SetTargetResource methods, and may implement any number of string properties.
+The Windows declared configuration (WinDC) enrollment offers extensibility through native WMI providers. This feature instantiates and interfaces with a Windows Management Instrumentation (WMI) provider that implements a management infrastructure (MI) interface. The interface must implement GetTargetResource, TestTargetResource, and SetTargetResource methods, and can implement any number of string properties.
 
 > [!NOTE]
 > Only string properties are currently supported by extensibility providers.
@@ -51,14 +51,14 @@ uint32 SetTargetResource(
 
 To create a native WMI provider, follow the steps outlined in [How to implement an MI provider](/previous-versions/windows/desktop/wmi_v2/how-to-implement-an-mi-provider). These steps include how to generate the source code for an MI interface using the `Convert-MofToProvider.exe` tool to generate the DLL and prepare it for placement.
 
-1. Create a MOF file that defines the schema for the desired state configuration resource including parameters and methods. This file includes the required parameters for the resource.
+1. Create a Managed Object Format (MOF) file that defines the schema for the desired state configuration resource including parameters and methods. This file includes the required parameters for the resource.
 2. Copy the schema MOF file along with any required files into the provider tools directory, for example: ProviderGenerationTool.
 3. Edit the required files and include the correct file names and class names.
 4. Invoke the provider generator tool to generate the provider's project files.
 5. Copy the generated files into the provider's project folder.
 6. Start the development process.
 
-## Example
+## Example MI provider
 
 This example provides more details about each step to demonstrate how to implement a sample native resource named `MSFT_FileDirectoryConfiguration`.
 
@@ -235,15 +235,180 @@ The `MSFT_FileDirectoryConfiguration_Invoke_GetTargetResource` function does the
 
 1. Clean up resources, for example, free allocated memory.
 
+## WinDC document
+
+> [!IMPORTANT]
+> The target of the scenario settings can only be device wide for extensibility. The CSP **scope** defined in `<LocURI>` and WinDC **context** must be `Device`.
+
+The value of the `Document` leaf node in the [DeclaredConfiguration CSP](mdm/declaredconfiguration-csp.md) is an XML document that describes the request. Here's a sample WinDC document with the configuration data specified for extensibility.
+
+```xml
+<DeclaredConfiguration schema="1.0" context="Device" id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2" checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999" osdefinedscenario="MSFTExtensibilityMIProviderConfig">
+    <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration">
+        <Key name="DestinationPath">c:\data\test\bin\ut_extensibility.tmp</Key>
+        <Value name="Contents">TestFileContent1</Value>
+    </DSC>
+</DeclaredConfiguration>
+```
+
+Only supported values for `osdefinedscenario` can be used. Unsupported values result in an error message similar to `Invalid scenario name`.
+
+| osdefinedscenario                    | Description                                  |
+|--------------------------------------|----------------------------------------------|
+| MSFTExtensibilityMIProviderConfig    | Used to configure MI provider settings.      |
+| MSFTExtensibilityMIProviderInventory | Used to retrieve MI provider setting values. |
+
+Both `MSFTExtensibilityMIProviderConfig` and `MSFTExtensibilityMIProviderInventory` scenarios that require the same tags and attributes.
+
+- The `<DSC>` XML tag describes the targeted WMI provider expressed by a namespace and class name along with the values either to be applied to the device or queried by the MI provider.
+
+    This tag has the following attributes:
+
+    | Attribute | Description |
+    |--|--|
+    | `namespace` | Specifies the targeted MI provider namespace. |
+    | `classname` | The targeted MI provider. |
+
+- The `<Key>` XML tag describes the required parameter name and value. It only needs a value for configuration. The name is an attribute and the value is `<Key>` content.
+
+    This tag has the following attributes:
+
+    | Attribute | Description |
+    |--|--|
+    | `name` | Specifies the name of an MI provider parameter. |
+
+- The `<Value>` XML tag describes the optional parameter name and value. It only needs a value for configuration. The name is an attribute and the value is `<Value>` content.
+
+    This tag has the following attributes:
+
+    | Attribute | Description |
+    |--|--|
+    | `name` | Specifies the name of an MI provider parameter. |
+
+## SyncML examples
+
+The standard OMA-DM SyncML syntax is used to specify the DeclaredConfiguration CSP operations such as **Replace**, **Add**, and **Delete**. The payload of the SyncML's `<Data>` element must be XML-encoded. For this XML encoding, there are various online encoders that you can use. To avoid encoding the payload, you can use [CDATA Section](https://www.w3.org/TR/REC-xml/#sec-cdata-sect) as shown in the following SyncML examples.
+
+### Configuration request
+
+This example demonstrates how to send a configuration request using the `MSFT_FileDirectoryConfiguration` MI provider with the `MSFTExtensibilityMIProviderConfig` scenario.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>14</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
+        </Target>
+        <Data><![CDATA[
+            <DeclaredConfiguration schema="1.0" context="Device" id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2" checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999" osdefinedscenario="MSFTExtensibilityMIProviderConfig">
+                <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration">
+                    <Key name="DestinationPath">c:\data\test\bin\ut_extensibility.tmp</Key>
+                    <Value name="Contents">TestFileContent1</Value>
+                </DSC>
+            </DeclaredConfiguration>
+        ]]></Data>
+      </Item>
+    </Replace>
+  </SyncBody>
+</SyncML>
+```
+
+### Inventory request
+
+This example demonstrates how to send an inventory request using the MSFT_FileDirectoryConfiguration MI provider with the MSFTExtensibilityMIProviderInventory scenario.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>15</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Inventory/Documents/12345678-1234-1234-1234-123456789012/Document</LocURI>
+        </Target>
+        <Data><![CDATA[
+            <DeclaredConfiguration schema="1.0" context="Device" id="12345678-1234-1234-1234-123456789012" checksum="1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF" osdefinedscenario="MSFTExtensibilityMIProviderInventory">
+                <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration">
+                    <Key name="DestinationPath">c:\data\test\bin\ut_extensibility.tmp</Key>
+                </DSC>
+            </DeclaredConfiguration>
+        ]]></Data>
+      </Item>
+    </Replace>
+  </SyncBody>
+</SyncML>
+```
+
+### Retrieve results
+
+This example retrieves the results of a configuration or inventory request:
+
+**Request**:
+
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.1">
+    <SyncBody>
+    <Get>
+        <CmdID>2</CmdID>
+        <Item>
+        <Meta>
+            <Format>chr</Format>
+            <Type>text/plain</Type>
+        </Meta>
+        <Target>
+            <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Results/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
+        </Target>
+        </Item>
+    </Get>
+    <Final />
+    </SyncBody>
+</SyncML>
+```
+
+**Response**:
+
+```xml
+<Status>
+    <CmdID>2</CmdID>
+    <MsgRef>1</MsgRef>
+    <CmdRef>2</CmdRef>
+    <Cmd>Get</Cmd>
+    <Data>200</Data>
+</Status>
+<Results>
+    <CmdID>3</CmdID>
+    <MsgRef>1</MsgRef>
+    <CmdRef>2</CmdRef>
+    <Item>
+        <Source>
+            <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Results/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
+        </Source>
+        <Data>
+            <DeclaredConfigurationResult context="Device" schema="1.0" id="99988660-9080-3433-96e8-f32e85011999" osdefinedscenario="MSFTPolicies" checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999" result_checksum="EE4F1636201B0D39F71654427E420E625B9459EED17ACCEEE1AC9B358F4283FD" operation="Set" state="60">
+                <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration" status="200" state="60">
+                    <Key name="DestinationPath" />
+                    <Value name="Contents" />
+                </DSC>
+            </DeclaredConfigurationResult>
+        </Data>
+    </Item>
+</Results>
+```
+
 ## MI implementation references
 
-- [Introducing the management infrastructure (MI) API](/archive/blogs/wmi/introducing-new-management-infrastructure-mi-api)
-- [Implementing MI provider (1) - Overview](/archive/blogs/wmi/implementing-mi-provider-1-overview)
-- [Implementing MI provider (2) - Define schema](/archive/blogs/wmi/implementing-mi-provider-2-define-schema)
-- [Implementing MI provider (3) - Generate code](/archive/blogs/wmi/implementing-mi-provider-3-generate-code)
-- [Implementing MI provider (4) - Generate code (continue)](/archive/blogs/wmi/implementing-mi-provider-4-generate-code-continute)
-- [Implementing MI provider (5) - Implement](/archive/blogs/wmi/implementing-mi-provider-5-implement)
-- [Implementing MI provider (6) - Build, register, and debug](/archive/blogs/wmi/implementing-mi-provider-6-build-register-and-debug)
+- [Management infrastructure (MI) API](/archive/blogs/wmi/introducing-new-management-infrastructure-mi-api)
+- [MI provider (1) - Overview](/archive/blogs/wmi/implementing-mi-provider-1-overview)
+- [MI provider (2) - Define schema](/archive/blogs/wmi/implementing-mi-provider-2-define-schema)
+- [MI provider (3) - Generate code](/archive/blogs/wmi/implementing-mi-provider-3-generate-code)
+- [MI provider (4) - Generate code (continue)](/archive/blogs/wmi/implementing-mi-provider-4-generate-code-continute)
+- [MI provider (5) - Implement](/archive/blogs/wmi/implementing-mi-provider-5-implement)
+- [MI provider (6) - Build, register, and debug](/archive/blogs/wmi/implementing-mi-provider-6-build-register-and-debug)
 - [MI interfaces](/previous-versions/windows/desktop/wmi_v2/mi-interfaces)
 - [MI datatypes](/previous-versions/windows/desktop/wmi_v2/mi-datatypes)
 - [MI structures and unions](/previous-versions/windows/desktop/wmi_v2/mi-structures-and-unions)
diff --git a/windows/client-management/declared-configuration-resource-access.md b/windows/client-management/declared-configuration-resource-access.md
new file mode 100644
index 0000000000..d414e05b95
--- /dev/null
+++ b/windows/client-management/declared-configuration-resource-access.md
@@ -0,0 +1,463 @@
+---
+title: Windows declared configuration resource access
+description: Learn more about configuring resource access using Windows declared Configuration.
+ms.date: 09/12/2024
+ms.topic: how-to
+---
+
+# Declared configuration resource access
+
+Windows declared configuration (WinDC) resource access is used to manage device configurations and enforce policies to ensure the devices remain in a desired state. It's crucial for maintaining security, compliance, and operational efficiency in organizations. WinDC cloud service is used to send the desired state of a resource to the device where correspondingly the device has the responsibility to enforce and maintain the resource configuration state.
+
+[Configuration Service Providers (CSPs)](mdm/index.yml) play a vital role for configuring Resource access and act as an interface between the device and the WinDC protocol. They provide a consistent and standardized approach to deploying and enforcing configurations. CSPs support various resource access scenarios, including:
+
+- [VPNv2 CSP](mdm/vpnv2-csp.md) and [VPN CSP](mdm/vpn-csp.md)
+- [Wi-Fi CSP](mdm/wifi-csp.md)
+- [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md)
+- [ActiveSync CSP](mdm/activesync-csp.md)
+- [WiredNetwork CSP](mdm/wirednetwork-csp.md)
+- [RootCACertificates CSP](mdm/rootcacertificates-csp.md)
+
+The WinDC stack on the device processes configuration requests and maintains the desired state, which is key to RA. The efficiency, accuracy, and enforcement of configuration requests are critical for effective RA. Resource access integrates seamlessly with WinDC, providing an extended method for managing devices through the cloud with enhanced scalability and efficiency.
+
+- **Efficiency**: Batch-based processing minimizes server resource usage and reduces latency.
+- **Accuracy**: WinDC client stack understands the device's configuration surface area, enabling effective handling of continuous updates. It ensures precise execution of configuration changes communicated by the cloud service.
+- **Policy Enforcement**: Apply and maintain organizational policies across devices consistently and at scale, ensuring compliance and uniform configuration. This aspect allows organizations to maintain the desired security posture across devices.
+
+## Resource access guidelines
+
+These guidelines provide best practices and examples for developers and testers to implement resource access (RA) configurations in a secure, efficient, and consistent manner. They aim to enhance network security and optimize resource access for end users while adhering to policies and compliance requirements.
+
+- **Configuration Integrity**: To support uninterrupted and secure resource access, ensure consistent configurations across devices and users.
+- **State Validation**: Monitor the state of configurations to verify the correct application of resource access settings.
+- **Profile Management**: Effectively manage user profiles by adding, updating, and deleting as needed, to control access to resources and maintain security.
+- **Log and Audit**: Utilize logs and audit trails for operations and changes to aid in troubleshooting and compliance.
+- **Drift Detection and Remediation**: To maintain compliance with RA policies, continuously monitor drift (changes in configuration or behavior) and take corrective action.
+- **Security and Privacy**: To protect user data and resources, implement strong security and privacy measures in configurations.
+
+By following these guidelines and understanding the syntax of the [DeclaredConfiguration CSP](mdm/declaredconfiguration-csp.md), you can effectively implement and manage RA configurations while maintaining security and compliance.
+
+## WinDC document
+
+The value of the `Document` leaf node in the [DeclaredConfiguration CSP](mdm/declaredconfiguration-csp.md) is an XML document that describes the request. Here's a sample WinDC document with the configuration data specified for resource access.
+
+```xml
+<DeclaredConfiguration context="user" schema="1.0" id="DCA000B5-397D-40A1-AABF-40B25078A7F9" osdefinedscenario="MSFTVPN" checksum="A0">
+  <CSP name="./Vendor/MSFT/VPNv2">
+    <URI path="Test_SonicWall/TrafficFilterList/0/Protocol" type="int">2</URI>
+    <URI path="Test_SonicWall/TrafficFilterList/0/Direction" type="chr">outbound</URI>
+  </CSP>
+</DeclaredConfiguration>
+```
+
+Only supported values for `osdefinedscenario` can be used. Unsupported values result in an error message similar to `Invalid scenario name`.
+
+| osdefinedscenario            | Recommended using with        |
+|------------------------------|-------------------------------|
+| MSFTWiredNetwork             | WiredNetwork                  |
+| MSFTResource                 | ActiveSync                    |
+| MSFTVPN                      | VPN and VPNv2                 |
+| MSFTWifi                     | Wifi                          |
+| MSFTInventory                | Certificate inventory         |
+| MSFTClientCertificateInstall | SCEP, PFX, Bulk Template Data |
+
+These `osdefinedscenario` values require the following tags and attributes.
+
+- The `<CSP>` XML tag describes the CSP being targeted.
+
+    This tag has the following attributes:
+
+    | Attribute | Description |
+    |--|--|
+    | `name` | Specifies the targeted CSP OMA-URI. |
+
+- The `<URI>` XML tag specifies the CSP setting node along with the desired value.
+
+    This tag has the following attributes:
+
+    | Attribute | Description       |
+    |-----------|-------------------|
+    | `path`    | Setting path      |
+    | `type`    | Setting data type |
+
+> [!NOTE]
+> The target of the scenario settings must match the WinDC context. The CSP **scope** defined in `<LocURI>` and WinDC **context** must both be either `Device` or `User`.
+>
+> :::image type="content" source="images/declared-configuration-ra-syntax.png" alt-text="WinDC resource access syntax":::
+
+### osdefinedscenario examples
+
+- Partial `MSFTWifi` example for Wifi:
+
+    ```xml
+    <DeclaredConfiguration context="Device" schema="1.0" id="10249228-e719-58bf-b459-060de45240f1" osdefinedscenario="MSFTWifi" checksum="11111111">
+    <CSP name="./Vendor/MSFT/WiFi">
+    ```
+
+- Partial `MSFTResource` example for ActiveSync:
+
+    ```xml
+    <DeclaredConfiguration context="User" schema="1.0" id="33333333-1861-4131-96e8-44444444" osdefinedscenario="MSFTResource" checksum="5555">
+    <CSP name="./Vendor/MSFT/ActiveSync">
+    ```
+
+## SyncML examples
+
+The standard OMA-DM SyncML syntax is used to specify the DeclaredConfiguration CSP operations such as **Replace**, **Add**, and **Delete**. The payload of the SyncML's `<Data>` element must be XML-encoded. For this XML encoding, there are various online encoders that you can use. To avoid encoding the payload, you can use [CDATA Section](https://www.w3.org/TR/REC-xml/#sec-cdata-sect) as shown in the following SyncML examples.
+
+### Configure a VPNv2 profile for resource access
+
+This example demonstrates how to use the [VPNv2 CSP](mdm/vpnv2-csp.md) to configure a VPN profile named **Test_SonicWall** on the device in the **User** scope.
+
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>2</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./User/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/DCA000B5-397D-40A1-AABF-40B25078A7F9/Document</LocURI>
+        </Target>
+        <Data><![CDATA[<?xml version="1.0" encoding="utf-8"?>
+            <DeclaredConfiguration context="user" schema="1.0" id="DCA000B5-397D-40A1-AABF-40B25078A7F9" osdefinedscenario="MSFTVPN" checksum="A0">
+                <CSP name="./Vendor/MSFT/VPNv2">
+                    <URI path="Test_SonicWall/TrafficFilterList/0/Protocol" type="int">2</URI>
+                    <URI path="Test_SonicWall/TrafficFilterList/0/Direction" type="chr">outbound</URI>
+                    <URI path="Test_SonicWall/TrafficFilterList/1/Protocol" type="int">6</URI>
+                    <URI path="Test_SonicWall/TrafficFilterList/1/LocalPortRanges" type="chr">43-54</URI>
+                    <URI path="Test_SonicWall/TrafficFilterList/1/RemotePortRanges" type="chr">243-456</URI>
+                    <URI path="Test_SonicWall/TrafficFilterList/1/Direction" type="chr">outbound</URI>
+                    <URI path="Test_SonicWall/EdpModeId" type="chr">wip.contoso.com</URI>
+                    <URI path="Test_SonicWall/RememberCredentials" type="bool">true</URI>
+                    <URI path="Test_SonicWall/AlwaysOn" type="bool">true</URI>
+                    <URI path="Test_SonicWall/Proxy/AutoConfigUrl" type="chr">https://auto.proxy.com</URI>
+                    <URI path="Test_SonicWall/DeviceCompliance/Enabled" type="bool">true</URI>
+                    <URI path="Test_SonicWall/DeviceCompliance/Sso/Enabled" type="bool">false</URI>
+                    <URI path="Test_SonicWall/PluginProfile/ServerUrlList" type="chr">23.54.3.6;server1,vpn.contoso.com;server2</URI>
+                    <URI path="Test_SonicWall/PluginProfile/CustomConfiguration" type="chr">&lt;custom&gt;&lt;/custom&gt;</URI>
+                    <URI path="Test_SonicWall/PluginProfile/PluginPackageFamilyName" type="chr">SonicWALL.MobileConnect_e5kpm93dbe93j</URI>
+                </CSP>
+            </DeclaredConfiguration>
+        ]]></Data>
+      </Item>
+    </Replace>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+<!--
+> [!NOTE]
+>
+> - Format of the `<LocURI>` and `<DeclaredConfiguration>` follow the [DeclaredConfiguration CSP](mdm/declaredconfiguration-csp.md) syntax.
+> - The `id` of `<DeclaredConfiguration>` should be a unique string.
+> - `<Format>` of `<Meta>` should be `chr` and `<Type>` should be `text/plain`.
+-->
+
+### Updating a VPNv2 profile for resource access
+
+This example demonstrates how to use the same WinDC **Document ID**, but with a new checksum("A3"). It installs a new VPNv2 profile named `Test_SonicwallNew`, and deletes the old profile.
+
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>2</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./User/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/DCA000B5-397D-40A1-AABF-40B25078A7F9/Document</LocURI>
+        </Target>
+        <Data><![CDATA[<?xml version="1.0" encoding="utf-8"?>
+            <DeclaredConfiguration context="user" schema="1.0" id="DCA000B5-397D-40A1-AABF-40B25078A7F9" osdefinedscenario="MSFTVPN" checksum="A3">
+                <CSP name="./Vendor/MSFT/VPNv2">
+                    <URI path="Test_SonicWallNew/TrafficFilterList/0/Protocol" type="int">2</URI>
+                    <URI path="Test_SonicWallNew/TrafficFilterList/0/Direction" type="chr">outbound</URI>
+                    <URI path="Test_SonicWallNew/EdpModeId" type="chr">wip.contoso.com</URI>
+                    <URI path="Test_SonicWallNew/RememberCredentials" type="bool">true</URI>
+                    <URI path="Test_SonicWallNew/AlwaysOn" type="bool">false</URI>
+                    <URI path="Test_SonicWallNew/Proxy/AutoConfigUrl" type="chr">https://auto.proxy.com</URI>
+                    <URI path="Test_SonicWallNew/DeviceCompliance/Enabled" type="bool">true</URI>
+                    <URI path="Test_SonicWallNew/DeviceCompliance/Sso/Enabled" type="bool">false</URI>
+                    <URI path="Test_SonicWallNew/PluginProfile/ServerUrlList" type="chr">23.54.3.8;server1,vpn2.contoso.com;server2</URI>
+                    <URI path="Test_SonicWallNew/PluginProfile/PluginPackageFamilyName" type="chr">SonicWALL.MobileConnect_e5kpm93dbe93j</URI>
+                </CSP>
+            </DeclaredConfiguration>
+        ]]></Data>
+      </Item>
+    </Replace>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+### Getting the VPNv2 profile
+
+This example demonstrates how to use `<Get>` to retrieve the results of the WinDC request.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Get>
+      <CmdID>1</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./User/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Results/DCA000B5-397D-40A1-AABF-40B25078A7F9/Document</LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+**Response**:
+
+```xml
+<SyncML xmlns:msft="http://schemas.microsoft.com/MobileDevice/MDM">
+  <SyncHdr />
+  <SyncBody>
+    <Status>
+      <CmdID>1</CmdID>
+      <MsgRef>1</MsgRef>
+      <CmdRef>0</CmdRef>
+      <Cmd>SyncHdr</Cmd>
+      <Data>200</Data>
+    </Status>
+    <Status>
+      <CmdID>2</CmdID>
+      <MsgRef>1</MsgRef>
+      <CmdRef>2</CmdRef>
+      <Cmd>Get</Cmd>
+      <Data>200</Data>
+    </Status>
+    <Results>
+      <CmdID>3</CmdID>
+      <MsgRef>1</MsgRef>
+      <CmdRef>2</CmdRef>
+      <Item>
+        <Source>
+          <LocURI>./User/Vendor/MSFT/DeclaredConfiguration/Host/BulkTemplate/Results/DCA000B5-397D-40A1-AABF-40B25078A7F9/Document</LocURI>
+        </Source>
+        <Data>&lt;DeclaredConfigurationResult context="user" schema="1.0" id="DCA000B5-397D-40A1-AABF-40B25078A7F9" osdefinedscenario="MSFTVPN" checksum="A3" result_checksum="9D2ED497C12D2FCEE1C45158D1F7ED8E2DACE210A0B8197A305417882991C978" result_timestamp="2024-08-06T13:54:38Z" operation="Set" state="60"&gt;&lt;CSP name="./Vendor/MSFT/VPNv2" state="60"&gt;&lt;URI path="Test_SonicWallNew/TrafficFilterList/0/Protocol" status="200" state="60" type="int" /&gt;&lt;URI path="Test_SonicWallNew/TrafficFilterList/0/Direction" status="200" state="60" type="chr" /&gt;&lt;URI path="Test_SonicWallNew/EdpModeId" status="200" state="60" type="chr" /&gt;&lt;URI path="Test_SonicWallNew/RememberCredentials" status="200" state="60" type="bool" /&gt;&lt;URI path="Test_SonicWallNew/AlwaysOn" status="200" state="60" type="bool" /&gt;&lt;URI path="Test_SonicWallNew/Proxy/AutoConfigUrl" status="200" state="60" type="chr" /&gt;&lt;URI path="Test_SonicWallNew/DeviceCompliance/Enabled" status="200" state="60" type="bool" /&gt;&lt;URI path="Test_SonicWallNew/DeviceCompliance/Sso/Enabled" status="200" state="60" type="bool" /&gt;&lt;URI path="Test_SonicWallNew/PluginProfile/ServerUrlList" status="200" state="60" type="chr" /&gt;&lt;URI path="Test_SonicWallNew/PluginProfile/PluginPackageFamilyName" status="200" state="60" type="chr" /&gt;&lt;/CSP&gt;&lt;/DeclaredConfigurationResult&gt;</Data>
+      </Item>
+    </Results>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+> [!TIP]
+> To understand the state values, see [WinDC states](mdm/declaredconfiguration-csp.md#windc-states).
+
+### Deleting the VPNv2 profile
+
+This example demonstrates how to use `<Delete>` to remove the configuration request to set the VPNv2 profile.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Delete>
+      <CmdID>1</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./User/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/DCA000B5-397D-40A1-AABF-40B25078A7F9/Document</LocURI>
+        </Target>
+      </Item>
+    </Delete>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+## Resource ownership
+
+MDM-managed resources, such as a VPN profile, are transferred/migrated to WinDC management when a WinDC document is sent to the device for the same resource. This resource stays under WinDC management until the WinDC document is [deleted](mdm/declaredconfiguration-csp.md#delete-a-windc-document) or [abandoned](mdm/declaredconfiguration-csp.md#abandon-a-windc-document). Otherwise, when MDM tries to manage the same resource via the legacy MDM channel using SyncML, it fails with error 0x86000031.
+
+`MDM ConfigurationManager: Command failure status. Configuraton Source ID: (29c383c5-6e2d-43bf-a741-c63cb7516bb4), Enrollment Type: (MDMDeviceWithAAD), CSP Name: (ActiveSync), Command Type: (Add: from Replace or Add), CSP URI: (./User/Vendor/MSFT/ActiveSync/Accounts/{3b8b9d4d-a24e-4c6d-a460-034d0bfb9316}), Result: (Unknown Win32 Error code: 0x86000031).`
+
+## Bulk template data
+
+The Bulk template data scenario extends beyond the regular [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md). It uses a special bulk template document type. This section covers the structure, specification, and results of using the bulk template data.
+
+### Template document
+
+A PFXImport template document contains the structure necessary for importing certificates in bulk. The document should define the necessary fields, and the format required for the bulk import.
+
+- The document type must be `BulkTemplate`.
+- The URI path is different than the regular URIs by using the `@#pfxThumbprint#` syntax, it declares that it's a dynamic node. [Instance data](#template-data) for dynamic nodes is sent later using `BulkVariables`. Each dynamic node might contain dynamic subnodes, such as the `@#pfxBlob#` and `#@pfxPassword#` nodes in this example.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>2</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/BulkTemplate/Documents/47e88660-1861-4131-96e8-f32e85011e55/Document</LocURI>
+        </Target>
+        <Data><![CDATA[<?xml version="1.0" encoding="utf-8"?>
+            <DeclaredConfiguration context="Device" schema="1.0" id="47e88660-1861-4131-96e8-f32e85011e55" osdefinedscenario="MSFTResource" checksum="FF356C2C71F6A41F9AB4A601AD00C8B5BC7531576233010B13A221A9FE1BE7A0">
+                <ReflectedProperties>
+                    <Property name="foo" type="chr">foovalue</Property>
+                    <Property name="bar" type="chr">barvalue</Property>
+                </ReflectedProperties>
+                <CSP name="./Vendor/MSFT/ClientCertificateInstall">
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/KeyLocation" type="Int">2</URI>
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/PFXCertBlob" type="chr">@#pfxBlob#</URI>
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/PFXCertPassword" type="chr">@#pfxPassword#</URI>
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/PFXKeyExportable" type="bool">True</URI>
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/PfxCertPasswordEncryptionType" type="int">0</URI>
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/PfxCertPasswordEncryptionStore" type="chr">SomeValue</URI>
+                    <URI path="PFXCertInstall/@#pfxThumbprint#/ContainerName" type="chr"></URI>
+                </CSP>
+            </DeclaredConfiguration>
+        ]]></Data>
+      </Item>
+    </Replace>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+### Template data
+
+The bulk template data specifies the certificates to be imported in a base64 encoded format using the `BulkVariables` URI under the `BulkTemplate`. The template data document can contain multiple instances. Each instance must specify all the subinstance data.
+
+In this example, there are two instances. Each instance defines values for **pfxThumbprint**, a **pfxBlob, and a **pfxPassword**.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>3</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/BulkTemplate/Documents/47e88660-1861-4131-96e8-f32e85011e55/BulkVariables/Value</LocURI>
+        </Target>
+        <Data><![CDATA[
+            <InstanceBlob schema="1.0">
+                <Instance>
+                    <InstanceData variable="pfxThumbprint">813A171D7341E1DA90D4A01878DD5328D3519006</InstanceData>
+                    <InstanceData variable="pfxBlob">pfxbase64BlobValue1</InstanceData>
+                    <InstanceData variable="pfxPassword">Password1</InstanceData>
+                </Instance>
+                <Instance>
+                    <InstanceData variable="pfxThumbprint">813A171D7341E1DA90D4A01878DD5328D3519007</InstanceData>
+                    <InstanceData variable="pfxBlob">pfxbase64BlobValue2</InstanceData>
+                    <InstanceData variable="pfxPassword">Password2</InstanceData>
+                </Instance>
+            </InstanceBlob>
+        ]]></Data>
+      </Item>
+    </Replace>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+### Template results
+
+When the bulk template data document is successfully processed, the specified certificates are imported into the defined stores with the provided passwords and key locations.
+
+- Successful Import: The certificates are correctly imported into the device's certificate stores.
+- Error Handling: Any errors encountered during the import process include relevant status codes or messages for troubleshooting.
+
+**Request**:
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Get>
+      <CmdID>2</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/BulkTemplate/Results/47e88660-1861-4131-96e8-f32e85011e55/Document</LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+**Response**:
+
+```xml
+<SyncML xmlns:msft="http://schemas.microsoft.com/MobileDevice/MDM">
+  <SyncHdr />
+  <SyncBody>
+    <Status>
+      <CmdID>1</CmdID>
+      <MsgRef>1</MsgRef>
+      <CmdRef>0</CmdRef>
+      <Cmd>SyncHdr</Cmd>
+      <Data>200</Data>
+    </Status>
+    <Status>
+      <CmdID>2</CmdID>
+      <MsgRef>1</MsgRef>
+      <CmdRef>2</CmdRef>
+      <Cmd>Get</Cmd>
+      <Data>200</Data>
+    </Status>
+    <Results>
+      <CmdID>3</CmdID>
+      <MsgRef>1</MsgRef>
+      <CmdRef>2</CmdRef>
+      <Item>
+        <Source>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/BulkTemplate/Results/47e88660-1861-4131-96e8-f32e85011e55/Document</LocURI>
+        </Source>
+        <Data>&lt;DeclaredConfigurationResult context="Device" schema="1.0" id="47e88660-1861-4131-96e8-f32e85011e55" osdefinedscenario="MSFTResource" checksum="FF356C2C71F6A41F9AB4A601AD00C8B5BC7531576233010B13A221A9FE1BE7A0" result_checksum="DD8C1C422D50A410C2949BA5F495C2C42CC4B0C7B498D1B43318C503F6CEF491" result_timestamp="2024-08-06T13:26:23Z" operation="Set" state="60"&gt;
+            &lt;CSP name="./Vendor/MSFT/ClientCertificateInstall" state="60"&gt;
+                &lt;URI path="PFXCertInstall/813A171D7341E1DA90D4A01878DD5328D3519006/KeyLocation" status="200" state="60" type="int" /&gt;
+                &lt;URI path="PFXCertInstall/813A171D7341E1DA90D4A01878DD5328D3519006/PFXCertBlob" status="200" state="60" type="chr" /&gt;
+                &lt;URI path="PFXCertInstall/813A171D7341E1DA90D4A01878DD5328D3519006/PFXCertPassword" status="200" state="60" type="chr" /&gt;
+                &lt;URI path="PFXCertInstall/813A171D7341E1DA90D4A01878DD5328D3519006/PFXKeyExportable" status="200" state="60" type="bool" /&gt;
+            &lt;/CSP&gt;&lt;CSP name="./Vendor/MSFT/ClientCertificateInstall" state="60"&gt;
+                &lt;URI path="PFXCertInstall/CertPFX1/KeyLocation" status="200" state="60" type="int" /&gt;
+                &lt;URI path="PFXCertInstall/CertPFX1/PFXCertBlob" status="200" state="60" type="chr" /&gt;
+                &lt;URI path="PFXCertInstall/CertPFX1/PFXCertPassword" status="200" state="60" type="chr" /&gt;
+                &lt;URI path="PFXCertInstall/CertPFX1/PFXKeyExportable" status="200" state="60" type="bool" /&gt;
+            &lt;/CSP&gt;
+            &lt;/DeclaredConfigurationResult&gt;
+        </Data>
+      </Item>
+    </Results>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
diff --git a/windows/client-management/declared-configuration.md b/windows/client-management/declared-configuration.md
index f655d1ae19..a0a28f91ae 100644
--- a/windows/client-management/declared-configuration.md
+++ b/windows/client-management/declared-configuration.md
@@ -1,65 +1,132 @@
 ---
-title: Declared configuration protocol
-description: Learn more about using declared configuration protocol for desired state management of Windows devices.
-ms.date: 09/26/2023
+title: Windows declared configuration protocol
+description: Learn more about using Windows declared configuration (WinDC) protocol for desired state management of Windows devices.
+ms.date: 09/12/2024
 ms.topic: overview
 ---
 
-# What is the declared configuration protocol
+# Windows declared configuration protocol overview
 
-The declared configuration protocol is based on a desired state device configuration model, though it still uses the underlying OMA-DM Syncml protocol. Through a dedicated OMA-DM server, it provides all the settings in a single batch through this protocol. The device's declared configuration client stack can reason over the settings to achieve the desired scenario in the most efficient and reliable manner.
+The Windows declared configuration (WinDC) protocol is a desired state device configuration model designed for efficient and reliable management of Windows devices. It uses the OMA-DM SyncML protocol to provide all necessary settings in a single batch through a dedicated OMA-DM server. The WinDC client stack on the device processes these settings to achieve the desired state in the most efficient and reliable manner.
 
-The declared configuration protocol requires that a device has a separate [OMA-DM enrollment](mdm-overview.md), which is dependent on the device being enrolled with the primary OMA-DM server. The desired state model is a different model from the current model where the server is responsible for the device's desire state. This dual enrollment is only allowed if the device is already enrolled into a primary MDM server. This other enrollment separates the desired state management functionality from the primary functionality. The declared configuration enrollment's first desired state management model feature is called [extensibility](declared-configuration-extensibility.md).
+WinDC protocol requires that a device has a separate [OMA-DM enrollment](mdm-overview.md), which is dependent on the device being enrolled with the primary OMA-DM server. The desired state model is a different model from the current model where the server is responsible for the device's desire state. This dual enrollment is only allowed if the device is already enrolled into a primary mobile device management (MDM) server. This other enrollment separates the desired state management functionality from the primary functionality.
 
-:::image type="content" source="images/declared-configuration-model.png" alt-text="Diagram illustrating the declared configuration model.":::
+WinDC enrollment involves two phases:
 
-With the [Declared Configuration CSP](mdm/declaredconfiguration-csp.md), the OMA-DM server can provide the device with the complete collection of setting names and associated values based on a specified scenario. The declared configuration stack on the device is responsible for handling the configuration request, and maintaining its state including updates to the scenario.
+- [Declared configuration discovery](declared-configuration-discovery.md): The initial discovery phase of the WinDC protocol uses a dedicated JSON schema to query enrollment details from the [discovery service endpoint (DS)](/openspecs/windows_protocols/ms-mde2/60deaa44-52df-4a47-a844-f5b42037f7d3#gt_8d76dac8-122a-452b-8c97-b25af916f19b). This phase involves sending HTTP requests with specific headers and a JSON body containing details such as user domain, tenant ID, and OS version. The DS responds with the necessary enrollment service URLs and authentication policies based on the enrollment type (Microsoft Entra joined or registered devices).
+- [Declared configuration enrollment](declared-configuration-enrollment.md): The enrollment phase uses the [MS-MDE2 protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692) and new [DMClient CSP](mdm/dmclient-csp.md) policies for dual enrollment. This phase involves setting the `LinkedEnrollment/DiscoveryEndpoint` and triggering the `LinkedEnrollment/Enroll` using SyncML commands. The device can then manage its configuration state by interacting with the OMA-DM server through these policies.
 
-The benefit of the declared configuration desired state model is that it's efficient and accurate, especially since it's the responsibility of the declared configuration client to configure the device. The efficiency of declared configuration is because the client can asynchronously process batches of scenario settings, which free up the server resources to do other work. Thus the declared configuration protocol has low latency. As for configuration quality and accuracy, the declared configuration client stack has detailed knowledge of the configuration surface area of the device. This behavior includes the proper handling of continuous device updates that affect the configuration scenario.
+WinDC enrollment offers these desired state management features:
 
-## Declared configuration enrollment
+- [Resource access](declared-configuration-resource-access.md): Provides access to necessary resources for configuration.
+- [Extensibility](declared-configuration-extensibility.md): Allows for extending the configuration capabilities as needed.
 
-[Mobile Device Enrollment Protocol version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692) describes enrollment including discovery, which covers the primary and declared configuration enrollments. The device uses the following new [DMClient CSP](mdm/dmclient-csp.md) policies for declared configuration dual enrollment:
+:::image type="content" source="images/declared-configuration-model.png" alt-text="Diagram illustrating the WinDC model.":::
 
-- [LinkedEnrollment/Enroll](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentenroll)
-- [LinkedEnrollment/Unenroll](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentunenroll)
-- [LinkedEnrollment/EnrollStatus](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentenrollstatus)
-- [LinkedEnrollment/LastError](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentlasterror)
-- [LinkedEnrollment/DiscoveryEndpoint](mdm/dmclient-csp.md#deviceproviderprovideridlinkedenrollmentdiscoveryendpoint)
+After a device is enrolled, the OMA-DM server can send a complete collection of setting names and values for a specified scenario using the [DeclaredConfiguration CSP](mdm/declaredconfiguration-csp.md). The WinDC stack on the device is responsible for handling the configuration request, and maintaining its state including updates to the scenario.
 
-The following SyncML example sets **LinkedEnrolment/DiscoveryEndpoint** and triggers **LinkedEnrollment/Enroll**:
+The benefit of the WinDC desired state model is that it's efficient and accurate, especially since it's the responsibility of the WinDC client stack to configure the device. The efficiency of WinDC is because the client can asynchronously process batches of scenario settings, which free up the server resources to do other work. Thus the WinDC protocol has low latency. As for configuration quality and accuracy, the WinDC client stack has detailed knowledge of the configuration surface area of the device. This behavior includes the proper handling of continuous device updates that affect the configuration scenario.
 
-```xml
-<SyncML xmlns="SYNCML:SYNCML1.1">
-    <SyncBody>
+## Supported platforms
+
+WinDC enrollment for [Microsoft Entra joined devices](/entra/identity/devices/concept-directory-join) is supported for all versions of Windows 10/11.
+
+WinDC enrollment for [Microsoft Entra registered devices](/entra/identity/devices/concept-device-registration) is supported for Windows 10/11 with the following updates:
+
+- Windows 11, version 24H2 with [KB5040529](https://support.microsoft.com/help/5040529) (OS Build 26100.1301)
+- Windows 11, version 23H2 with [KB5040527](https://support.microsoft.com/help/5040527) (OS Build 22631.3958)
+- Windows 11, version 22H2 with [KB5040527](https://support.microsoft.com/help/5040527) (OS Build 22621.3958)
+- Windows 10, version 22H2 with [KB5040525](https://support.microsoft.com/help/5040525) (OS Build 19045.4717)
+
+## Refresh interval
+
+The WinDC refresh schedule is created whenever there's a WinDC document present on the device and there's currently no schedule task for refresh. The task runs every 4 hours by default and can be configured. Each time the WinDC refresh task runs, it checks for all drifts from desired state by comparing the current system configuration versus the server intention in the WinDC documents. If there are any drifts, WinDC engine tries to reapply the WinDC documents to fix it. In case where a WinDC document can't be reapplied due to instance data missing, the WinDC document is marked in drifted state and a new sync session is triggered to notify there's a drift.
+
+To identify, adjust or remove the refresh schedule, use the **RefreshInterval** URI:
+
+- Identify current schedule:
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <SyncML xmlns="SYNCML:SYNCML1.1">
+      <SyncBody>
+        <Get>
+          <CmdID>2</CmdID>
+          <Item>
+            <Target>
+              <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration/RefreshInterval</LocURI>
+            </Target>
+          </Item>
+        </Get>
+        <Final />
+      </SyncBody>
+    </SyncML>
+    ```
+
+- Adjust current schedule:
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <SyncML xmlns="SYNCML:SYNCML1.1">
+      <SyncBody>
         <Replace>
-           <CmdID>2</CmdID>
-            <Item>
-                <Target>
-                    <LocURI>./Device/Vendor/MSFT/DMClient/Provider/MS%20DM%20SERVER/LinkedEnrollment/DiscoveryEndpoint</LocURI>
-                </Target>
-         <Data>https://discovery.dm.microsoft.com/EnrollmentConfiguration?api-version=1.0</Data>
-            </Item>
+          <CmdID>2</CmdID>
+          <Item>
+            <Meta>
+              <Format>int</Format>
+              <Type>text/plain</Type>
+            </Meta>
+            <Target>
+              <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration/RefreshInterval</LocURI>
+            </Target>
+            <Data>30</Data>
+          </Item>
         </Replace>
-        <Final/>
-    </SyncBody>
-</SyncML>
+        <Final />
+      </SyncBody>
+    </SyncML>
+    ```
 
-<SyncML xmlns="SYNCML:SYNCML1.1">
-    <SyncBody>
-        <Exec>
-            <CmdID>2</CmdID>
-            <Item>
-                <Target>
-                    <LocURI>./Device/Vendor/MSFT/DMClient/Provider/MS%20DM%20SERVER/LinkedEnrollment/Enroll</LocURI>
-                </Target>
-           </Item>
-        </Exec>
-        <Final/>
-    </SyncBody>
-</SyncML>
-```
+- Delete the current schedule and use system default:
 
-## Related content
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <SyncML xmlns="SYNCML:SYNCML1.1">
+      <SyncBody>
+        <Delete>
+          <CmdID>2</CmdID>
+          <Item>
+            <Target>
+              <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration/RefreshInterval</LocURI>
+            </Target>
+          </Item>
+        </Delete>
+        <Final />
+      </SyncBody>
+    </SyncML>
+    ```
 
-- [Declared Configuration extensibility](declared-configuration-extensibility.md)
+## Troubleshooting
+
+If the processing of declared configuration document fails, the errors are logged to Windows event logs:
+
+- Admin events: `Application and Service Logs\Microsoft\Windows\DeviceManagement-Enterprise-Diagnostics-Provider\Admin`.
+- Operational events: `Application and Service Logs\Microsoft\Windows\DeviceManagement-Enterprise-Diagnostics-Provider\Operational`.
+
+### Common errors
+
+- If the `<LocURI>` uses **Device** scope, while DeclaredConfiguration document specifies **User** context, Admin event log shows an error message similar to:
+
+    `MDM ConfigurationManager: Command failure status. Configuration Source ID: (DAD70CC2-365B-450D-A8AB-2EB23F4300CC), Enrollment Name: (MicrosoftManagementPlatformCloud), Provider Name: (DeclaredConfiguration), Command Type: (SetValue: from Replace), CSP URI: (./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/DCA000B5-397D-40A1-AABF-40B25078A7F9/Document), Result: (The system cannot find the file specified.)`
+
+- If the Document ID doesn't match between the `<LocURI>` and inside DeclaredConfiguration document, Admin event log shows an error message similar to:
+
+    `MDM Declared Configuration: End document parsing from CSP: Document Id: (DCA000B5-397D-40A1-AABF-40B25078A7F91), Scenario: (MSFTVPN), Version: (A0), Enrollment Id: (DAD70CC2-365B-450D-A8AB-2EB23F4300CC), Current User: (S-1-5-21-3436249567-4017981746-3373817415-1001), Schema: (1.0), Download URL: (), Scope: (0x1), Enroll Type: (0x1A), File size: (0xDE2), CSP Count: (0x1), URI Count: (0xF), Action Requested: (0x0), Model: (0x1), Result:(0x8000FFFF) Catastrophic failure.`
+
+- Any typo in the OMA-URI results in a failure. In this example, `TrafficFilterList` is specified instead of `TrafficFilterLists`, and Admin event log shows an error message similar to:
+
+    `MDM ConfigurationManager: Command failure status. Configuraton Source ID: (DAD70CC2-365B-450D-A8AB-2EB23F4300CC), Enrollment Type: (MicrosoftManagementPlatformCloud), CSP Name: (vpnv2), Command Type: (Add: from Replace or Add), CSP URI: (./user/vendor/msft/vpnv2/Test_SonicWall/TrafficFilterLists), Result: (Unknown Win32 Error code: 0x86000002).`
+
+    There's also another warning message in operational channel:
+
+    `MDM Declared Configuration: Function (DeclaredConfigurationExtension_PolicyCSPConfigureGivenCurrentDoc) operation (ErrorAtDocLevel: one or more CSPs failed) failed with (Unknown Win32 Error code: 0x82d00007)`
\ No newline at end of file
diff --git a/windows/client-management/device-update-management.md b/windows/client-management/device-update-management.md
index c298893a3a..5f61783f99 100644
--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@@ -2,7 +2,7 @@
 title: Mobile device management MDM for device updates
 description: Windows provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ms.collection:
 - highpri
 - tier2
@@ -25,7 +25,7 @@ In particular, Windows provides APIs to enable MDMs to:
 - Enter a per-device update approval list. The list makes sure devices only install updates that are approved and tested.
 - Approve end-user license agreements (EULAs) for the end user so update deployment can be automated even for updates with EULAs.
 
-This article provides independent software vendors (ISV) with the information they need to implement update management in Windows. For more information, see [Policy CSP - Update](mdm/policy-csp-update.md).
+This article provides independent software publishers (ISV) with the information they need to implement update management in Windows. For more information, see [Policy CSP - Update](mdm/policy-csp-update.md).
 
 > [!NOTE]
 > The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID. The Update ID is a GUID that identifies a particular update. The MDM will want to show IT-friendly information about the update, instead of a raw GUID, including the update's title, description, KB, update type, like a security update or service pack. For more information, see [[MS-WSUSSS]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c).
@@ -88,7 +88,7 @@ This section describes a possible algorithm for using the server-server sync pro
 
 First some background:
 
-- If you have a multi-tenant MDM, the update metadata can be kept in a shared partition, since it's common to all tenants.
+- If you have a multitenant MDM, the update metadata can be kept in a shared partition, since it's common to all tenants.
 - A metadata sync service can then be implemented. The service periodically calls server-server sync to pull in metadata for the updates IT cares about.
 - The MDM component that uses OMA DM to control devices (described in the next section) should send the metadata sync service the list of needed updates it gets from each client, if those updates aren't already known to the device.
 
@@ -130,7 +130,7 @@ The following screenshots of the administrator console show the list of update t
 
 ### SyncML example
 
-Set auto update to notify and defer.
+Set Microsoft AutoUpdate to notify and defer.
 
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
diff --git a/windows/client-management/disconnecting-from-mdm-unenrollment.md b/windows/client-management/disconnecting-from-mdm-unenrollment.md
index 612dd07651..cfc52d7c69 100644
--- a/windows/client-management/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/disconnecting-from-mdm-unenrollment.md
@@ -2,7 +2,7 @@
 title: Disconnecting from the management infrastructure (unenrollment)
 description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Disconnecting from the management infrastructure (unenrollment)
@@ -22,14 +22,14 @@ During disconnection, the client executes the following tasks:
 
 In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This notification is a best-effort action as no retry is built in to ensure the notification is successfully sent to the device.
 
-This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work.
+This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment can succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work.
 
 > [!NOTE]
 > The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, see the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
 
 The vendor uses the Type attribute to specify what type of generic alert it is. For device initiated MDM unenrollment, the alert type is **com.microsoft:mdm.unenrollment.userrequest**.
 
-After the user elects to unenroll, any active MDM OMA DM sessions are terminated. After that, the DM client starts a DM session, including a user unenroll generic alert in the first package that it sends to the server.
+After the user elects to unenroll, any active MDM OMA DM sessions are terminated. After that, the DMClient starts a DM session, including a user unenroll generic alert in the first package that it sends to the server.
 
 The following sample shows an OMA DM first package that contains a generic alert message. For more information on WP OMA DM support, see the [OMA DM protocol support](oma-dm-protocol-support.md) article.
 
@@ -107,15 +107,13 @@ You can only use the Work Access page to unenroll under the following conditions
 - Enrollment was done using bulk enrollment.
 - Enrollment was created using the Work Access page.
 
-<a name='unenrollment-from-azure-active-directory-join'></a>
-
 ## Unenrollment from Microsoft Entra join
 
 When a user is enrolled into MDM through Microsoft Entra join and later, the enrollment disconnects, there's no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message doesn't indicate the loss of WIP data.
 
 ![aadj unenerollment.](images/azure-ad-unenrollment.png)
 
-During the process in which a device is enrolled into MDM through Microsoft Entra join and then remotely unenrolled, the device may get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Microsoft Entra association is also removed. This safeguard is in place to avoid leaving the corporate devices in unmanaged state.
+During the process in which a device is enrolled into MDM through Microsoft Entra join and then remotely unenrolled, the device can get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Microsoft Entra association is also removed. This safeguard is in place to avoid leaving the corporate devices in unmanaged state.
 
 Before remotely unenrolling corporate devices, you must ensure that there is at least one admin user on the device that isn't part of Microsoft Entra ID, otherwise the device won't have any admin user after the operation.
 
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index 07e6f430e8..7800723235 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -56,19 +56,20 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Windows Client Management",
       "contributors_to_exclude": [
         "dstrome2",
-        "rjagiewich",  
+        "rjagiewich",
         "American-Dipper",
-        "claydetels19", 
+        "claydetels19",
         "jborsecnik",
         "v-stchambers",
         "shdyas",
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "beccarobins"
+        "beccarobins",
+        "padmagit77",
+        "aditisrivastava07"
       ],
       "searchScope": [
         "Windows 10"
@@ -93,4 +94,4 @@
     "dest": "win-client-management",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/client-management/enable-admx-backed-policies-in-mdm.md b/windows/client-management/enable-admx-backed-policies-in-mdm.md
index 00618845b9..db0f36a085 100644
--- a/windows/client-management/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md
@@ -3,7 +3,7 @@ title: Enable ADMX policies in MDM
 description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Enable ADMX policies in MDM
diff --git a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
index f9ccd5cc0a..409c283821 100644
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -2,7 +2,7 @@
 title: Enroll a Windows device automatically using Group Policy
 description: Learn how to use a Group Policy to trigger autoenrollment to MDM for Active Directory (AD) domain-joined devices.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ms.collection:
 - highpri
 - tier2
@@ -12,7 +12,7 @@ ms.collection:
 
 You can use a Group Policy to trigger autoenrollment to Mobile Device Management (MDM) for Active Directory (AD) domain-joined devices.
 
-The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This cause-and-effect mechanism means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Microsoft Entra account.
+The group policy created on your local AD triggers enrollment into Intune without any user interaction. This cause-and-effect mechanism means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Microsoft Entra account.
 
 **Requirements**:
 
diff --git a/windows/client-management/enterprise-app-management.md b/windows/client-management/enterprise-app-management.md
index b6e975a1c8..71b7fe55b9 100644
--- a/windows/client-management/enterprise-app-management.md
+++ b/windows/client-management/enterprise-app-management.md
@@ -2,7 +2,7 @@
 title: Enterprise app management
 description: This article covers one of the key mobile device management (MDM) features for managing the lifecycle of apps across Windows devices.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Enterprise app management
@@ -15,7 +15,6 @@ By using Windows MDM to manage app lifecycles, administrators can deploy and man
 
 Windows offers the ability for management servers to:
 
-- Install apps directly from the Microsoft Store for Business
 - Deploy offline Store apps and licenses
 - Deploy line-of-business (LOB) apps (non-Store apps)
 - Inventory all apps for a user (Store and non-Store apps)
@@ -28,7 +27,7 @@ Windows offers the ability for management servers to:
 
 Windows lets you inventory all apps deployed to a user, and inventory all apps for all users of a Windows device. The [EnterpriseModernAppManagement](mdm/enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications:
 
-- **Store**: Apps that have been acquired from the Microsoft Store, either directly or delivered with the enterprise from the Store for Business.
+- **Store**: Apps that have been acquired from the Microsoft Store.
 - **nonStore**: Apps that weren't acquired from the Microsoft Store.
 - **System**: Apps that are part of the operating system and can't be uninstalled. This classification is read-only and can only be inventoried.
 
@@ -116,7 +115,7 @@ There are two basic types of apps you can deploy:
 - Store apps.
 - Enterprise signed apps.
 
-To deploy enterprise signed apps, you must enable a setting on the device to allow trusted apps. The apps can be signed by a Microsoft approved root (such as Symantec), an enterprise deployed root, or apps that are self-signed. This section covers the steps to configure the device for non-store app deployment.
+To deploy enterprise signed apps, you must enable a setting on the device to allow trusted apps. The apps can be signed by a Microsoft approved root (such as Symantec), an enterprise deployed root, or apps that are self-signed. This section covers the steps to configure the device for nonstore app deployment.
 
 ### Unlock the device for non-Store apps
 
@@ -154,7 +153,7 @@ Here's an example:
 
 ### Unlock the device for developer mode
 
-Development of apps on Windows devices no longer requires a special license. You can enable debugging and deployment of non-packaged apps using [ApplicationManagement/AllowDeveloperUnlock](mdm/policy-csp-applicationmanagement.md) policy in Policy CSP.
+Development of apps on Windows devices no longer requires a special license. You can enable debugging and deployment of nonpackaged apps using [ApplicationManagement/AllowDeveloperUnlock](mdm/policy-csp-applicationmanagement.md) policy in Policy CSP.
 
 AllowDeveloperUnlock policy enables the development mode on the device. The AllowDeveloperUnlock isn't configured by default, which means only Microsoft Store apps can be installed. If the management server explicitly sets the value to off, the setting is disabled in the settings panel on the device.
 
@@ -198,6 +197,9 @@ To deploy an app to a user directly from the Microsoft Store, the management ser
 
 If you purchased an app from the Store for Business and the app is specified for an online license, then the app and license must be acquired directly from the Microsoft Store.
 
+> [!NOTE]
+> The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
+
 Here are the requirements for this scenario:
 
 - The app is assigned to a user Microsoft Entra identity in the Store for Business. You can assign directly in the Store for Business or through a management server.
@@ -238,8 +240,8 @@ If you purchased an app from the Store for Business, the app license must be dep
 
 In the SyncML, you need to specify the following information in the `Exec` command:
 
-- License ID - This ID is specified in the LocURI. The License ID for the offline license is referred to as the "Content ID" in the license file. You can retrieve this information from the Base64 encoded license download from the Store for Business.
-- License Content - This content is specified in the data section. The License Content is the Base64 encoded blob of the license.
+- License ID - This ID is specified in the LocURI. The License ID for the offline license is referred to as the "Content ID" in the license file. You can retrieve this information from the Base 64 encoded license download from the Store for Business.
+- License Content - This content is specified in the data section. The License Content is the Base 64 encoded blob of the license.
 
 Here's an example of an offline license installation.
 
@@ -469,7 +471,7 @@ When an app installation is completed, a Windows notification is sent. You can a
   - NOT\_INSTALLED (0) - The node was added, but the execution wasn't completed.
   - INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, then this value is updated.
   - FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
-  - INSTALLED (3) - Once an install is successful this node is cleaned up. If the clean up action hasn't completed, then this state may briefly appear.
+  - INSTALLED (3) - Once an install is successful this node is cleaned up. If the clean-up action hasn't completed, then this state may briefly appear.
 - LastError - The last error reported by the app deployment server.
 - LastErrorDescription - Describes the last error reported by the app deployment server.
 - Status - An integer that indicates the progress of the app installation. In cases of an HTTPS location, this status shows the estimated download progress. Status isn't available for provisioning and only used for user-based installations. For provisioning, the value is always 0.
diff --git a/windows/client-management/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md
index 970b5917af..2a28981591 100644
--- a/windows/client-management/esim-enterprise-management.md
+++ b/windows/client-management/esim-enterprise-management.md
@@ -3,7 +3,7 @@ title: eSIM Enterprise Management
 description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
@@ -28,7 +28,7 @@ If you're a Mobile Device Management (MDM) Provider and want to support eSIM Man
 - Assess solution type that you would like to provide your customers
 - Batch/offline solution
 - IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator doesn't have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Operator doesn't have visibility over status of the eSIM profiles
 - Real-time solution
 - MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via SIM vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
 - Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
diff --git a/windows/client-management/federated-authentication-device-enrollment.md b/windows/client-management/federated-authentication-device-enrollment.md
index ecb42e8160..32b2fef7ef 100644
--- a/windows/client-management/federated-authentication-device-enrollment.md
+++ b/windows/client-management/federated-authentication-device-enrollment.md
@@ -2,7 +2,7 @@
 title: Federated authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Federated authentication device enrollment
@@ -122,7 +122,7 @@ The discovery response is in the XML format and includes the following fields:
 > [!NOTE]
 > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
-When authentication policy is set to be Federated, Web Authentication Broker (WAB) is used by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client calls the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage is used by the enrollment client as the device security secret during the client certificate enrollment request call.
+When authentication policy is set to be Federated, Web Authentication Broker (WAB) is used by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client calls the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an end page is used by the enrollment client as the device security secret during the client certificate enrollment request call.
 
 > [!NOTE]
 > Instead of relying on the user agent string that is passed during authentication to get information, such as the OS version, use the following guidance:
@@ -183,7 +183,7 @@ Content-Length: 556
 </html>
 ```
 
-The server has to send a POST to a redirect URL of the form `ms-app://string` (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `<wsse:BinarySecurityToken>` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form its just HTML encoded. This string is opaque to the enrollment client; the client doesn't interpret the string.
+The server has to send a POST to a redirect URL of the form `ms-app://string` (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `<wsse:BinarySecurityToken>` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it's just HTML encoded. This string is opaque to the enrollment client; the client doesn't interpret the string.
 
 The following example shows a response received from the discovery web service that requires authentication via WAB.
 
@@ -367,7 +367,7 @@ The following snippet shows the policy web service response.
 
 ## Enrollment web service
 
-This web service implements the MS-WSTEP protocol. It processes the RequestSecurityToken (RST) message from the client, authenticates the client, requests the certificate from the CA, and returns it in the RequestSecurityTokenResponse (RSTR) to the client. Besides the issued certificate, the response also contains configurations needed to provision the DM client.
+This web service implements the MS-WSTEP protocol. It processes the RequestSecurityToken (RST) message from the client, authenticates the client, requests the certificate from the CA, and returns it in the RequestSecurityTokenResponse (RSTR) to the client. Besides the issued certificate, the response also contains configurations needed to provision the DMClient.
 
 The RequestSecurityToken (RST) must have the user credential and a certificate request. The user credential in an RST SOAP envelope is the same as in GetPolicies, and can vary depending on whether the authentication policy is OnPremise or Federated. The BinarySecurityToken in an RST SOAP body contains a Base64-encoded PKCS\#10 certificate request, which is generated by the client based on the enrollment policy. The client could have requested an enrollment policy by using MS-XCEP before requesting a certificate using MS-WSTEP. If the PKCS\#10 certificate request is accepted by the certification authority (CA) (the key length, hashing algorithm, and so on, match the certificate template), the client can enroll successfully.
 
@@ -471,15 +471,15 @@ Similar to the TokenType in the RST, the RSTR uses a custom ValueType in the Bin
 The provisioning XML contains:
 
 - The requested certificates (required)
-- The DM client configuration (required)
+- The DMClient configuration (required)
 
-The client installs the client certificate, the enterprise root certificate, and intermediate CA certificate if there's one. The DM configuration includes the name and address of the DM server, which client certificate to use, and schedules when the DM client calls back to the server.
+The client installs the client certificate, the enterprise root certificate, and intermediate CA certificate if there's one. The DM configuration includes the name and address of the DM server, which client certificate to use, and schedules when the DMClient calls back to the server.
 
 Enrollment provisioning XML should contain a maximum of one root certificate and one intermediate CA certificate that is needed to chain up the MDM client certificate. More root and intermediate CA certificates could be provisioned during an OMA DM session.
 
 When root and intermediate CA certificates are being provisioned, the supported CSP node path is: CertificateStore/Root/System for root certificate provisioning, CertificateStore/My/User for intermediate CA certificate provisioning.
 
-Here's a sample RSTR message and a sample of OMA client provisioning XML within RSTR. For more information about the configuration service providers (CSPs) used in provisioning XML, see the Enterprise settings, policies and app management section.
+Here's a sample RSTR message and a sample of OMA client provisioning XML within RSTR. For more information about the configuration service providers (CSPs) used in provisioning XML, see the Enterprise settings, policies, and app management section.
 
 The following example shows the enrollment web service response.
 
diff --git a/windows/client-management/images/autoenrollment-gpedit.png b/windows/client-management/images/autoenrollment-gpedit.png
deleted file mode 100644
index e863dfc945..0000000000
Binary files a/windows/client-management/images/autoenrollment-gpedit.png and /dev/null differ
diff --git a/windows/client-management/images/autoenrollment-mdm-policies.png b/windows/client-management/images/autoenrollment-mdm-policies.png
deleted file mode 100644
index 6833b4ac8b..0000000000
Binary files a/windows/client-management/images/autoenrollment-mdm-policies.png and /dev/null differ
diff --git a/windows/client-management/images/autoenrollment-task-schedulerapp.png b/windows/client-management/images/autoenrollment-task-schedulerapp.png
deleted file mode 100644
index 56f071dcda..0000000000
Binary files a/windows/client-management/images/autoenrollment-task-schedulerapp.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant1.png b/windows/client-management/images/azure-ad-add-tenant1.png
deleted file mode 100644
index 3e32d82f7b..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant1.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant10.png b/windows/client-management/images/azure-ad-add-tenant10.png
deleted file mode 100644
index a6e7c07f67..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant10.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant11.png b/windows/client-management/images/azure-ad-add-tenant11.png
deleted file mode 100644
index 4648df15d8..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant11.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant12.png b/windows/client-management/images/azure-ad-add-tenant12.png
deleted file mode 100644
index 1b234faef0..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant12.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant13.png b/windows/client-management/images/azure-ad-add-tenant13.png
deleted file mode 100644
index b44e7370cd..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant13.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant14.png b/windows/client-management/images/azure-ad-add-tenant14.png
deleted file mode 100644
index d295c71a69..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant14.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant15.png b/windows/client-management/images/azure-ad-add-tenant15.png
deleted file mode 100644
index d0639750c2..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant15.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant2.png b/windows/client-management/images/azure-ad-add-tenant2.png
deleted file mode 100644
index 3099043171..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant2.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant3-b.png b/windows/client-management/images/azure-ad-add-tenant3-b.png
deleted file mode 100644
index e845896e37..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant3-b.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant3.png b/windows/client-management/images/azure-ad-add-tenant3.png
deleted file mode 100644
index 7ede724ff0..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant3.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant4.png b/windows/client-management/images/azure-ad-add-tenant4.png
deleted file mode 100644
index 8c6f4bbbdd..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant4.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant5.png b/windows/client-management/images/azure-ad-add-tenant5.png
deleted file mode 100644
index ad951c46b2..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant5.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant6.png b/windows/client-management/images/azure-ad-add-tenant6.png
deleted file mode 100644
index 169df32316..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant6.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant7.png b/windows/client-management/images/azure-ad-add-tenant7.png
deleted file mode 100644
index 73a1319eb9..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant7.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant8.png b/windows/client-management/images/azure-ad-add-tenant8.png
deleted file mode 100644
index b36d089a48..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant8.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-add-tenant9.png b/windows/client-management/images/azure-ad-add-tenant9.png
deleted file mode 100644
index 6589bda706..0000000000
Binary files a/windows/client-management/images/azure-ad-add-tenant9.png and /dev/null differ
diff --git a/windows/client-management/images/azure-ad-app-gallery.png b/windows/client-management/images/azure-ad-app-gallery.png
deleted file mode 100644
index f96d2b7f89..0000000000
Binary files a/windows/client-management/images/azure-ad-app-gallery.png and /dev/null differ
diff --git a/windows/client-management/images/azure-mdm-intune.png b/windows/client-management/images/azure-mdm-intune.png
deleted file mode 100644
index b0f08a51bd..0000000000
Binary files a/windows/client-management/images/azure-mdm-intune.png and /dev/null differ
diff --git a/windows/client-management/images/businessstoreportalservices2.png b/windows/client-management/images/businessstoreportalservices2.png
deleted file mode 100644
index 56d8981fc0..0000000000
Binary files a/windows/client-management/images/businessstoreportalservices2.png and /dev/null differ
diff --git a/windows/client-management/images/businessstoreportalservices3.png b/windows/client-management/images/businessstoreportalservices3.png
deleted file mode 100644
index ac74b64ab1..0000000000
Binary files a/windows/client-management/images/businessstoreportalservices3.png and /dev/null differ
diff --git a/windows/client-management/images/businessstoreportalservicesflow.png b/windows/client-management/images/businessstoreportalservicesflow.png
deleted file mode 100644
index 6a215fc076..0000000000
Binary files a/windows/client-management/images/businessstoreportalservicesflow.png and /dev/null differ
diff --git a/windows/client-management/images/declared-configuration-ra-syntax.png b/windows/client-management/images/declared-configuration-ra-syntax.png
new file mode 100644
index 0000000000..6ab42b77bf
Binary files /dev/null and b/windows/client-management/images/declared-configuration-ra-syntax.png differ
diff --git a/windows/client-management/images/faq-max-devices.png b/windows/client-management/images/faq-max-devices.png
deleted file mode 100644
index f2d177b92f..0000000000
Binary files a/windows/client-management/images/faq-max-devices.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification1.png b/windows/client-management/images/push-notification1.png
deleted file mode 100644
index 74388704f5..0000000000
Binary files a/windows/client-management/images/push-notification1.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification10.png b/windows/client-management/images/push-notification10.png
deleted file mode 100644
index d76ed273d0..0000000000
Binary files a/windows/client-management/images/push-notification10.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification2.png b/windows/client-management/images/push-notification2.png
deleted file mode 100644
index ba2c1c008e..0000000000
Binary files a/windows/client-management/images/push-notification2.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification3.png b/windows/client-management/images/push-notification3.png
deleted file mode 100644
index d5a233353a..0000000000
Binary files a/windows/client-management/images/push-notification3.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification4.png b/windows/client-management/images/push-notification4.png
deleted file mode 100644
index 49633b7c4d..0000000000
Binary files a/windows/client-management/images/push-notification4.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification5.png b/windows/client-management/images/push-notification5.png
deleted file mode 100644
index 5abdfbf0bc..0000000000
Binary files a/windows/client-management/images/push-notification5.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification6.png b/windows/client-management/images/push-notification6.png
deleted file mode 100644
index 380863d930..0000000000
Binary files a/windows/client-management/images/push-notification6.png and /dev/null differ
diff --git a/windows/client-management/images/push-notification7.png b/windows/client-management/images/push-notification7.png
deleted file mode 100644
index 5185b49323..0000000000
Binary files a/windows/client-management/images/push-notification7.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-10.png b/windows/client-management/images/unifiedenrollment-rs1-10.png
deleted file mode 100644
index 046fba9228..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-10.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-2.png b/windows/client-management/images/unifiedenrollment-rs1-2.png
deleted file mode 100644
index ea02fe5541..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-2.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-3.png b/windows/client-management/images/unifiedenrollment-rs1-3.png
deleted file mode 100644
index 2c6a240864..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-3.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-37-c.png b/windows/client-management/images/unifiedenrollment-rs1-37-c.png
deleted file mode 100644
index 5ed04fb4a2..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-37-c.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-4.png b/windows/client-management/images/unifiedenrollment-rs1-4.png
deleted file mode 100644
index 214a6c5c2c..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-4.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-5.png b/windows/client-management/images/unifiedenrollment-rs1-5.png
deleted file mode 100644
index ca53b739d5..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-5.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-6.png b/windows/client-management/images/unifiedenrollment-rs1-6.png
deleted file mode 100644
index e865f66efe..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-6.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-7.png b/windows/client-management/images/unifiedenrollment-rs1-7.png
deleted file mode 100644
index 26f4c4320d..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-7.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-8.png b/windows/client-management/images/unifiedenrollment-rs1-8.png
deleted file mode 100644
index fefb595eec..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-8.png and /dev/null differ
diff --git a/windows/client-management/images/unifiedenrollment-rs1-9.png b/windows/client-management/images/unifiedenrollment-rs1-9.png
deleted file mode 100644
index b3f9e58129..0000000000
Binary files a/windows/client-management/images/unifiedenrollment-rs1-9.png and /dev/null differ
diff --git a/windows/client-management/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md
index e9c0ab5ecc..f5969415ed 100644
--- a/windows/client-management/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/implement-server-side-mobile-application-management.md
@@ -2,16 +2,14 @@
 title: Support for Windows Information Protection (WIP) on Windows
 description: Learn about implementing the Windows version of Windows Information Protection (WIP), which is a lightweight solution for managing company data access and security on personal devices.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Support for Windows Information Protection (WIP) on Windows
 
 Windows Information Protection (WIP) is a lightweight solution for managing company data access and security on personal devices. WIP support is built into Windows.
 
-[!INCLUDE [Deprecate Windows Information Protection](../security/information-protection/windows-information-protection/includes/wip-deprecation.md)]
-
-<a name='integration-with-azure-ad'></a>
+[!INCLUDE [Deprecate Windows Information Protection](mdm/includes/wip-deprecation.md)]
 
 ## Integration with Microsoft Entra ID
 
@@ -25,7 +23,7 @@ Regular non administrator users can enroll to MAM.
 
 ## Understand Windows Information Protection
 
-WIP takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, WPJ limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf.
+WIP takes advantage of [built-in policies](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, WPJ limits enforcement of WIP policies to [enlightened apps](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf.
 
 To make applications WIP-aware, app developers need to include the following data in the app resource file.
 
@@ -78,7 +76,7 @@ Since the [Poll](mdm/dmclient-csp.md#deviceproviderprovideridpoll) node isn't pr
 
 ## Supported CSPs
 
-WIP supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list may change later based on customer feedback:
+WIP supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list can change later based on customer feedback:
 
 - [AppLocker CSP](mdm/applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
 - [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index 860eb04bfe..f600a15201 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -10,11 +10,12 @@ metadata:
   ms.collection:
     - highpri
     - tier1
+    - essentials-manage
   author: vinaypamnani-msft
   ms.author: vinpa
   manager: aaroncz
-  ms.date: 01/18/2024
-  localization_priority: medium
+  ms.date: 07/08/2024
+  ms.localizationpriority: medium
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index cc6af7d11f..a43167be49 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -2,13 +2,13 @@
 title: Manage Windows devices in your organization - transitioning to modern management
 description: This article offers strategies for deploying and managing Windows devices, including deploying Windows in a mixed environment.
 ms.localizationpriority: medium
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ms.topic: conceptual
 ---
 
 # Manage Windows devices in your organization - transitioning to modern management
 
-Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows devices gradually, following the normal upgrade schedules used in your organization.
+Use of personal devices for work, and users working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows devices gradually, following the normal upgrade schedules used in your organization.
 
 Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows faster.
 
@@ -45,13 +45,13 @@ You can use Windows and services like [Microsoft Entra ID](/azure/active-directo
 
 You can envision user and device management as falling into these two categories:
 
-- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows, your employees can self-provision their devices:
+- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows, your users can self-provision their devices:
 
   - For corporate devices, they can set up corporate access with [Microsoft Entra join](/azure/active-directory/devices/overview). When you offer them Microsoft Entra join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.
 
-    Microsoft Entra join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
+    Microsoft Entra join is also a great solution for temporary staff, partners, or other part-time users. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
 
-  - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
+  - Likewise, for personal devices, users can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
 
 - **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
 
@@ -71,7 +71,7 @@ As you review the roles in your organization, you can use the following generali
 
 ## Settings and configuration
 
-Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. You can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
+Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, users are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. You can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
 
 - **MDM**: MDM gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, group policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using group policy that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
 
diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md
index 46d7c8c8dc..d48ca50d9a 100644
--- a/windows/client-management/manage-windows-copilot.md
+++ b/windows/client-management/manage-windows-copilot.md
@@ -1,9 +1,9 @@
 ---
-title: Manage Copilot in Windows
-description: Learn how to manage Copilot in Windows for commercial environments using MDM and group policy. Learn about the chat providers available to Copilot in Windows.
-ms.topic: how-to
+title: Updated Windows and Microsoft Copilot experience
+description: Learn about changes to the Copilot in Windows experience for commercial environments and how to configure it for your organization.
+ms.topic: overview
 ms.subservice: windows-copilot
-ms.date: 06/13/2024
+ms.date: 09/18/2024
 ms.author: mstewart
 author: mestew
 ms.collection:
@@ -13,226 +13,66 @@ appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2 or later</a>
 ---
 
-# Manage Copilot in Windows
-<!--8445848-->
+# Updated Windows and Microsoft Copilot experience
+<!--8445848, 9294806-->
 
->**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0).
+>**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0).
 
-> [!Note]
-> - This article and the [TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) policy isn't for the [new Copilot experience](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-copilot-in-windows-for-your-workforce/ba-p/4141999) that's in some [Windows Insider builds](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/) and that will be gradually rolling out to Windows 11 and Windows 10 devices. <!--9048085-->
+## Enhanced data protection with enterprise data protection
 
-Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/copilot/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat.
+The Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft Copilot will offer enterprise data protection](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) at no additional cost and redirect users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Copilot for Microsoft 365 and Microsoft Copilot. This means that security, privacy, compliance controls and commitments available for Copilot for Microsoft 365 will extend to Microsoft Copilot prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers - not only for Copilot for Microsoft 365, but also for emails in Exchange and files in SharePoint. This is an improvement on top of the previous commercial data protection (CDP) promise. This update is rolling out now. For more information, see the [Microsoft Copilot updates and enterprise data protection FAQ](/copilot/edpfaq).
+
+> [!IMPORTANT]
+> To streamline the user experience, updates to the Copilot entry points in Windows are being made for users. **Copilot in Windows (preview) will be removed from Windows**. The experience will slightly vary depending on whether your organization has already opted into using Copilot in Windows (preview) or not. 
+
+## Copilot in Windows (preview) isn't enabled
+
+If your organization hasn't enabled Copilot in Windows (preview), your existing preferences are respected. Neither the Microsoft Copilot app nor the Microsoft 365 app are pinned to the taskbar. To prepare for the eventual removal of the [Copilot in Windows policy](/windows/client-management/mdm/policy-csp-windowsai#turnoffwindowscopilot), admins should [set Microsoft Copilot pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center.
+
+> [!NOTE]
+> Although we won't be pinning any app to the taskbar by default, IT has the capability to use policies to enforce their preferred app pinning.
+
+## Copilot in Windows (preview) is enabled
+
+If you had previously activated Copilot in Windows (in preview) for your workforce, we want to thank you for your enthusiasm. To provide the best Copilot experience for your employees moving forward, and support greater efficiency and productivity, we won't automatically pin the Microsoft 365 app to the taskbar in Windows. Rather, we'll ensure that you have control over how you enable the Copilot experience within your organization.  Our focus remains on empowering IT to seamlessly manage AI experiences and adopt those experiences at a pace that suits your organizational needs.
+
+If you have already activated Copilot in Windows (preview) - and want your users to have uninterrupted access to Copilot on the taskbar after the update - use the [configuration options](/windows/configuration/taskbar/?pivots=windows-11) to pin the Microsoft 365 app to the taskbar as Copilot in Windows (preview) icon will be removed from the taskbar.
+
+## Users signing in to new PCs with Microsoft Entra accounts
+
+For users signing in to new PCs with work or school accounts, the following experience occurs:
+
+-	The Microsoft 365 app is pinned to the taskbar - this is the app comes preinstalled with Windows and includes convenient access to Office apps such as Word, PowerPoint, etc. 
+-	Users that have the Microsoft 365 Copilot license will have Microsoft Copilot pinned by default inside the Microsoft 365 app. 
+-	Within the Microsoft 365 app, the Microsoft Copilot icon is situated next to the home button.
+    - Microsoft Copilot (`web` grounding chat) isn't the same as Microsoft 365 Copilot (`web` and `work` scope), which is a separate add-on license. 
+    - Microsoft Copilot is available at no additional cost to customers with a Microsoft Entra account. Microsoft Copilot is the entry point for Copilot at work. While the Copilot chat experience helps users ground their conversations in web data, Microsoft 365 Copilot allows users to incorporate both web and work data they have access to into their conversations by switching between work and web modes in Business Chat. 
+   - For users with the Microsoft 365 Copilot license, they can toggle between the web grounding-based chat capabilities of Microsoft Copilot and the work scoped chat capabilities of Microsoft 365 Copilot. 
+-	Customers that don't have a license for Microsoft 365 Copilot are asked if they want to pin Microsoft Copilot to ensure they have easy access to Copilot. To set the default behavior, admins should [set Microsoft Copilot pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center. 
+-	If admins elect not to pin Copilot and indicate that users may be asked, users will be asked to pin it themselves in the Microsoft 365 app, Outlook, and Teams. 
+-	If admins elect not to pin Microsoft Copilot and indicate that users may not be asked, Microsoft Copilot won't be available via the Microsoft 365 app, Outlook, or Teams. Users will have access to Microsoft Copilot from <www.microsoft.com/copilot> unless that URL is blocked by the IT admin.
+-	If the admins make no selection, users will be asked to pin Microsoft Copilot by themselves for easy access. 
 
 
-## Configure Copilot in Windows for commercial environments
+## When will this happen?
 
-At a high level, managing and configuring Copilot in Windows for your organization involves the following steps:
+The update to Microsoft Copilot to offer enterprise data protection is rolling out now.
 
-> [!Note]
-> - Copilot in Windows is currently available as a preview. We will continue to experiment with new ideas and methods using your feedback.
-> - Copilot in Windows (in preview) is available in select global markets and will be rolled out to additional markets over time. [Learn more](https://www.microsoft.com/windows/copilot-ai-features#faq). <!--8737645-->
+The shift to the Microsoft 365 app as the entry point for Microsoft Copilot is coming soon. Changes will be rolled out to managed PCs starting with the optional nonsecurity preview release on September 24, 2024, and following with the monthly security update release on October 8 for all supported versions of Windows 11. These changes will be applied to Windows 10 PCs the month after. This update is replacing the current Copilot in Windows experience.
 
-1. Understand the [available chat provider platforms for Copilot in Windows](#chat-provider-platforms-for-copilot-in-windows)
-1. [Configure the chat provider platform](#configure-the-chat-provider-platform-that-copilot-in-windows-uses) used by Copilot in Windows
-1. Ensure the [Copilot in Windows user experience](#ensure-the-copilot-in-windows-user-experience-is-enabled) is enabled
-1. Verify [other settings that might affect Copilot in Windows](#other-settings-that-might-affect-copilot-in-windows-and-its-underlying-chat-provider) and its underlying chat provider
+> [!IMPORTANT]
+> Want to get started? You can enable the Microsoft Copilot experience for your users now by using the [TurnOffWindowsCopilot](/windows/client-management/mdm/policy-csp-windowsai#turnoffwindowscopilot) policy and pin the Microsoft 365 app using the existing policies for taskbar pinning.
+
+
+## Policy information
+
+Admins should configure the [pinning options](/copilot/microsoft-365/pin-copilot) to enable access to Microsoft Copilot within the Microsoft 365 app in the Microsoft 365 admin center. 
+
+The following policy to manage Copilot in Windows (preview) will be removed in the future:
 
-Organizations that aren't ready to use Copilot in Windows can disable it until they're ready with the **Turn off Windows Copilot** policy. This policy setting allows you to turn off Copilot in Windows. If you enable this policy setting, users can't use Copilot in Windows and the icon doesn't appear on the taskbar either. If you disable or don't configure this policy setting, users can use Copilot in Windows when it's available to them.
 
 | &nbsp; | Setting  |
 |---|---|
 | **CSP** | ./User/Vendor/MSFT/Policy/Config/WindowsAI/[TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) |
 | **Group policy** | User Configuration > Administrative Templates > Windows Components > Windows Copilot > **Turn off Windows Copilot** |
 
-
-## Chat provider platforms for Copilot in Windows
-
-Copilot in Windows can use either Microsoft Copilot, Copilot with commercial data protection, or Copilot with Graph-grounded chat as its chat provider platform. The chat provider platform is the underlying service that Copilot in Windows uses to communicate with the user. The chat provider platform is important because it's possible for users to copy and paste sensitive information into the chat. Each chat provider platform has different privacy and security protections.
-
-### Copilot
-
-Copilot is a consumer experience and has a daily limit on the number of chat queries per user when not signed in with a Microsoft account. It doesn't offer the same data protection as Copilot with commercial data protection.
-
-- [Copilot in Windows: Your data and privacy](https://support.microsoft.com/windows/3e265e82-fc76-4d0a-afc0-4a0de528b73a)
-- The privacy statement for using Copilot follows the [Microsoft privacy statement](https://privacy.microsoft.com/privacystatement) including the product specific guidance in the Microsoft privacy statement for **Bing** under the **Search, Microsoft Edge, and artificial intelligence** section.
-
-  > [!Note]
-  > Copilot doesn't have access to Microsoft 365 Apps data, such as email, calendar, or files using Microsoft Graph, unlike [Microsoft Copilot with Graph-grounded chat](#microsoft-copilot-with-graph-grounded-chat).
-
-### Copilot with commercial data protection
-
-[Copilot with commercial data protection](/copilot/overview) is intended for commercial use scenarios and offers commercial data protection. The following privacy and security protections apply for Copilot with commercial data protection:
-
-- User and organizational data is protected, chat data isn't saved, and your data isn't used to train the underlying large language models (LLMs). Because of this protection, chat history, 3rd-party plugins, and the Bing app for iOS or Android aren't currently supported. Copilot with commercial data protection is accessible from mobile browsers, including Edge mobile on iOS and Android. Review the Copilot with commercial data protection [privacy statement](/copilot/privacy-and-protections).
-- Copilot with commercial data protection is available, at no additional cost, for the following licenses:
-   - Microsoft 365 E3 or E5
-   - Microsoft 365 F3 <!--8681080, 8681034-->
-   - Microsoft 365 A1, A3, or A5 <!--8681034-->
-       - Copilot with commercial data protection is limited to faculty and higher education students over 18 years of age
-   - Office 365 A1, A3, or A5 <!--8681034-->
-       - Copilot with commercial data protection is limited to faculty and higher education students over 18 years of age
-   - Microsoft 365 Business Standard
-   - Microsoft 365 Business Premium
-
-  > [!Note]
-  > Copilot with commercial data protection doesn't have access to Microsoft 365 Apps data, such as email, calendar, or files using Microsoft Graph, unlike [Microsoft Copilot with Graph-grounded chat](#microsoft-copilot-with-graph-grounded-chat).
-
-### Microsoft Copilot with Graph-grounded chat
-<!---8639813-->
-Copilot with Graph-grounded chat enables you to use your work content and context in Copilot for Windows. With Graph-grounded chat, you can draft content and get answers to questions, all securely grounded in your Microsoft Graph data such as user documents, emails, calendar, chats, meetings, and contacts. When you use the **Work** toggle in Copilot in Windows to query Graph-grounded chat, the following high-level privacy and security protections apply:
-
-- Prompts, responses, and data accessed through Microsoft Graph aren't used to train foundational LLMs.
-- It only surfaces organizational data to which individual users have at least view permissions.
-- The information contained within your prompts, the data retrieved, and the generated responses remain within your tenant's service boundary. For more information about privacy and security for Graph-grounded chat, see [Data, Privacy, and Security for Microsoft Copilot for Microsoft 365](/microsoft-365-copilot/microsoft-365-copilot-privacy)
-- Copilot with Graph-grounded chat is part of Copilot for Microsoft 365. Copilot for Microsoft 365 is an add-on plan. For more information about prerequisites and license requirements, see [Microsoft Copilot for Microsoft 365 requirements](/microsoft-365-copilot/microsoft-365-copilot-requirements#license-requirements).
-
-## Configure the chat provider platform that Copilot in Windows uses
-
-Configuring the correct chat provider platform for Copilot in Windows is important because it's possible for users to copy and paste sensitive information into the chat. Each chat provider platform has different privacy and security protections. Once you select the chat provider platform that you want to use for Copilot in Windows, ensure it's configured for your organization's users. The following sections describe how to configure the chat provider platform that Copilot in Windows uses.
-
-### Microsoft Copilot as the chat provider platform
-
-Copilot is used as the default chat provider platform for Copilot in Windows when any of the following conditions occur:
-
-- Commercial data protection isn't configured for the user.
-- Commercial data protection is [turned off](/copilot/manage).
-- The user isn't assigned a license that includes Copilot with commercial data protection.
-- The user isn't signed in with a Microsoft Entra account that's licensed for Copilot with commercial data protection.
-
-### Copilot with commercial data protection as the chat provider platform (recommended for commercial environments)
-
-To verify that Copilot with commercial data protection is enabled for the user as the chat provider platform for Copilot in Windows, use the following instructions:
-
-1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com/).
-1. In the admin center, select  **Users** > **Active users** and verify that users are assigned a license that includes **Copilot**. Copilot with commercial data protection is included and enabled by default for users that are assigned one of the following licenses:
-   - Microsoft 365 E3 or E5
-   - Microsoft 365 F3 <!--8681080, 8681034-->
-   - Microsoft 365 A1, A3, or A5 
-     - Copilot with commercial data protection is limited to faculty and higher education students over 18 years of age <!--8681034-->
-   - Office 365 A1, A3, or A5 <!--8681034-->
-      - Copilot with commercial data protection is limited to faculty and higher education students over 18 years of age <!--8681034-->
-   - Microsoft 365 Business Standard
-   - Microsoft 365 Business Premium
-1. To verify that commercial data protection is enabled for the user, select the user's **Display name** to open the flyout menu.
-1. In the flyout, select the **Licenses & apps** tab, then expand the **Apps** list.
-1. Verify that **Copilot** is enabled for the user.
-1. If you prefer to view a user's licenses from the [Azure portal](https://portal.azure.com), you'll find it under **Microsoft Entra ID** > **Users**. Select the user's name, then **Licenses**. Select a  license that includes **Copilot**, and verify that it's listed as **On**. If you previously disabled Copilot with commercial data protection (formerly Bing Chat Enterprise), see [Manage Copilot](/copilot/manage) for verifying that commercial data protection is enabled for your users.
-1. Copilot with commercial data protection is used as the chat provider platform for users when the following conditions are met:
-   - Users have an eligible license, commercial data protection in Copilot is enabled, and the [Copilot in Windows user experience is enabled](#enable-the-copilot-in-windows-user-experience-for-windows-11-version-22h2-clients).
-   - Users are signed in with their Microsoft Entra ID (work accounts)
-      - Users can sign into Windows with their Microsoft Entra ID
-      - For Active Directory users on Windows 11, a Microsoft Entra ID in the Web Account Manager (WAM) authentication broker can be used. Entra IDs in Microsoft Edge profiles and Microsoft 365 Apps would both be in WAM. <!--8470699-->
-
-The following sample PowerShell script connects to Microsoft Graph and lists which users that have Copilot with commercial data protection enabled and disabled:
-
-```powershell
-# Install Microsoft Graph module
-if (-not (Get-Module Microsoft.Graph.Users)) {
-    Install-Module Microsoft.Graph.Users
-}
-
-# Connect to Microsoft Graph
-Connect-MgGraph -Scopes 'User.Read.All'
-
-# Get all users
-$users = Get-MgUser -All -ConsistencyLevel eventual -Property Id, DisplayName, Mail, UserPrincipalName, AssignedPlans
-
-# Users with Copilot with commercial data protection enabled
-$users | Where-Object { $_.AssignedPlans -and $_.AssignedPlans.Service -eq "Bing" -and $_.AssignedPlans.CapabilityStatus -eq "Enabled" } | Format-Table
-
-# Users without Copilot with commercial data protection enabled
-$users | Where-Object { -not $_.AssignedPlans -or ($_.AssignedPlans.Service -eq "Bing" -and $_.AssignedPlans.CapabilityStatus -ne "Enabled") } | Format-Table
-```
-
-When Copilot with commercial data protection is the chat provider platform, the user experience clearly states that **Your personal and company data are protected in this chat**. There's also a shield symbol labeled **Protected** at the top of the Copilot in Windows sidebar and the provider is listed under the Copilot logo when the sidebar is first opened. The following image shows the message that's displayed in this scenario:
-
-:::image type="content" source="images/copilot-commercial-data-protection-chat-provider.png" alt-text="Screenshot of the Copilot in Windows user experience when Copilot with commercial data protection is the chat provider." lightbox="images/copilot-commercial-data-protection-chat-provider.png":::
-
-
-### Copilot with Graph-grounded chat as the chat provider platform 
-<!---8639813-->
-
-When users are assigned [Microsoft Copilot for Microsoft 365](/microsoft-365-copilot/microsoft-365-copilot-setup) licenses, they're automatically presented with a **Work** toggle in Copilot for Windows. When **Work** is selected, Copilot with Graph-grounded chat is the chat provider platform used by Copilot in Windows. When using Graph-grounded chat, user prompts can securely access Microsoft Graph content, such as emails, chats, and documents.  
-
-:::image type="content" source="images/work-toggle-graph-grounded-chat.png" alt-text="Screenshot of the Copilot in Windows user experience when the work toggle is selected and the chart provider is Copilot with Graph-grounded chat." lightbox="images/work-toggle-graph-grounded-chat.png":::
-
-## Ensure the Copilot in Windows user experience is enabled
-
-Once you've configured the chat provider platform that Copilot in Windows uses, you need to ensure that the Copilot in Windows user experience is enabled. Ensuring the Copilot in Windows user experience is enabled varies by the Windows version.
-
-### Enable the Copilot in Windows user experience for Windows 11, version 22H2 clients
-
-Copilot in Windows isn't technically enabled by default for managed Windows 11, version 22H2 devices because it's behind a [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control). For the purposes of temporary enterprise control, a system is considered managed if it's configured to get updates from Windows Update for Business or [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus). Clients that get updates from Microsoft Configuration Manager, Microsoft Intune, and Windows Autopatch are considered managed since their updates ultimately come from WSUS or Windows Updates for Business.
-
-To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you need to enable features under temporary enterprise control for these devices. Since enabling features behind [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) can be impactful, you should test this change before deploying it broadly. To enable Copilot in Windows for managed Windows 11, version 22H2 devices, use the following instructions:
-
-1. Verify that the user accounts have the correct chat provider platform configured for Copilot in Windows. For more information, see the [Configure the chat provider platform that Copilot in Windows uses](#configure-the-chat-provider-platform-that-copilot-in-windows-uses) section.
-1. Apply a policy to enable features under temporary enterprise control for managed clients. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
-   - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\\**Enable features introduced via servicing that are off by default**
-
-    - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)
-       - In the Intune [settings catalog](/mem/intune/configuration/settings-catalog), this setting is named **Allow Temporary Enterprise Feature Control** under the **Windows Update for Business** category.
-     > [!Important]
-     > For the purposes of temporary enterprise control, a system is considered managed if it's configured to get updates from Windows Update for Business or [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus). Clients that get updates from Microsoft Configuration Manager, Microsoft Intune, and Windows Autopatch are considered managed since their updates ultimately come from WSUS or Windows Updates for Business.
-
-1. Copilot in Windows will be initially deployed to devices using a controlled feature rollout (CFR). Depending on how soon you start deploying Copilot in Windows, you might also need to [enable optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates) with one of the following policies:
-   - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Windows Update for Business\\**Allow updates to Windows optional features**
-   - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowOptionalUpdates](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalupdates)
-      - In the Intune [settings catalog](/mem/intune/configuration/settings-catalog), this setting is named **Allow optional updates** under the **Windows Update for Business** category.
-
-   The optional updates policy applies to Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later. When setting policy for [optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates), ensure you select one of the following options that includes CFRs:
-    - Automatically receive optional updates (including CFRs)
-      - This selection places devices into an early CFR phase
-    - Users can select which optional updates to receive
-
-1. Windows 11, version 22H2 devices display Copilot in Windows when the CFR is enabled for the device. CFRs are enabled for devices in phases, sometimes called waves.
-
-### Enable the Copilot in Windows user experience for Windows 11, version 23H2 clients
-
-Once a managed device installs the version 23H2 update, the [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) for Copilot in Windows is removed. This means that Copilot in Windows is enabled by default for these devices.
-
-While the user experience for Copilot in Windows is enabled by default, you still need to verify that the correct chat provider platform configured for Copilot in Windows. While every effort is made to ensure that Copilot with commercial data protection is the default chat provider for commercial organizations, it's still possible that Copilot might still be used if the configuration is incorrect, or if other settings are affecting Copilot in Windows. For more information, see:
-- [Configure the chat provider platform that Copilot in Windows uses](#configure-the-chat-provider-platform-that-copilot-in-windows-uses)
-- [Other settings that might affect Copilot in Windows and its underlying chat provider](#other-settings-that-might-affect-copilot-in-windows-and-its-underlying-chat-provider)
-
-Organizations that aren't ready to use Copilot in Windows can disable it until they're ready by using the following policy:
-
-- **CSP**: ./User/Vendor/MSFT/Policy/Config/WindowsAI/[TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot)
-- **Group Policy**: User Configuration\Administrative Templates\Windows Components\Windows Copilot\\**Turn off Windows Copilot**
-
-## Other settings that might affect Copilot in Windows and its underlying chat provider
-
-Copilot in Windows and [Copilot in Edge](/copilot/edge), can share the same underlying chat provider platform. This also means that some settings that affect Copilot, Copilot with commercial data protection, and Copilot in Edge can also affect Copilot in Windows. The following common settings might affect Copilot in Windows and its underlying chat provider:
-
-### Bing settings
-
-- If [SafeSearch](https://support.microsoft.com/topic/946059ed-992b-46a0-944a-28e8fb8f1814) is enabled for Bing, it can block chat providers for Copilot in Windows. The following network changes block the chat providers for Copilot in Windows and Edge:
-
-   - Mapping `www.bing.com` to `strict.bing.com`
-   - Mapping `edgeservices.bing.com` to `strict.bing.com`
-   - Blocking `bing.com`
-
-- If Copilot with commercial data protection is turned on for your organization, users can access it through Edge mobile when signed in with their work account. If you would like to remove the Bing Chat button from the Edge mobile interface, you can use an [Intune Mobile Application Management (MAM) policy for Microsoft Edge](/mem/intune/apps/manage-microsoft-edge) to remove it:
-
-    | Key                                          | Value                                                                      |
-    |:---------------------------------------------|:---------------------------------------------------------------------------|
-    | com.microsoft.intune.mam.managedbrowser.Chat | **true** (default) shows the interface </br> **false** hides the interface |
-
-### Microsoft Edge policies
-
-- If [HubsSidebarEnabled](/deployedge/microsoft-edge-policies#hubssidebarenabled) is set to `disabled`, it blocks Copilot in Edge from being displayed.
-- If [DiscoverPageContextEnabled](/deployedge/microsoft-edge-policies#discoverpagecontextenabled) is set to `disabled`, it blocks Copilot from reading the current webpage context. The chat providers need access to the current webpage context for providing page summarizations and sending user selected strings from the webpage into the chat provider.
-
-### Search settings
-
-- Setting [ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode) to `Hide` might interfere with the Copilot in Windows user experience.
-- Setting [AllowSearchHighlights](/windows/client-management/mdm/policy-csp-search#allowsearchhighlights) to `disabled` might interfere with the Copilot in Windows and the Copilot in Edge user experiences.
-
-### Account settings
-
-- The [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#allowmicrosoftaccountconnection) setting might allow users to use their personal Microsoft account with Copilot in Windows and Copilot in Edge.
-- The [RestrictToEnterpriseDeviceAuthenticationOnly](/windows/client-management/mdm/policy-csp-accounts#restricttoenterprisedeviceauthenticationonly) setting might prevent access to chat providers since it blocks user authentication.
-
-## Microsoft's commitment to responsible AI
-
-Microsoft has been on a responsible AI journey since 2017, when we defined our principles and approach to ensuring this technology is used in a way that is driven by ethical principles that put people first. For more about our responsible AI journey, the ethical principles that guide us, and the tooling and capabilities we've created to assure that we develop AI technology responsibly, see [Responsible AI](https://www.microsoft.com/ai/responsible-ai).
diff --git a/windows/client-management/mdm-collect-logs.md b/windows/client-management/mdm-collect-logs.md
index bc39a4ceb7..0a3b883dcd 100644
--- a/windows/client-management/mdm-collect-logs.md
+++ b/windows/client-management/mdm-collect-logs.md
@@ -2,7 +2,7 @@
 title: Collect MDM logs
 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows devices managed by an MDM server.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ms.collection:
 - highpri
 - tier2
@@ -40,7 +40,7 @@ mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zi
 
 ### Understanding zip structure
 
-The zip file has logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
+The zip file has logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning, and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
 
 - DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
 - DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
diff --git a/windows/client-management/mdm-diagnose-enrollment.md b/windows/client-management/mdm-diagnose-enrollment.md
index 1d2c92bd1f..5610d29c34 100644
--- a/windows/client-management/mdm-diagnose-enrollment.md
+++ b/windows/client-management/mdm-diagnose-enrollment.md
@@ -2,7 +2,7 @@
 title: Diagnose MDM enrollment failures
 description: Learn how to diagnose enrollment failures for Windows devices
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Diagnose MDM enrollment
diff --git a/windows/client-management/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md
index c3140fd86d..f57170b82c 100644
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@@ -5,12 +5,12 @@ ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # MDM enrollment of Windows devices
 
-In today's cloud-first world, enterprise IT departments increasingly want to let employees use their own devices, or even choose and purchase corporate-owned devices. Connecting your devices to work makes it easy for you to access your organization's resources, such as apps, the corporate network, and email.
+In today's cloud-first world, enterprise IT departments increasingly want to let users use their own devices, or even choose and purchase corporate-owned devices. Connecting your devices to work makes it easy for you to access your organization's resources, such as apps, the corporate network, and email.
 
 > [!NOTE]
 > When you connect your device using mobile device management (MDM) enrollment, your organization may enforce certain policies on your device.
@@ -24,8 +24,6 @@ You can connect corporate-owned devices to work by either joining the device to
 > [!NOTE]
 > For devices joined to on-premises Active Directory, see [Group policy enrollment](enroll-a-windows-10-device-automatically-using-group-policy.md).
 
-<a name='connect-your-device-to-an-azure-ad-domain-join-azure-ad'></a>
-
 ### Connect your device to a Microsoft Entra domain (join Microsoft Entra ID)
 
 All Windows devices can be connected to a Microsoft Entra domain. These devices can be connected during OOBE. Additionally, desktop devices can be connected to a Microsoft Entra domain using the Settings app.
diff --git a/windows/client-management/mdm-known-issues.md b/windows/client-management/mdm-known-issues.md
index 10bd7ebaa1..43e571ecb6 100644
--- a/windows/client-management/mdm-known-issues.md
+++ b/windows/client-management/mdm-known-issues.md
@@ -2,7 +2,7 @@
 title: Known issues in MDM
 description: Learn about known issues for Windows devices in MDM
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Known issues
@@ -11,11 +11,11 @@ ms.date: 08/10/2023
 
 A Get command inside an atomic command isn't supported.
 
-## Apps installed using WMI classes are not removed
+## Apps installed using WMI classes aren't removed
 
 Applications installed using WMI classes aren't removed when the MDM account is removed from device.
 
-## Passing CDATA in SyncML does not work
+## Passing CDATA in SyncML doesn't work
 
 Passing CDATA in data in SyncML to ConfigManager and CSPs doesn't work.
 
@@ -222,8 +222,6 @@ Alternatively you can use the following procedure to create an EAP Configuration
 
 After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
 
-<a name='user-provisioning-failure-in-azure-active-directory-joined-devices'></a>
-
 ## User provisioning failure in Microsoft Entra joined devices
 
 For Microsoft Entra joined devices, provisioning `.\User` resources fails when the user isn't logged in as a Microsoft Entra user. If you attempt to join Microsoft Entra ID from **Settings** &gt; **System** &gt; **About** user interface, ensure to sign out and sign in with Microsoft Entra credentials to get your organizational configuration from your MDM server. This behavior is by design.
@@ -232,6 +230,6 @@ For Microsoft Entra joined devices, provisioning `.\User` resources fails when t
 
 If you want to use the certificate used for VPN authentication also for Kerberos authentication (required if you need access to on-premises resources using NTLM or Kerberos), the user's certificate must meet the requirements for smart card certificate, the Subject field should contain the DNS domain name in the DN or the SAN should contain a fully qualified UPN so that the DC can be located from the DNS registrations. If certificates that don't meet these requirements are used for VPN, users may fail to access resources that require Kerberos authentication.
 
-## Device management agent for the push-button reset is not working
+## Device management agent for the push-button reset isn't working
 
 The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push-button-reset-overview) keeps the registry settings for OMA DM sessions, but deletes the task schedules. The client enrollment is retained, but it never syncs with the MDM service.
diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md
index 7b31fe006a..1db4cb2fee 100644
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -1,12 +1,13 @@
 ---
 title: Mobile Device Management overview
 description: Windows provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.collection:
 - highpri
 - tier2
+- essentials-manage
 ---
 
 # Mobile Device Management overview
@@ -56,8 +57,6 @@ For information about the MDM policies defined in the Intune security baseline,
 
 No. Only one MDM is allowed.
 
-<a name='how-do-i-set-the-maximum-number-of-azure-active-directory-joined-devices-per-user'></a>
-
 ### How do I set the maximum number of Microsoft Entra joined devices per user?
 
 1. Sign in to the portal as tenant admin: <https://portal.azure.com>.
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index e3debc8c7e..99038f75e0 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: ActiveSync DDF file
 description: View the XML file containing the device description framework (DDF) for the ActiveSync configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index e701a8b0ec..8b27862509 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: ApplicationControl DDF file
 description: View the XML file containing the device description framework (DDF) for the ApplicationControl configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.18362</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index c8d03d6d27..9d1ededd2a 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: AppLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 8bc008e978..81d21dbfab 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: AssignedAccess DDF file
 description: View the XML file containing the device description framework (DDF) for the AssignedAccess configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 647b90ac50..f4d06f4ce7 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -1,7 +1,7 @@
 ---
 title: BitLocker CSP
 description: Learn more about the BitLocker CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -406,7 +406,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-FixedDrivesEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-FixedDrivesEncryptionType-Applicability-End -->
 
 <!-- Device-FixedDrivesEncryptionType-OmaUri-Begin -->
@@ -686,7 +686,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-IdentificationField-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-IdentificationField-Applicability-End -->
 
 <!-- Device-IdentificationField-OmaUri-Begin -->
@@ -766,7 +766,7 @@ Sample value for this node to enable this policy is:
 <!-- Device-RemovableDrivesConfigureBDE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-RemovableDrivesConfigureBDE-Applicability-End -->
 
 <!-- Device-RemovableDrivesConfigureBDE-OmaUri-Begin -->
@@ -839,7 +839,7 @@ Sample value for this node to enable this policy is:
 <!-- Device-RemovableDrivesEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-RemovableDrivesEncryptionType-Applicability-End -->
 
 <!-- Device-RemovableDrivesEncryptionType-OmaUri-Begin -->
@@ -1370,7 +1370,7 @@ This value represents a bitmask with each bit and the corresponding error code d
 <!-- Device-Status-RemovableDrivesEncryptionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Status-RemovableDrivesEncryptionStatus-Applicability-End -->
 
 <!-- Device-Status-RemovableDrivesEncryptionStatus-OmaUri-Begin -->
@@ -1493,7 +1493,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure.
 <!-- Device-SystemDrivesDisallowStandardUsersCanChangePIN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesDisallowStandardUsersCanChangePIN-Applicability-End -->
 
 <!-- Device-SystemDrivesDisallowStandardUsersCanChangePIN-OmaUri-Begin -->
@@ -1558,7 +1558,7 @@ Sample value for this node to disable this policy is: `<disabled/>`
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Applicability-End -->
 
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-OmaUri-Begin -->
@@ -1626,7 +1626,7 @@ Sample value for this node to enable this policy is: `<enabled/>`
 <!-- Device-SystemDrivesEnablePreBootPinExceptionOnDECapableDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEnablePreBootPinExceptionOnDECapableDevice-Applicability-End -->
 
 <!-- Device-SystemDrivesEnablePreBootPinExceptionOnDECapableDevice-OmaUri-Begin -->
@@ -1686,7 +1686,7 @@ Sample value for this node to enable this policy is: `<enabled/>`
 <!-- Device-SystemDrivesEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEncryptionType-Applicability-End -->
 
 <!-- Device-SystemDrivesEncryptionType-OmaUri-Begin -->
@@ -1762,7 +1762,7 @@ Possible values:
 <!-- Device-SystemDrivesEnhancedPIN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEnhancedPIN-Applicability-End -->
 
 <!-- Device-SystemDrivesEnhancedPIN-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 6015905cf3..1680ecfd3d 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: BitLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
-ms.date: 06/19/2024
+ms.date: 08/07/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the B
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -809,6 +809,9 @@ Supported Values: String form of request ID. Example format of request ID is GUI
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+          </MSFT:Applicability>
         </DFProperties>
       </Node>
       <Node>
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index 8ab2380099..b552ae24ad 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: CertificateStore DDF file
 description: View the XML file containing the device description framework (DDF) for the CertificateStore configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the C
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index c77ddb1695..20bf836b45 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: ClientCertificateInstall DDF file
 description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the C
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -1162,7 +1162,7 @@ Valid values are:
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/clouddesktop-csp.md b/windows/client-management/mdm/clouddesktop-csp.md
index 400b655707..253efc7e95 100644
--- a/windows/client-management/mdm/clouddesktop-csp.md
+++ b/windows/client-management/mdm/clouddesktop-csp.md
@@ -1,7 +1,7 @@
 ---
 title: CloudDesktop CSP
 description: Learn more about the CloudDesktop CSP.
-ms.date: 06/19/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -22,7 +22,8 @@ The following list shows the CloudDesktop configuration service provider nodes:
   - [BootToCloudPCEnhanced](#deviceboottocloudpcenhanced)
   - [EnableBootToCloudSharedPCMode](#deviceenableboottocloudsharedpcmode)
 - ./User/Vendor/MSFT/CloudDesktop
-  - [EnablePhysicalDeviceAccess](#userenablephysicaldeviceaccess)
+  - [EnablePhysicalDeviceAccessOnCtrlAltDel](#userenablephysicaldeviceaccessonctrlaltdel)
+  - [EnablePhysicalDeviceAccessOnErrorScreens](#userenablephysicaldeviceaccessonerrorscreens)
 <!-- CloudDesktop-Tree-End -->
 
 <!-- Device-BootToCloudPCEnhanced-Begin -->
@@ -31,7 +32,7 @@ The following list shows the CloudDesktop configuration service provider nodes:
 <!-- Device-BootToCloudPCEnhanced-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22621.3374] and later |
 <!-- Device-BootToCloudPCEnhanced-Applicability-End -->
 
 <!-- Device-BootToCloudPCEnhanced-OmaUri-Begin -->
@@ -131,31 +132,31 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
 
 <!-- Device-EnableBootToCloudSharedPCMode-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-Begin -->
-## User/EnablePhysicalDeviceAccess
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Begin -->
+## User/EnablePhysicalDeviceAccessOnCtrlAltDel
 
-<!-- User-EnablePhysicalDeviceAccess-Applicability-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-<!-- User-EnablePhysicalDeviceAccess-Applicability-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Applicability-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-OmaUri-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-OmaUri-Begin -->
 ```User
-./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccess
+./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccessOnCtrlAltDel
 ```
-<!-- User-EnablePhysicalDeviceAccess-OmaUri-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-OmaUri-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-Description-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Description-Begin -->
 <!-- Description-Source-DDF -->
 Configuring this node gives access to the physical devices used to boot to Cloud PCs from the Ctrl+Alt+Del page for specified users. This node supports these options: 0. Not enabled 1. Enabled.
-<!-- User-EnablePhysicalDeviceAccess-Description-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Description-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-Editable-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- User-EnablePhysicalDeviceAccess-Editable-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Editable-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-DFProperties-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-DFProperties-Begin -->
 **Description framework properties**:
 
 | Property name | Property value |
@@ -163,22 +164,71 @@ Configuring this node gives access to the physical devices used to boot to Cloud
 | Format | `bool` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | false |
-<!-- User-EnablePhysicalDeviceAccess-DFProperties-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-DFProperties-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-AllowedValues-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-AllowedValues-Begin -->
 **Allowed values**:
 
 | Value | Description |
 |:--|:--|
-| false (Default) | Access to physical device disabled. |
-| true | Access to physical device enabled. |
-<!-- User-EnablePhysicalDeviceAccess-AllowedValues-End -->
+| false (Default) | Access to physical device on CtrlAltDel page disabled. |
+| true | Access to physical device on CtrlAltDel page enabled. |
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-AllowedValues-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-Examples-Begin -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- User-EnablePhysicalDeviceAccess-Examples-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-Examples-End -->
 
-<!-- User-EnablePhysicalDeviceAccess-End -->
+<!-- User-EnablePhysicalDeviceAccessOnCtrlAltDel-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Begin -->
+## User/EnablePhysicalDeviceAccessOnErrorScreens
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Applicability-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccessOnErrorScreens
+```
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-OmaUri-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Description-Begin -->
+<!-- Description-Source-DDF -->
+Configuring this node gives access to the physical devices used to boot to Cloud PCs from the error screens for specified users. This node supports these options: 0. Not enabled 1. Enabled.
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Description-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Editable-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | false |
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-DFProperties-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Access to physical device on error screens disabled. |
+| true | Access to physical device on error screens enabled. |
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-AllowedValues-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-Examples-End -->
+
+<!-- User-EnablePhysicalDeviceAccessOnErrorScreens-End -->
 
 <!-- CloudDesktop-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md
index 6efe3ed695..07c68d9f04 100644
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: CloudDesktop DDF file
 description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
-ms.date: 06/19/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -44,7 +44,7 @@ The following XML file contains the device description framework (DDF) for the C
       </MSFT:Applicability>
     </DFProperties>
     <Node>
-      <NodeName>EnablePhysicalDeviceAccess</NodeName>
+      <NodeName>EnablePhysicalDeviceAccessOnCtrlAltDel</NodeName>
       <DFProperties>
         <AccessType>
           <Add />
@@ -63,18 +63,54 @@ The following XML file contains the device description framework (DDF) for the C
         <Scope>
           <Dynamic />
         </Scope>
-        <DFTitle>Enable access to physical device</DFTitle>
+        <DFTitle>Enable access to physical device on CtrlAltDel page</DFTitle>
         <DFType>
           <MIME />
         </DFType>
         <MSFT:AllowedValues ValueType="ENUM">
           <MSFT:Enum>
             <MSFT:Value>false</MSFT:Value>
-            <MSFT:ValueDescription>Access to physical device disabled</MSFT:ValueDescription>
+            <MSFT:ValueDescription>Access to physical device on CtrlAltDel page disabled</MSFT:ValueDescription>
           </MSFT:Enum>
           <MSFT:Enum>
             <MSFT:Value>true</MSFT:Value>
-            <MSFT:ValueDescription>Access to physical device enabled</MSFT:ValueDescription>
+            <MSFT:ValueDescription>Access to physical device on CtrlAltDel page enabled</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>EnablePhysicalDeviceAccessOnErrorScreens</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>false</DefaultValue>
+        <Description>Configuring this node gives access to the physical devices used to boot to Cloud PCs from the error screens for specified users. This node supports these options: 0. Not enabled 1. Enabled.</Description>
+        <DFFormat>
+          <bool />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
+        <DFTitle>Enable access to physical device on error screens</DFTitle>
+        <DFType>
+          <MIME />
+        </DFType>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>false</MSFT:Value>
+            <MSFT:ValueDescription>Access to physical device on error screens disabled</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>true</MSFT:Value>
+            <MSFT:ValueDescription>Access to physical device on error screens enabled</MSFT:ValueDescription>
           </MSFT:Enum>
         </MSFT:AllowedValues>
       </DFProperties>
@@ -101,7 +137,7 @@ The following XML file contains the device description framework (DDF) for the C
         <MIME />
       </DFType>
       <MSFT:Applicability>
-        <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
+        <MSFT:OsBuildVersion>10.0.22621.3374</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
         <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
@@ -131,7 +167,7 @@ The following XML file contains the device description framework (DDF) for the C
           <MIME />
         </DFType>
         <MSFT:Applicability>
-          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3374</MSFT:OsBuildVersion>
           <MSFT:CspVersion>1.0</MSFT:CspVersion>
         </MSFT:Applicability>
         <MSFT:AllowedValues ValueType="ENUM">
diff --git a/windows/client-management/mdm/configuration-service-provider-support.md b/windows/client-management/mdm/configuration-service-provider-support.md
index 161a1ac596..2b04dda317 100644
--- a/windows/client-management/mdm/configuration-service-provider-support.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@@ -9,1060 +9,7 @@ ms.collection:
 
 # Configuration service provider support
 
-A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over-the-air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
+A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over-the-air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over-the-air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
 
 - For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
-- For CSP DDF files, see [CSP DDF files download](configuration-service-provider-ddf.md).
-
-<!--StartCSPs-->
-
-## CSP support
-
-<!--StartCSP-->
-[AccountManagement CSP](accountmanagement-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Accounts CSP](accounts-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[ActiveSync CSP](activesync-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[AllJoynManagement CSP](alljoynmanagement-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Application CSP](application-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[ApplicationControl CSP](applicationcontrol-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[AppLocker CSP](applocker-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[AssignedAccess CSP](assignedaccess-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Bootstrap CSP](bootstrap-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[BitLocker CSP](bitlocker-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CMPolicy CSP](cmpolicy-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CM_CellularEntries CSP](cm-cellularentries-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CM_ProxyEntries CSP](cm-proxyentries-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CellularSettings CSP](cellularsettings-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CertificateStore CSP](certificatestore-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CleanPC CSP](cleanpc-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[CustomDeviceUI CSP](customdeviceui-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DMAcc CSP](dmacc-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DMClient CSP](dmclient-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Defender CSP](defender-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DevDetail CSP](devdetail-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DevInfo CSP](devinfo-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DeveloperSetup CSP](developersetup-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DeviceInstanceService CSP](deviceinstanceservice-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DeviceLock CSP](devicelock-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DeviceManageability CSP](devicemanageability-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DeviceStatus CSP](devicestatus-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DiagnosticLog CSP](diagnosticlog-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[DynamicManagement CSP](dynamicmanagement-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EMail2 CSP](email2-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EnterpriseAPN CSP](enterpriseapn-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes<br> [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[eUICCs CSP](euiccs-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Firewall CSP](firewall-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[HealthAttestation CSP](healthattestation-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[LanguagePackManagement CSP](language-pack-management-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|No|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Local Administrator Password Solution CSP](laps-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[MultiSIM CSP](multisim-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[NAP CSP](nap-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[NAPDEF CSP](napdef-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[NetworkProxy CSP](networkproxy-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[NetworkQoSPolicy CSP](networkqospolicy-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[NodeCache CSP](nodecache-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Office CSP](office-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[PXLogical CSP](pxlogical-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[PassportForWork CSP](passportforwork-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Personalization CSP](personalization-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Policy CSP](policy-configuration-service-provider.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Provisioning CSP](provisioning-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Reboot CSP](reboot-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[RemoteFind CSP](remotefind-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[RemoteWipe CSP](remotewipe-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Reporting CSP](reporting-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[RootCATrustedCertificates CSP](rootcacertificates-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[SUPL CSP](supl-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[SecureAssessment CSP](secureassessment-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[SecurityPolicy CSP](securitypolicy-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[SharedPC CSP](sharedpc-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Storage CSP](storage-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-
-[SurfaceHub](surfacehub-csp.md)
-<!--StartSKU-->
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-
-[TenantLockdown CSP](tenantlockdown-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[TPMPolicy CSP](tpmpolicy-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[UEFI CSP](uefi-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Update CSP](update-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[VPN CSP](vpn-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[VPNv2 CSP](vpnv2-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-
-[W4 Application CSP](w4-application-csp.md)
-<!--StartSKU-->
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-
-
-[WiFi CSP](wifi-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Win32AppInventory CSP](win32appinventory-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-
-[WindowsLicensing CSP](windowslicensing-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--StartCSP-->
-[WiredNetwork CSP](wirednetwork-csp.md)
-
-<!--StartSKU-->
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-
-<!--StartCSP-->
-[w7 Application CSP](w7-application-csp.md)
-<!--StartSKU-->
-
-<!--EndSKU-->
-<!--EndCSP-->
-
-<!--EndCSPs-->
-
-## CSPs supported in HoloLens devices
-
-The following list shows the CSPs supported in HoloLens devices:
-
-| Configuration service provider        | HoloLens (1st gen) Development Edition      | HoloLens (1st gen) Commercial Suite | HoloLens 2 |
-|------|--------|--------|--------|
-| [AccountManagement CSP](accountmanagement-csp.md)   | No | Yes        | Yes
-| [Accounts CSP](accounts-csp.md)    | Yes | Yes | Yes |
-| [ApplicationControl CSP](applicationcontrol-csp.md) | No | No |  Yes |
-| [AppLocker CSP](applocker-csp.md)      | No | Yes       | No |
-| [AssignedAccess CSP](assignedaccess-csp.md)      | No | Yes        | Yes |
-| [CertificateStore CSP](certificatestore-csp.md)    | Yes | Yes| Yes |
-| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)  | No | Yes       | Yes |
-| [DevDetail CSP](devdetail-csp.md)   | Yes | Yes       | Yes |
-| [DeveloperSetup CSP](developersetup-csp.md)   | No | Yes    (runtime provisioning via provisioning packages only; no MDM support)| Yes (runtime provisioning via provisioning packages only; no MDM support) |
-| [DeviceManageability CSP](devicemanageability-csp.md) | No | No | Yes |
-| [DeviceStatus CSP](devicestatus-csp.md)  | No | Yes  | Yes |
-| [DevInfo CSP](devinfo-csp.md)  | Yes | Yes       | Yes |
-| [DiagnosticLog CSP](diagnosticlog-csp.md)  | No | Yes       | Yes |
-| [DMAcc CSP](dmacc-csp.md)      | Yes | Yes       | Yes |
-| [DMClient CSP](dmclient-csp.md)    | Yes | Yes       | Yes |
-| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | No | No | Yes   |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | No | Yes       | Yes |
-| [NetworkProxy CSP](networkproxy-csp.md) | No | No | Yes |
-| [NetworkQoSPolicy CSP](networkqospolicy-csp.md)  | No | No       | Yes |
-| [NodeCache CSP](nodecache-csp.md)  | Yes | Yes       | Yes |
-[PassportForWork CSP](passportforwork-csp.md) | No | Yes | Yes |
-| [Policy CSP](policy-configuration-service-provider.md)    | No | Yes       | Yes |
-| [RemoteFind CSP](remotefind-csp.md)    | No | Yes        | Yes |
-| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only)  | No | Yes        | Yes |
-| [RootCATrustedCertificates CSP](rootcacertificates-csp.md)   | No | Yes       | Yes |
-| [TenantLockdown CSP](tenantlockdown-csp.md) | No | No | Yes   |
-| [Update CSP](update-csp.md)     | No | Yes       | Yes |
-| [VPNv2 CSP](vpnv2-csp.md)    | No | Yes       | Yes |
-| [WiFi CSP](wifi-csp.md)     | No | Yes       | Yes |
-| [WindowsLicensing CSP](windowslicensing-csp.md)   | Yes | Yes       | No |
-
-
-## CSPs supported in Microsoft Surface Hub
-
--   [Accounts CSP](accounts-csp.md)
-    > [!NOTE]
-    > Support in Surface Hub is limited to **Domain\ComputerName**.
--   [AccountManagement CSP](accountmanagement-csp.md)
--   [Application CSP](application-csp.md)
--   [CertificateStore CSP](certificatestore-csp.md)
--   [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
--   [Defender CSP](defender-csp.md)
--   [DevDetail CSP](devdetail-csp.md)
--   [DeviceManageability CSP](devicemanageability-csp.md)
--   [DeviceStatus CSP](devicestatus-csp.md)
--   [DevInfo CSP](devinfo-csp.md)
--   [DiagnosticLog CSP](diagnosticlog-csp.md)
--   [DMAcc CSP](dmacc-csp.md)
--   [DMClient CSP](dmclient-csp.md)
--   [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
--   [Firewall-CSP](firewall-csp.md)
--   [HealthAttestation CSP](healthattestation-csp.md)
--   [NetworkProxy CSP](networkproxy-csp.md)
--   [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
--   [NodeCache CSP](nodecache-csp.md)
--   [PassportForWork CSP](passportforwork-csp.md)
--   [Policy CSP](policy-configuration-service-provider.md)
--   [Reboot CSP](reboot-csp.md)
--   [RemoteWipe CSP](remotewipe-csp.md)
--   [Reporting CSP](reporting-csp.md)
--   [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
--   [SurfaceHub CSP](surfacehub-csp.md)
--   [UEFI CSP](uefi-csp.md)
--   [Wifi-CSP](wifi-csp.md)
--   [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
--   [Wirednetwork-CSP](wirednetwork-csp.md)
+- For CSP DDF files, see [Device description framework files](configuration-service-provider-ddf.md).
diff --git a/windows/client-management/mdm/declaredconfiguration-csp.md b/windows/client-management/mdm/declaredconfiguration-csp.md
index 5614e38ee4..4251c9ab44 100644
--- a/windows/client-management/mdm/declaredconfiguration-csp.md
+++ b/windows/client-management/mdm/declaredconfiguration-csp.md
@@ -1,7 +1,7 @@
 ---
 title: DeclaredConfiguration CSP
 description: Learn more about the DeclaredConfiguration CSP.
-ms.date: 01/18/2024
+ms.date: 09/12/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -15,13 +15,13 @@ ms.date: 01/18/2024
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The primary MDM model is one where the MDM server is solely responsible for orchestration and continuous maintenance of the state of the device for configuration scenarios. This behavior results in intensive network traffic and high network latency due to the synchronous configuration model based on the OMA-DM Syncml standard. It's also error-prone given that the server needs deep knowledge of the client.
 
-The declared configuration device management model requires the server to deliver all the setting values to the device for the scenario configuration. The server sends them asynchronously in batches through the client declared configuration CSP.
+The Windows declared configuration (WinDC) device management model requires the server to deliver all the setting values to the device for the scenario configuration. The server sends them asynchronously in batches through the DeclaredConfiguration CSP.
 
-- During the client-initiated OMA-DM session, the declared configuration server sends a configuration or an inventory declared configuration document to the client through the [Declared Configuration CSP URI](#declared-configuration-oma-uri). If the device verifies the syntax of the document is correct, the client stack pushes the request to its orchestrator to process the request asynchronously. The client stack then exits, and returns control back to the declared configuration service. This behavior allows the device to asynchronously process the request.
+- During the client-initiated OMA-DM session, the WinDC server sends a configuration or an inventory WinDC document to the client through the [DeclaredConfiguration CSP URI](#declaredconfiguration-oma-uri). If the device verifies the syntax of the document is correct, the client stack pushes the request to its orchestrator to process the request asynchronously. The client stack then exits, and returns control back to the WinDC service. This behavior allows the device to asynchronously process the request.
 
-- On the client, if there are any requests in process or completed, it sends a [generic alert](#declared-configuration-generic-alert) to the server. This alert summarizes each document's status, state, and progress. Every client HTTPS request to the declared configuration OMA-DM server includes this summary.
+- On the client, if there are any requests in process or completed, it sends a [generic alert](#windc-generic-alert) to the server. This alert summarizes each document's status, state, and progress. Every client HTTPS request to the WinDC OMA-DM server includes this summary.
 
-- The declared configuration server uses the generic alert to determine which requests are completed successfully or with errors. The server can then synchronously retrieve the declared configuration document process results through the [Declared Configuration CSP URI](#declared-configuration-oma-uri).
+- The WinDC server uses the generic alert to determine which requests are completed successfully or with errors. The server can then synchronously retrieve the WinDC document process results through the [DeclaredConfiguration CSP URI](#declaredconfiguration-oma-uri).
 <!-- DeclaredConfiguration-Editable-End -->
 
 <!-- DeclaredConfiguration-Tree-Begin -->
@@ -730,107 +730,51 @@ The Document node's value is an XML based document containing a collection of se
 
 <!-- DeclaredConfiguration-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
-## Declared configuration OMA URI
+## DeclaredConfiguration OMA URI
 
-A declared configuration request is sent using an OMA-URI similar to `./Device/Vendor/MSFT/DeclaredConfiguration/Host/[Complete|Inventory]/Documents/{DocID}/Document`.
+A WinDC request is sent using an OMA-URI similar to `./Device/Vendor/MSFT/DeclaredConfiguration/Host/[Complete|Inventory]/Documents/{DocID}/Document`.
 
-- The URI is prefixed with a targeted scope. The target of the scenario settings can only be device wide for extensibility. The scope should be `Device`.
+- The URI is prefixed with a targeted scope (`User` or `Device`).
 - `{DocID}` is a unique identifier for the desired state of the configuration scenario. Every document must have an ID, which must be a GUID.
-- The request can be a **Configuration**, **Inventory**, or **Complete** request.
+- The request can be a **Inventory**, or **Complete** request.
 
 The following URI is an example of a **Complete** request: `./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document`
 
-## DeclaredConfiguration document XML
-
-The value of the leaf node `Document` is an XML document that describes the request. The actual processing of the request pivots around the `osdefinedscenario` tag:
-
-- `MSFTExtensibilityMIProviderConfig`: Used to configure MI provider settings.
-- `MSFTExtensibilityMIProviderInventory`:  Used to retrieve MI provider setting values.
-
-The DeclaredConfiguration CSP synchronously validates the batch of settings described by the `<DeclaredConfiguration>` element, which represents the declared configuration document. It checks for correct syntax based on the declared configuration XML schema. If there's a syntax error, the CSP returns an error immediately back to the server as part of the current OMA-DM session. If the syntax check passes, then the request is passed on to a Windows service. The Windows service asynchronously attempts the desired state configuration of the specified scenario. This process frees up the server to do other work thus the low latency of this  declared configuration protocol. The Windows client service, the orchestrator, is responsible for driving the configuration of the device based on the server supplied desire state. The service also maintains this state throughout its lifetime, until the server removes or modifies it.
-
-The following example uses the built-in, native MI provider `MSFT_FileDirectoryConfiguration` with the OS-defined scenario `MSFTExtensibilityMIProviderConfig`:
+## WinDC document
 
 ```xml
-<DeclaredConfiguration schema="1.0" context="Device" id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2" checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999" osdefinedscenario="MSFTExtensibilityMIProviderConfig">
-    <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration">
-        <Key name="DestinationPath">c:\data\test\bin\ut_extensibility.tmp</Key>
-        <Value name="Contents">TestFileContentBlah</Value>
-    </DSC>
+<DeclaredConfiguration
+    schema="1.0"
+    context="Device"
+    id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2"
+    checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999"
+    osdefinedscenario="MSFTExtensibilityMIProviderConfig">
+    ... {Configuration Data} ...
 </DeclaredConfiguration>
 ```
 
-The standard OMA-DM SyncML syntax is used to specify the DeclaredConfiguration CSP operations such as **Replace**, **Set**, and **Delete**. The payload of the SyncML's `<Data>` element must be XML-encoded. For this XML encoding, there are various online encoders that you can use. To avoid encoding the payload, you can use [CDATA Section](https://www.w3.org/TR/REC-xml/#sec-cdata-sect) as shown in the following example:
+The `<DeclaredConfiguration>` XML tag specifies the details of the WinDC document to process. The document could be part of a configuration request or an inventory request. The DeclaredConfiguration CSP has two URIs to allow the specification of a [configuration](#hostcomplete) or an [inventory](#hostinventory) request.
 
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<SyncML xmlns="SYNCML:SYNCML1.1">
-  <SyncBody>
-    <Replace>
-      <CmdID>14</CmdID>
-      <Item>
-        <Target>
-          <LocURI> ./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/99988660-9080-3433-96e8-f32e85011999/Document</LocURI>
-        </Target>
-        <Data>
-          <![CDATA[<DeclaredConfiguration schema="1.0" context="Device" id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2" checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999" osdefinedscenario="MSFTExtensibilityMIProviderConfig">
-                <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration">
-                    <Key name="DestinationPath">c:\data\test\bin\ut_extensibility.tmp</Key>
-                    <Value name="Contents">TestFileContentBlah</Value>
-                </DSC>
-            </DeclaredConfiguration>]]>
-        </Data>
-      </Item>
-    </Replace>
-    <Final/>
-  </SyncBody>
-</SyncML>
-```
+This tag has the following attributes:
 
-### DeclaredConfiguration XML document tags
+| Attribute           | Description                                                                            |
+|---------------------|----------------------------------------------------------------------------------------|
+| `schema`            | The schema version of the xml. Currently `1.0`.                                        |
+| `context`           | States whether the document is targeting the device or user.                           |
+| `id`                | The unique identifier of the document set by the server. This value should be a GUID.  |
+| `checksum`          | This value is the server-supplied version of the document.                             |
+| `osdefinedscenario` | The named scenario that the client should configure with the given configuration data. |
 
-Both `MSFTExtensibilityMIProviderConfig` and `MSFTExtensibilityMIProviderInventory` are OS-defined scenarios that require the same tags and attributes.
+The DeclaredConfiguration CSP synchronously validates the batch of settings described by the `<DeclaredConfiguration>` element, which represents the WinDC document. It checks for correct syntax based on the WinDC XML schema. If there's a syntax error, the CSP returns an error immediately back to the server as part of the current OMA-DM session. If the syntax check passes, then the request is passed on to a Windows service. The Windows service asynchronously attempts the desired state configuration of the specified scenario. This process frees up the server to do other work thus the low latency of the WinDC protocol. The Windows client service, the orchestrator, is responsible for driving the configuration of the device based on the server supplied desire state. The service also maintains this state throughout its lifetime, until the server removes or modifies it.
 
-- The `<DeclaredConfiguration>` XML tag specifies the details of the declared configuration document to process. The document could be part of a configuration request or an inventory request. The DeclaredConfiguration CSP has two URIs to allow the specification of a configuration or an inventory request.
+The actual processing of the request pivots around the `osdefinedscenario` tag and the configuration data specified within the document. For more information, see:
 
-    This tag has the following attributes:
+- [WinDC document for resource access](../declared-configuration-resource-access.md#windc-document)
+- [WinDC document for extensibility](../declared-configuration-extensibility.md#windc-document)
 
-    | Attribute | Description |
-    |--|--|
-    | `schema` | The schema version of the xml. Currently `1.0`. |
-    | `context` | States that this document is targeting the device. The value should be `Device`. |
-    | `id` | The unique identifier of the document set by the server. This value should be a GUID. |
-    | `checksum` | This value is the server-supplied version of the document. |
-    | `osdefinedscenario` | The named scenario that the client should configure with the given configuration data. For  extensibility, the scenario is either `MSFTExtensibilityMIProviderConfig` or `MSFTExtensibilityMIProviderInventory`. |
+## WinDC generic alert
 
-- The `<DSC>` XML tag describes the targeted WMI provider expressed by a namespace and class name along with the values either to be applied to the device or queried by the MI provider.
-
-    This tag has the following attributes:
-
-    | Attribute | Description |
-    |--|--|
-    | `namespace` | Specifies the targeted MI provider namespace. |
-    | `classname` | The targeted MI provider. |
-
-- The `<Key>` XML tag describes the required parameter name and value. It only needs a value for configuration. The name is an attribute and the value is `<Key>` content.
-
-    This tag has the following attributes:
-
-    | Attribute | Description |
-    |--|--|
-    | `name` | Specifies the name of an MI provider parameter. |
-
-- The `<Value>` XML tag describes the optional parameter name and value. It only needs a value for configuration. The name is an attribute and the value is `<Value>` content.
-
-    This tag has the following attributes:
-
-    | Attribute | Description |
-    |--|--|
-    | `name` | Specifies the name of an MI provider parameter. |
-
-## Declared configuration generic alert
-
-On every client response to the server's request, the client constructs a declared configuration alert. This alert summarizes the state of each of the documents that the Windows service has processed. The following XML is an example alert:
+On every client response to the server's request, the client constructs a WinDC alert. This alert summarizes the state of each of the documents that the Windows service has processed. The following XML is an example alert:
 
 ```xml
 <Alert>
@@ -853,9 +797,13 @@ On every client response to the server's request, the client constructs a declar
 </Alert>
 ```
 
-In this example, there's one declared configuration document listed in the alert summary. The alert summary lists every document that the client stack is processing, either a configuration or inventory request. It describes the context of the document that specifies the scope of how the document is applied. The **context** value should be `Device`.
+In this example, there's one WinDC document listed in the alert summary. The alert summary lists every document that the client stack is processing, either a configuration or inventory request. It describes the context of the document that specifies the scope of how the document is applied. The **context** value should be `Device`.
 
-The **state** attribute has a value of `60`, which indicates that the document was processed successfully. The following class defines the other state values:
+The **state** attribute has a value of `60`, which indicates that the document was processed successfully.
+
+## WinDC states
+
+The following class defines the state values:
 
 ```csharp
 enum class DCCSPURIState :unsigned long
@@ -889,150 +837,83 @@ enum class DCCSPURIState :unsigned long
 
 ## SyncML examples
 
-- Retrieve the results of a configuration or inventory request:
+- [SyncML examples for resource access](../declared-configuration-resource-access.md#syncml-examples)
+- [SyncML examples for extensibility](../declared-configuration-extensibility.md#syncml-examples)
 
-    ```xml
-    <SyncML xmlns="SYNCML:SYNCML1.1">
-      <SyncBody>
-        <Get>
-          <CmdID>2</CmdID>
-          <Item>
-            <Meta>
-              <Format>chr</Format>
-              <Type>text/plain</Type>
-            </Meta>
-            <Target>
-              <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Results/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
-            </Target>
-          </Item>
-        </Get>
-        <Final />
-      </SyncBody>
-    </SyncML>
-    ```
+### Abandon a WinDC document
 
-    ```xml
-    <Status>
-        <CmdID>2</CmdID>
-        <MsgRef>1</MsgRef>
-        <CmdRef>2</CmdRef>
-        <Cmd>Get</Cmd>
-        <Data>200</Data>
-    </Status>
-    <Results>
-        <CmdID>3</CmdID>
-        <MsgRef>1</MsgRef>
-        <CmdRef>2</CmdRef>
-        <Item>
-            <Source>
-                <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Results/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
-            </Source>
-            <Data>
-                <DeclaredConfigurationResult context="Device" schema="1.0" id="99988660-9080-3433-96e8-f32e85011999" osdefinedscenario="MSFTPolicies" checksum="99925209110918B67FE962460137AA3440AFF4DB6ABBE15C8F499682457B9999" result_checksum="EE4F1636201B0D39F71654427E420E625B9459EED17ACCEEE1AC9B358F4283FD" operation="Set" state="60">
-                    <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration" status="200" state="60">
-                        <Key name="DestinationPath" />
-                        <Value name="Contents" />
-                    </DSC>
-                </DeclaredConfigurationResult>
-            </Data>
-        </Item>
-    </Results>
-    ```
+Abandoning a resource occurs when certain resources are no longer targeted to a user or group. Instead of deleting the resource on the device, the server can choose to abandon the WinDC document. An abandoned resource stays on the device but stops refreshing the WinDC document that handles drift control. Also the [resource ownership](../declared-configuration-resource-access.md#resource-ownership) is transferred to MDM, which means the same resource can be modified via legacy MDM channel again.
 
-- Replace a configuration or inventory request
+This example demonstrates how to abandon a WinDC document, by setting the **Abandoned** property to **1**.
 
-    ```xml
-    <SyncML xmlns="SYNCML:SYNCML1.1">
-      <SyncBody>
-        <Replace>
-          <CmdID>14</CmdID>
-          <Item>
-            <Target>
-              <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Inventory/Documents/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
-            </Target>
-            <Data>
-              <![CDATA[<DeclaredConfiguration schema="1.0" context="Device" id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2" checksum="99995209110918B67FE962460137AA3440AFF4DB6ABBE15C8F49968245799999" osdefinedscenario="MSFTExtensibilityMIProviderInventory">
-                    <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration">
-                        <Key name="DestinationPath">c:/temp/foobar.tmp</Key>
-                        <Value name="Contents"></Value>
-                    </DSC>
-                </DeclaredConfiguration>]]>
-            </Data>
-          </Item>
-        </Replace>
-        <Final />
-      </SyncBody>
-    </SyncML>
-    ```
-
-    ```xml
-    <Status>
-        <CmdID>2</CmdID>
-        <MsgRef>1</MsgRef>
-        <CmdRef>2</CmdRef>
-        <Cmd>Get</Cmd>
-        <Data>200</Data>
-    </Status><Results>
-        <CmdID>3</CmdID>
-        <MsgRef>1</MsgRef>
-        <CmdRef>2</CmdRef>
-        <Item>
-            <Source>
-                <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Inventory/Results/99998660-9080-3433-96e8-f32e85019999/Document</LocURI>
-            </Source>
-            <Data>
-                <DeclaredConfigurationResult context="Device" schema="1.0" id="27FEA311-68B9-4320-9FC4-296F6FDFAFE2" osdefinedscenario="MSFTExtensibilityMIProviderInventory" checksum="99995209110918B67FE962460137AA3440AFF4DB6ABBE15C8F49968245799999" result_checksum="A27B0D234CBC2FAC1292F1E8FBDF6A90690F3988DEDC9D716829856C9ACE0E20" operation="Get" state="80">
-                    <DSC namespace="root/Microsoft/Windows/DesiredStateConfiguration" className="MSFT_FileDirectoryConfiguration" status="200" state="80">
-                        <Key name="DestinationPath">c:/temp/foobar.tmp</Key>
-                        <Value name="Contents">TestFileContent</Value>
-                    </DSC>
-                </DeclaredConfigurationResult>
-            </Data>
-        </Item>
-    </Results>
-    ```
-
-- Abandon a configuration or inventory request. This process results in the client tracking the document but not reapplying it. The alert has the `Abandoned` property set to `1`, which indicates that the document is no longer managed by the declared configuration server.
-
-    ```xml
-    <SyncML xmlns="SYNCML:SYNCML1.1">
-    <SyncBody>
-        <Replace>
-        <CmdID>2</CmdID>
-        <Item>
-            <Meta>
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+    <CmdID>2</CmdID>
+    <Item>
+        <Meta>
             <Format>int</Format>
             <Type>text/plain</Type>
-            </Meta>
-            <Target>
+        </Meta>
+        <Target>
             <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Properties/Abandoned</LocURI>
-            </Target>
-            <Data>1</Data>
+        </Target>
+        <Data>1</Data>
+    </Item>
+    </Replace>
+    <Final/>
+  </SyncBody>
+</SyncML>
+```
+
+### Unabandon a WinDC document
+
+Unabandoning the document causes the document to be applied right away, transferring the [resource ownership](../declared-configuration-resource-access.md#resource-ownership) back to WinDC management and blocking legacy MDM channel from managing the channels again.
+
+This example demonstrates how to unabandon a WinDC document, by setting the **Abandoned** property to **0**.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>10</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/DCA000B5-397D-40A1-AABF-40B25078A7F9/Properties/Abandoned</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">int</Format>
+        </Meta>
+        <Data>0</Data>
+      </Item>
+    </Replace>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+### Delete a WinDC document
+
+The SyncML deletion of the document only removes the document but any settings persist on the device. This example demonstrates how to delete a document.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+<SyncBody>
+    <Delete>
+        <CmdID>2</CmdID>
+        <Item>
+        <Target>
+            <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
+        </Target>
         </Item>
-        </Replace>
+    </Delete>
     <Final/>
     </SyncBody>
-    </SyncML>
-    ```
-
-- Deletion of configuration or inventory request. The SyncML deletion of the document only removes the document but any extensibility settings persist on the device (tattoo).
-
-    ```xml
-    <?xml version="1.0" encoding="utf-8"?>
-    <SyncML xmlns="SYNCML:SYNCML1.1">
-    <SyncBody>
-        <Delete>
-            <CmdID>2</CmdID>
-            <Item>
-            <Target>
-                <LocURI>./Device/Vendor/MSFT/DeclaredConfiguration/Host/Complete/Documents/27FEA311-68B9-4320-9FC4-296F6FDFAFE2/Document</LocURI>
-            </Target>
-            </Item>
-        </Delete>
-        <Final/>
-        </SyncBody>
-    </SyncML>
-    ```
+</SyncML>
+```
 <!-- DeclaredConfiguration-CspMoreInfo-End -->
 
 <!-- DeclaredConfiguration-End -->
diff --git a/windows/client-management/mdm/declaredconfiguration-ddf-file.md b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
index 031be873a8..07e2e406e6 100644
--- a/windows/client-management/mdm/declaredconfiguration-ddf-file.md
+++ b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: DeclaredConfiguration DDF file
 description: View the XML file containing the device description framework (DDF) for the DeclaredConfiguration configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
         <MSFT:CspVersion>9.9</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index e5da0f2590..f286ba947c 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: Defender DDF file
 description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 43fa16e588..ef825d0541 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,7 +1,7 @@
 ---
 title: DevDetail CSP
 description: Learn more about the DevDetail CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -700,7 +700,7 @@ SMBIOS Serial Number of the device.
 <!-- Device-Ext-Microsoft-SMBIOSVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19041.1387] and later <br> ✅ Windows 10, version 20H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Ext-Microsoft-SMBIOSVersion-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-SMBIOSVersion-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 8e200f88b4..c7b1a08470 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: DevDetail DDF file
 description: View the XML file containing the device description framework (DDF) for the DevDetail configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index ff94b7f4b8..7ca0975068 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,7 +1,7 @@
 ---
 title: DeviceManageability CSP
 description: Learn more about the DeviceManageability CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -269,7 +269,7 @@ Enrollment Info string value set by the config source. Recommended to sent to se
 <!-- Device-Provider-{ProviderID}-PayloadTransfer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 with [KB5016691](https://support.microsoft.com/help/5016691) [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-PayloadTransfer-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-PayloadTransfer-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 59cd0e48a0..4769870f2a 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: DeviceManageability DDF file
 description: View the XML file containing the device description framework (DDF) for the DeviceManageability configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md
index be9a944b76..903c08866d 100644
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: DevicePreparation DDF file
 description: View the XML file containing the device description framework (DDF) for the DevicePreparation configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index ad6ab08164..c119bdbf72 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,7 +1,7 @@
 ---
 title: DeviceStatus CSP
 description: Learn more about the DeviceStatus CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -789,7 +789,7 @@ Indicates whether the SIM card associated with the specific IMEI number is roami
 <!-- Device-CertAttestation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-CertAttestation-Applicability-End -->
 
 <!-- Device-CertAttestation-OmaUri-Begin -->
@@ -828,7 +828,7 @@ Node for Certificate Attestation.
 <!-- Device-CertAttestation-MDMClientCertAttestation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-CertAttestation-MDMClientCertAttestation-Applicability-End -->
 
 <!-- Device-CertAttestation-MDMClientCertAttestation-OmaUri-Begin -->
@@ -1807,7 +1807,7 @@ Node for the TPM query.
 <!-- Device-TPM-ManufacturerId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19041.1387] and later <br> ✅ Windows 10, version 20H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TPM-ManufacturerId-Applicability-End -->
 
 <!-- Device-TPM-ManufacturerId-OmaUri-Begin -->
@@ -1847,7 +1847,7 @@ String that specifies the TPM manufacturer ID as a number.
 <!-- Device-TPM-ManufacturerIdTxt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19041.1387] and later <br> ✅ Windows 10, version 20H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TPM-ManufacturerIdTxt-Applicability-End -->
 
 <!-- Device-TPM-ManufacturerIdTxt-OmaUri-Begin -->
@@ -1887,7 +1887,7 @@ String that specifies the TPM manufacturer ID as text.
 <!-- Device-TPM-ManufacturerVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19041.1387] and later <br> ✅ Windows 10, version 20H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 with [KB5007253](https://support.microsoft.com/help/5007253) [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TPM-ManufacturerVersion-Applicability-End -->
 
 <!-- Device-TPM-ManufacturerVersion-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index ae20b8e258..d1977f5eaa 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: DeviceStatus DDF file
 description: View the XML file containing the device description framework (DDF) for the DeviceStatus configuration service provider.
-ms.date: 06/19/2024
+ms.date: 08/07/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -406,6 +406,9 @@ The following XML file contains the device description framework (DDF) for the D
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
+          </MSFT:Applicability>
         </DFProperties>
       </Node>
     </Node>
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index b2d6f8ed7f..a57636514a 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: DevInfo DDF file
 description: View the XML file containing the device description framework (DDF) for the DevInfo configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -41,7 +41,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index eef6af498d..03887d47c3 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: DiagnosticLog DDF file
 description: View the XML file containing the device description framework (DDF) for the DiagnosticLog configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index a0fee28b12..15fc5f3231 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: DMAcc DDF file
 description: View the XML file containing the device description framework (DDF) for the DMAcc configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index dec09993f5..10c971f332 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,7 +1,7 @@
 ---
 title: DMClient CSP
 description: Learn more about the DMClient CSP.
-ms.date: 04/10/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -632,7 +632,7 @@ This node, when it's set, tells the client to set how many minutes the device sh
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5035854](https://support.microsoft.com/help/5035854) [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 with [KB5034848](https://support.microsoft.com/help/5034848) [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-OmaUri-Begin -->
@@ -671,7 +671,7 @@ Parent node for ConfigRefresh nodes.
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5035854](https://support.microsoft.com/help/5035854) [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 with [KB5034848](https://support.microsoft.com/help/5034848) [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-OmaUri-Begin -->
@@ -712,7 +712,7 @@ This node determines the number of minutes between refreshes.
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5035854](https://support.microsoft.com/help/5035854) [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 with [KB5034848](https://support.microsoft.com/help/5034848) [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-OmaUri-Begin -->
@@ -745,8 +745,8 @@ This node determines whether or not a periodic settings refresh for MDM policies
 
 | Value | Description |
 |:--|:--|
-| true | ConfigRefresh is enabled. |
-| false (Default) | ConfigRefresh is disabled. |
+| true | Enabled. |
+| false (Default) | Disabled. |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-AllowedValues-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Examples-Begin -->
@@ -761,7 +761,7 @@ This node determines whether or not a periodic settings refresh for MDM policies
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5035854](https://support.microsoft.com/help/5035854) [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 with [KB5034848](https://support.microsoft.com/help/5034848) [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-OmaUri-Begin -->
@@ -2167,7 +2167,7 @@ Integer node determining if a Device was Successfully provisioned. 0 is failure,
 <!-- Device-Provider-{ProviderID}-ForceAadToken-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1766] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1766] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1766] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.739] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014699](https://support.microsoft.com/help/5014699) [10.0.19042.1766] and later <br> ✅ Windows 10, version 21H1 with [KB5014699](https://support.microsoft.com/help/5014699) [10.0.19043.1766] and later <br> ✅ Windows 10, version 21H2 with [KB5014699](https://support.microsoft.com/help/5014699) [10.0.19044.1766] and later <br> ✅ Windows 11, version 21H2 with [KB5014697](https://support.microsoft.com/help/5014697) [10.0.22000.739] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-ForceAadToken-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ForceAadToken-OmaUri-Begin -->
@@ -2374,7 +2374,7 @@ Returns the hardware device ID.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 with [KB5016691](https://support.microsoft.com/help/5016691) [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-OmaUri-Begin -->
@@ -2452,7 +2452,7 @@ Endpoint Discovery is the process where a specific URL (the "discovery endpoint"
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Enroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 with [KB5016691](https://support.microsoft.com/help/5016691) [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Enroll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Enroll-OmaUri-Begin -->
@@ -2492,7 +2492,7 @@ This is an execution node and will trigger a silent Declared Configuration enrol
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-EnrollStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 with [KB5016691](https://support.microsoft.com/help/5016691) [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-EnrollStatus-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-EnrollStatus-OmaUri-Begin -->
@@ -2547,7 +2547,7 @@ Returns the current enrollment or un-enrollment status of the linked enrollment.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 with [KB5016691](https://support.microsoft.com/help/5016691) [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-LastError-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-LastError-OmaUri-Begin -->
@@ -2586,7 +2586,7 @@ Supports Get Only. Returns the HRESULT for the last error when enroll/unenroll f
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Unenroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 with [KB5018482](https://support.microsoft.com/help/5018482) [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 with [KB5016691](https://support.microsoft.com/help/5016691) [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Unenroll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Unenroll-OmaUri-Begin -->
@@ -3609,7 +3609,7 @@ An integer that maps to a known error state or condition on the system. Valid va
 <!-- Device-Provider-{ProviderID}-Recovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-OmaUri-Begin -->
@@ -3648,7 +3648,7 @@ Parent node for Recovery nodes.
 <!-- Device-Provider-{ProviderID}-Recovery-AllowRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-AllowRecovery-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-AllowRecovery-OmaUri-Begin -->
@@ -3697,7 +3697,7 @@ This node determines whether or not the client will automatically initiate a MDM
 <!-- Device-Provider-{ProviderID}-Recovery-InitiateRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-InitiateRecovery-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-InitiateRecovery-OmaUri-Begin -->
@@ -3746,7 +3746,7 @@ This node initiates a recovery action. The server can specify prerequisites befo
 <!-- Device-Provider-{ProviderID}-Recovery-RecoveryStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-RecoveryStatus-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-RecoveryStatus-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index c30288ba23..b82d0fe21b 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: DMClient DDF file
 description: View the XML file containing the device description framework (DDF) for the DMClient configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -477,7 +477,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -2988,11 +2988,11 @@ The following XML file contains the device description framework (DDF) for the D
               <MSFT:AllowedValues ValueType="ENUM">
                 <MSFT:Enum>
                   <MSFT:Value>true</MSFT:Value>
-                  <MSFT:ValueDescription>ConfigRefresh is enabled.</MSFT:ValueDescription>
+                  <MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
                 </MSFT:Enum>
                 <MSFT:Enum>
                   <MSFT:Value>false</MSFT:Value>
-                  <MSFT:ValueDescription>ConfigRefresh is disabled.</MSFT:ValueDescription>
+                  <MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
                 </MSFT:Enum>
               </MSFT:AllowedValues>
               <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index a770191467..144f69b17d 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: EMAIL2 DDF file
 description: View the XML file containing the device description framework (DDF) for the EMAIL2 configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
       <MSFT:Deprecated />
     </DFProperties>
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index 0b411fed30..959a529d1f 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -1,12 +1,13 @@
 ---
 title: EnterpriseDataProtection CSP
 description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
-ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
 ms.date: 08/09/2017
 ---
 
 # EnterpriseDataProtection CSP
 
+[!INCLUDE [wip-deprecation](includes/wip-deprecation.md)]
+
 The table below shows the applicability of Windows:
 
 |Edition|Windows 10|Windows 11|
@@ -18,12 +19,7 @@ The table below shows the applicability of Windows:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
-The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
-
-> [!NOTE]
-> Starting in July 2022, Microsoft is deprecating Windows Information Protection (WIP) and the APIs that support WIP. Microsoft will continue to support WIP on supported versions of Windows. New versions of Windows won't include new capabilities for WIP, and it won't be supported in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-the-sunset-of-windows-information-protection-wip/ba-p/3579282).
->
-> For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). Purview simplifies the configuration set-up and provides an advanced set of capabilities.
+The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
 
 > [!NOTE]
 > To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
@@ -32,8 +28,8 @@ While Windows Information Protection has no hard dependency on VPN, for best res
 
 To learn more about Windows Information Protection, see the following articles:
 
-- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
-- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
+- [Create a Windows Information Protection (WIP) policy](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy)
+- [General guidance and best practices for Windows Information Protection (WIP)](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
 
 The following example shows the EnterpriseDataProtection CSP in tree format.
 
@@ -52,13 +48,16 @@ EnterpriseDataProtection
 ----Status
 ```
 
-<a href="" id="--device-vendor-msft-enterprisedataprotection"></a>**./Device/Vendor/MSFT/EnterpriseDataProtection**
+## <a href="" id="--device-vendor-msft-enterprisedataprotection"></a> `./Device/Vendor/MSFT/EnterpriseDataProtection`
+
 The root node for the CSP.
 
-<a href="" id="settings"></a>**Settings**
+### <a href="" id="settings"></a> Settings
+
 The root node for the Windows Information Protection (WIP) configuration settings.
 
-<a href="" id="settings-edpenforcementlevel"></a>**Settings/EDPEnforcementLevel**
+#### <a href="" id="settings-edpenforcementlevel"></a> Settings/EDPEnforcementLevel
+
 Set the WIP enforcement level.
 
 > [!NOTE]
@@ -66,15 +65,16 @@ Set the WIP enforcement level.
 
 The following list shows the supported values:
 
-- 0 (default) – Off / No protection (decrypts previously protected data).
-- 1 – Silent mode (encrypt and audit only).
-- 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
-- 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
+- 0 (default) - Off / No protection (decrypts previously protected data).
+- 1 - Silent mode (encrypt and audit only).
+- 2 - Allow override mode (encrypt, prompt and allow overrides, and audit).
+- 3 - Hides overrides (encrypt, prompt but hide overrides, and audit).
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
-<a href="" id="settings-enterpriseprotecteddomainnames"></a>**Settings/EnterpriseProtectedDomainNames**
-A list of domains used by the enterprise for its user identities separated by pipes (&quot;|&quot;). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
+#### <a href="" id="settings-enterpriseprotecteddomainnames"></a> Settings/EnterpriseProtectedDomainNames
+
+A list of domains used by the enterprise for its user identities separated by pipes (`|`). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
 
 Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
 
@@ -89,7 +89,8 @@ Here are the steps to create canonical domain names:
 
 Supported operations are Add, Get, Replace, and Delete. Value type is string.
 
-<a href="" id="settings-allowuserdecryption"></a>**Settings/AllowUserDecryption**
+#### <a href="" id="settings-allowuserdecryption"></a> Settings/AllowUserDecryption
+
 Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user won't be able to remove protection from enterprise content through the operating system or the application user experiences.
 
 > [!IMPORTANT]
@@ -97,17 +98,18 @@ Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the us
 
 The following list shows the supported values:
 
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 - Not allowed.
+- 1 (default) - Allowed.
 
 Most restricted value is 0.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
-<a href="" id="settings-datarecoverycertificate"></a>**Settings/DataRecoveryCertificate**
+#### <a href="" id="settings-datarecoverycertificate"></a> Settings/DataRecoveryCertificate
+
 Specifies a recovery certificate that can be used for data recovery of encrypted files. This certificate is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through mobile device management (MDM) instead of Group Policy.
 
-> [!Note]
+> [!NOTE]
 > If this policy and the corresponding Group Policy setting are both configured, the Group Policy setting is enforced.
 
 DRA information from MDM policy must be a serialized binary blob identical to what we expect from GP.
@@ -115,37 +117,37 @@ The binary blob is the serialized version of following structure:
 
 ```cpp
 //
-//  Recovery Policy Data Structures
+//  Recovery Policy Data Structures
 //
 
 typedef struct _RECOVERY_POLICY_HEADER {
-    USHORT      MajorRevision;
-    USHORT      MinorRevision;
-    ULONG       RecoveryKeyCount;
+    USHORT      MajorRevision;
+    USHORT      MinorRevision;
+    ULONG       RecoveryKeyCount;
 } RECOVERY_POLICY_HEADER, *PRECOVERY_POLICY_HEADER;
 
-typedef struct _RECOVERY_POLICY_1_1    {
-        RECOVERY_POLICY_HEADER  RecoveryPolicyHeader;
-        RECOVERY_KEY_1_1        RecoveryKeyList[1];
-}   RECOVERY_POLICY_1_1, *PRECOVERY_POLICY_1_1;
+typedef struct _RECOVERY_POLICY_1_1    {
+        RECOVERY_POLICY_HEADER  RecoveryPolicyHeader;
+        RECOVERY_KEY_1_1        RecoveryKeyList[1];
+}   RECOVERY_POLICY_1_1, *PRECOVERY_POLICY_1_1;
 
-#define EFS_RECOVERY_POLICY_MAJOR_REVISION_1   (1)
-#define EFS_RECOVERY_POLICY_MINOR_REVISION_0   (0)
+#define EFS_RECOVERY_POLICY_MAJOR_REVISION_1   (1)
+#define EFS_RECOVERY_POLICY_MINOR_REVISION_0   (0)
 
-#define EFS_RECOVERY_POLICY_MINOR_REVISION_1   (1)
+#define EFS_RECOVERY_POLICY_MINOR_REVISION_1   (1)
 
 ///////////////////////////////////////////////////////////////////////////////
-//                                                                            /
-//  RECOVERY_KEY Data Structure                                               /
-//                                                                            /
+//                                                                            /
+//  RECOVERY_KEY Data Structure                                               /
+//                                                                            /
 ///////////////////////////////////////////////////////////////////////////////
 
 //
 // Current format of recovery data.
 //
 
-typedef struct _RECOVERY_KEY_1_1   {
-        ULONG               TotalLength;
+typedef struct _RECOVERY_KEY_1_1   {
+        ULONG               TotalLength;
         EFS_PUBLIC_KEY_INFO PublicKeyInfo;
 } RECOVERY_KEY_1_1, *PRECOVERY_KEY_1_1;
 
@@ -180,7 +182,7 @@ typedef struct _EFS_PUBLIC_KEY_INFO {
 
             //
             // The following fields contain offsets based at the
-            // beginning of the structure.  Each offset is to
+            // beginning of the structure.  Each offset is to
             // a NULL terminated WCHAR string.
             //
 
@@ -205,16 +207,16 @@ typedef struct _EFS_PUBLIC_KEY_INFO {
 
         struct {
 
-            ULONG CertificateLength;       // in bytes
-            ULONG Certificate;             // offset from start of structure
+            ULONG CertificateLength;       // in bytes
+            ULONG Certificate;             // offset from start of structure
 
         } CertificateInfo;
 
 
         struct {
 
-            ULONG ThumbprintLength;        // in bytes
-            ULONG CertHashData;            // offset from start of structure
+            ULONG ThumbprintLength;        // in bytes
+            ULONG CertHashData;            // offset from start of structure
 
         } CertificateThumbprint;
     };
@@ -238,17 +240,19 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
 
-<a href="" id="settings-revokeonunenroll"></a>**Settings/RevokeOnUnenroll**
+#### <a href="" id="settings-revokeonunenroll"></a> Settings/RevokeOnUnenroll
+
 This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
 
 The following list shows the supported values:
 
-- 0 – Don't revoke keys.
-- 1 (default) – Revoke keys.
+- 0 - Don't revoke keys.
+- 1 (default) - Revoke keys.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
-<a href="" id="settings-revokeonmdmhandoff"></a>**Settings/RevokeOnMDMHandoff**
+#### <a href="" id="settings-revokeonmdmhandoff"></a> Settings/RevokeOnMDMHandoff
+
 Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
 
 - 0 - Don't revoke keys.
@@ -256,25 +260,29 @@ Added in Windows 10, version 1703. This policy controls whether to revoke the Wi
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
-<a href="" id="settings-rmstemplateidforedp"></a>**Settings/RMSTemplateIDForEDP**
+#### <a href="" id="settings-rmstemplateidforedp"></a> Settings/RMSTemplateIDForEDP
+
 TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID).
 
-<a href="" id="settings-allowazurermsforedp"></a>**Settings/AllowAzureRMSForEDP**
+#### <a href="" id="settings-allowazurermsforedp"></a> Settings/AllowAzureRMSForEDP
+
 Specifies whether to allow Azure RMS encryption for Windows Information Protection.
 
-- 0 (default) – Don't use RMS.
-- 1 – Use RMS.
+- 0 (default) - Don't use RMS.
+- 1 - Use RMS.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
-<a href="" id="settings-smbautoencryptedfileextensions"></a>**Settings/SMBAutoEncryptedFileExtensions**
+#### <a href="" id="settings-smbautoencryptedfileextensions"></a> Settings/SMBAutoEncryptedFileExtensions
+
 Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-csp-networkisolation.md) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-csp-networkisolation.md). Use semicolon (;) delimiter in the list.
 When this policy isn't specified, the existing auto-encryption behavior is applied.  When this policy is configured, only files with the extensions in the list will be encrypted.
 Supported operations are Add, Get, Replace and Delete. Value type is string.
 
-<a href="" id="settings-edpshowicons"></a>**Settings/EDPShowIcons**
+#### <a href="" id="settings-edpshowicons"></a> Settings/EDPShowIcons
+
 Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app.
 The following list shows the supported values:
 
@@ -283,7 +291,8 @@ The following list shows the supported values:
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
-<a href="" id="status"></a>**Status**
+### <a href="" id="status"></a> Status
+
 A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
 
 Suggested values:
@@ -310,8 +319,8 @@ Bits 2 and 4 are reserved for future use.
 
 Supported operation is Get. Value type is integer.
 
-## Related topics
+## Related articles
 
 [Configuration service provider reference](index.yml)
 
-
+[Protect your enterprise data using Windows Information Protection (WIP)](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index c3304851f0..ba537d72e7 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: EnterpriseDesktopAppManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -401,7 +401,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 831a924dde..6357958bf3 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,7 +1,7 @@
 ---
 title: EnterpriseModernAppManagement CSP
 description: Learn more about the EnterpriseModernAppManagement CSP.
-ms.date: 04/10/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -381,7 +381,7 @@ This is a required node. The following list shows the supported deployment optio
 - ForceUpdateToAnyVersion
 - DeferRegistration="1". If the app is in use at the time of installation. This option stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
 - StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803.
-- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607.
+- LicenseUri="\\server\license.lic". Deploys an offline license. Available in 1607.
 - ValidateDependencies="1". This option is used at provisioning/staging time. If it's set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies aren't present. Available in the latest insider flight of 20H1.
 - ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809.
 <!-- Device-AppInstallation-{PackageFamilyName}-HostedInstall-Editable-End -->
@@ -821,7 +821,7 @@ This is a required node.
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Description-Begin -->
 <!-- Description-Source-DDF -->
-Category of license that's used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel, typically from the Store for Business. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios.
+Category of license that's used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Description-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Editable-Begin -->
@@ -904,6 +904,8 @@ Identifier for the entity that requested the license, such as the client who acq
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Editable-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-DFProperties-Begin -->
@@ -992,6 +994,8 @@ This is a required node. Query parameters:
 
 - Source - specifies the app classification that aligns to the existing inventory nodes. You can use a specific filter or if no filter is specified then all sources will be returned. If no value is specified, all classifications are returned. Valid values are:
   - AppStore - This classification is for apps that were acquired from Microsoft Store. These were apps directly installed from Microsoft Store or enterprise apps from Microsoft Store for Business.
+    > [!NOTE]
+    > The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
   - nonStore - This classification is for apps that weren't acquired from the Microsoft Store.
   - System - Apps that are part of the OS. You can't uninstall these apps. This classification is read-only and can only be inventoried.
 
@@ -5464,7 +5468,7 @@ This is a required node. The following list shows the supported deployment optio
 - ForceUpdateToAnyVersion
 - DeferRegistration="1". If the app is in use at the time of installation. This option stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
 - StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803.
-- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607.
+- LicenseUri="\\server\license.lic". Deploys an offline license. Available in 1607.
 - ValidateDependencies="1". This option is used at provisioning/staging time. If it's set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies aren't present. Available in the latest insider flight of 20H1.
 - ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809.
 <!-- User-AppInstallation-{PackageFamilyName}-HostedInstall-Editable-End -->
@@ -5903,7 +5907,7 @@ This is a required node.
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Description-Begin -->
 <!-- Description-Source-DDF -->
-Category of license that's used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel, typically from the Store for Business. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios.
+Category of license that's used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Description-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Editable-Begin -->
@@ -5986,6 +5990,8 @@ Identifier for the entity that requested the license, such as the client who acq
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Editable-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 5b6b0433ae..5b95cba183 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: EnterpriseModernAppManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider.
-ms.date: 06/19/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -2587,7 +2587,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 09e6e5f725..6a148a8d22 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: eUICCs DDF file
 description: View the XML file containing the device description framework (DDF) for the eUICCs configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -43,7 +43,7 @@ The following XML file contains the device description framework (DDF) for the e
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 549c2cbc81..e269946643 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -1,7 +1,7 @@
 ---
 title: Firewall CSP
 description: Learn more about the Firewall CSP.
-ms.date: 06/21/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1103,7 +1103,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i
 <!-- Device-MdmStore-DynamicKeywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-OmaUri-Begin -->
@@ -1141,7 +1141,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i
 <!-- Device-MdmStore-DynamicKeywords-Addresses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-OmaUri-Begin -->
@@ -1180,7 +1180,7 @@ A list of dynamic keyword addresses for use within firewall rules. Dynamic keywo
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-OmaUri-Begin -->
@@ -1222,7 +1222,7 @@ A unique GUID string identifier for this dynamic keyword address.
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Addresses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Addresses-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Addresses-OmaUri-Begin -->
@@ -1273,7 +1273,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-AutoResolve-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-AutoResolve-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-AutoResolve-OmaUri-Begin -->
@@ -1322,7 +1322,7 @@ If this flag is set to TRUE, then the 'keyword' field of this object is expected
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Keyword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Keyword-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Keyword-OmaUri-Begin -->
@@ -2210,7 +2210,7 @@ Specifies the friendly name of the firewall rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.2913] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1880] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1635] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5025297](https://support.microsoft.com/help/5025297) [10.0.19045.2913] and later <br> ✅ Windows 11, version 21H2 with [KB5025298](https://support.microsoft.com/help/5025298) [10.0.22000.1880] and later <br> ✅ Windows 11, version 22H2 with [KB5025305](https://support.microsoft.com/help/5025305) [10.0.22621.1635] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-OmaUri-Begin -->
@@ -2341,7 +2341,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressDynamicKeywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 with [KB5013942](https://support.microsoft.com/help/5013942) [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressDynamicKeywords-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressDynamicKeywords-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 2fd47c663c..e48568b2b5 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: Firewall DDF file
 description: View the XML file containing the device description framework (DDF) for the Firewall configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the F
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 3b2c4265ae..0c9d382872 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: HealthAttestation DDF file
 description: View the XML file containing the device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the H
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/images/applocker-screenshot1.png b/windows/client-management/mdm/images/applocker-screenshot1.png
deleted file mode 100644
index 9de9e74f70..0000000000
Binary files a/windows/client-management/mdm/images/applocker-screenshot1.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/applocker-screenshot2.png b/windows/client-management/mdm/images/applocker-screenshot2.png
deleted file mode 100644
index 33b794f9b4..0000000000
Binary files a/windows/client-management/mdm/images/applocker-screenshot2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/applocker-screenshot3.png b/windows/client-management/mdm/images/applocker-screenshot3.png
deleted file mode 100644
index d9de466e2d..0000000000
Binary files a/windows/client-management/mdm/images/applocker-screenshot3.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/includes/wip-deprecation.md b/windows/client-management/mdm/includes/wip-deprecation.md
similarity index 100%
rename from windows/security/information-protection/windows-information-protection/includes/wip-deprecation.md
rename to windows/client-management/mdm/includes/wip-deprecation.md
diff --git a/windows/client-management/mdm/index.yml b/windows/client-management/mdm/index.yml
index cfa99b1a5f..f1b84cf506 100644
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@@ -10,7 +10,7 @@ metadata:
   ms.collection:
     - tier1
   ms.date: 10/25/2023
-  localization_priority: medium
+  ms.localizationpriority: medium
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
diff --git a/windows/client-management/mdm/language-pack-management-ddf-file.md b/windows/client-management/mdm/language-pack-management-ddf-file.md
index 0d5661484f..3739f4f142 100644
--- a/windows/client-management/mdm/language-pack-management-ddf-file.md
+++ b/windows/client-management/mdm/language-pack-management-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: LanguagePackManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the LanguagePackManagement configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the L
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index 075ff51663..5d06e470a6 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: LAPS DDF file
 description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the L
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.25145, 10.0.22621.1480, 10.0.22000.1754, 10.0.20348.1663, 10.0.19041.2784, 10.0.17763.4244</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index 41f2ea80ba..4448901798 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: NetworkProxy DDF file
 description: View the XML file containing the device description framework (DDF) for the NetworkProxy configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index cc42fe0b09..87c98019ce 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -1,7 +1,7 @@
 ---
 title: NetworkQoSPolicy CSP
 description: Learn more about the NetworkQoSPolicy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -53,7 +53,7 @@ The following list shows the NetworkQoSPolicy configuration service provider nod
 <!-- Device-{Name}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-Applicability-End -->
 
 <!-- Device-{Name}-OmaUri-Begin -->
@@ -93,7 +93,7 @@ The value of this node should be a policy name.
 <!-- Device-{Name}-AppPathNameMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-AppPathNameMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-AppPathNameMatchCondition-OmaUri-Begin -->
@@ -132,7 +132,7 @@ Specifies the name of an application to be used to match the network traffic, su
 <!-- Device-{Name}-DestinationPortMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-DestinationPortMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-DestinationPortMatchCondition-OmaUri-Begin -->
@@ -171,7 +171,7 @@ Specifies a single port or a range of ports to be used to match the network traf
 <!-- Device-{Name}-DSCPAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-DSCPAction-Applicability-End -->
 
 <!-- Device-{Name}-DSCPAction-OmaUri-Begin -->
@@ -211,7 +211,7 @@ The differentiated services code point (DSCP) value to apply to matching network
 <!-- Device-{Name}-IPProtocolMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-IPProtocolMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-IPProtocolMatchCondition-OmaUri-Begin -->
@@ -251,7 +251,7 @@ Specifies the IP protocol used to match the network traffic. Valid values are 0:
 <!-- Device-{Name}-PriorityValue8021Action-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-PriorityValue8021Action-Applicability-End -->
 
 <!-- Device-{Name}-PriorityValue8021Action-OmaUri-Begin -->
@@ -291,7 +291,7 @@ The IEEE 802.1p value to apply to matching network traffice. Valid values are 0-
 <!-- Device-{Name}-SourcePortMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-{Name}-SourcePortMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-SourcePortMatchCondition-OmaUri-Begin -->
@@ -330,7 +330,7 @@ Specifies a single port or a range of ports to be used to match the network traf
 <!-- Device-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-Version-Applicability-End -->
 
 <!-- Device-Version-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index abcaba4547..04b4528ac6 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: NetworkQoSPolicy DDF file
 description: View the XML file containing the device description framework (DDF) for the NetworkQoSPolicy configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.19042</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 996cc4512c..4d442904e4 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: NodeCache DDF file
 description: View the XML file containing the device description framework (DDF) for the NodeCache configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.1</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -294,7 +294,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index d9dd3ecaa7..e36405ce71 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: Office DDF file
 description: View the XML file containing the device description framework (DDF) for the Office configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the O
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -211,7 +211,7 @@ The following XML file contains the device description framework (DDF) for the O
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index fe7da7ac06..2b322e0891 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,7 +1,7 @@
 ---
 title: PassportForWork CSP
 description: Learn more about the PassportForWork CSP.
-ms.date: 06/21/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -163,7 +163,7 @@ Root node for policies.
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2402] and later <br> ✅ Windows 10, version 2004 [10.0.19041.4239] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2899] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3374] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2402] and later <br> ✅ Windows 10, version 2004 [10.0.19041.4239] and later <br> ✅ Windows 11, version 21H2 with [KB5036894](https://support.microsoft.com/help/5036894) [10.0.22000.2899] and later <br> ✅ Windows 11, version 22H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22621.3374] and later <br> ✅ Windows Insider Preview |
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-OmaUri-Begin -->
@@ -1051,7 +1051,7 @@ Windows Hello for Business can use certificates to authenticate to on-premise re
 <!-- Device-{TenantId}-Policies-UseCloudTrustForOnPremAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.1566] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 with [KB5010415](https://support.microsoft.com/help/5010415) [10.0.19044.1566] and later <br> ✅ Windows 11, version 21H2 with [KB5010414](https://support.microsoft.com/help/5010414) [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-{TenantId}-Policies-UseCloudTrustForOnPremAuth-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-UseCloudTrustForOnPremAuth-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index d80b42baec..c94b22aed5 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: PassportForWork DDF file
 description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
-ms.date: 06/21/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -565,7 +565,7 @@ If you do not configure this policy setting, Windows Hello for Business requires
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -895,7 +895,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
               <Replace />
             </AccessType>
             <DefaultValue>False</DefaultValue>
-            <Description>Windows Hello for Business can use certificates to authenticate to on-premise resources.
+            <Description>Windows Hello for Business can use certificates to authenticate to on-premise resources. 
 
 If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
 
diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md
index 5b3b1d0111..165f97507c 100644
--- a/windows/client-management/mdm/personaldataencryption-ddf-file.md
+++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: PDE DDF file
 description: View the XML file containing the device description framework (DDF) for the PDE configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index d455b2968a..56a05d8beb 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -1,7 +1,7 @@
 ---
 title: Personalization CSP
 description: Learn more about the Personalization CSP.
-ms.date: 06/21/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -36,7 +36,7 @@ The following list shows the Personalization configuration service provider node
 <!-- Device-CompanyLogoStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22621.3374] and later |
 <!-- Device-CompanyLogoStatus-Applicability-End -->
 
 <!-- Device-CompanyLogoStatus-OmaUri-Begin -->
@@ -75,7 +75,7 @@ This represents the status of the Company Logo. 1 - Successfully downloaded or c
 <!-- Device-CompanyLogoUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22621.3374] and later |
 <!-- Device-CompanyLogoUrl-Applicability-End -->
 
 <!-- Device-CompanyLogoUrl-OmaUri-Begin -->
@@ -114,7 +114,7 @@ An http or https Url to a jpg, jpeg or png image that needs to be downloaded and
 <!-- Device-CompanyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22621.3374] and later |
 <!-- Device-CompanyName-Applicability-End -->
 
 <!-- Device-CompanyName-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index 5f6b982951..052f60bfcd 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,7 +1,7 @@
 ---
 title: Personalization DDF file
 description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
-ms.date: 06/19/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -162,7 +162,7 @@ The following XML file contains the device description framework (DDF) for the P
           <MIME />
         </DFType>
         <MSFT:Applicability>
-          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3374</MSFT:OsBuildVersion>
           <MSFT:CspVersion>2.0</MSFT:CspVersion>
         </MSFT:Applicability>
         <MSFT:AllowedValues ValueType="None">
@@ -189,7 +189,7 @@ The following XML file contains the device description framework (DDF) for the P
           <MIME />
         </DFType>
         <MSFT:Applicability>
-          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3374</MSFT:OsBuildVersion>
           <MSFT:CspVersion>2.0</MSFT:CspVersion>
         </MSFT:Applicability>
       </DFProperties>
@@ -217,7 +217,7 @@ The following XML file contains the device description framework (DDF) for the P
           <MIME />
         </DFType>
         <MSFT:Applicability>
-          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3374</MSFT:OsBuildVersion>
           <MSFT:CspVersion>2.0</MSFT:CspVersion>
         </MSFT:Applicability>
         <MSFT:AllowedValues ValueType="RegEx">
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 773526f0c6..3c0d28e2e6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX-backed policies in Policy CSP
 description: Learn about the ADMX-backed policies in Policy CSP.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1663,7 +1663,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [TS_NoSecurityMenu](policy-csp-admx-terminalserver.md)
 - [TS_START_PROGRAM_2](policy-csp-admx-terminalserver.md)
 - [TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP](policy-csp-admx-terminalserver.md)
-- [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-admx-terminalserver.md)
 - [TS_DX_USE_FULL_HWGPU](policy-csp-admx-terminalserver.md)
 - [TS_SERVER_WDDM_GRAPHICS_DRIVER](policy-csp-admx-terminalserver.md)
 - [TS_TSCC_PERMISSIONS_POLICY](policy-csp-admx-terminalserver.md)
@@ -1944,6 +1943,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [IZ_Policy_OpenSearchQuery_Trusted](policy-csp-admx-windowsexplorer.md)
 - [IZ_Policy_OpenSearchPreview_Trusted](policy-csp-admx-windowsexplorer.md)
 - [EnableShellShortcutIconRemotePath](policy-csp-admx-windowsexplorer.md)
+- [DisableMotWOnInsecurePathCopy](policy-csp-admx-windowsexplorer.md)
 - [EnableSmartScreen](policy-csp-admx-windowsexplorer.md)
 - [NoNewAppAlert](policy-csp-admx-windowsexplorer.md)
 - [ShowHibernateOption](policy-csp-admx-windowsexplorer.md)
@@ -2539,6 +2539,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [DoNotAllowWebAuthnRedirection](policy-csp-remotedesktopservices.md)
 - [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md)
 - [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md)
+- [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md)
 
 ## RemoteManagement
 
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 74c2d24c74..a9bd1aa0ed 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -1,7 +1,7 @@
 ---
 title: Policies in Policy CSP supported by Group Policy
 description: Learn about the policies in Policy CSP supported by Group Policy.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -530,6 +530,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [LetAppsAccessEmail_ForceAllowTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessEmail_ForceDenyTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessEmail_UserInControlOfTheseApps](policy-csp-privacy.md)
+- [LetAppsAccessGenerativeAI](policy-csp-privacy.md)
+- [LetAppsAccessGenerativeAI_ForceAllowTheseApps](policy-csp-privacy.md)
+- [LetAppsAccessGenerativeAI_ForceDenyTheseApps](policy-csp-privacy.md)
+- [LetAppsAccessGenerativeAI_UserInControlOfTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessGraphicsCaptureProgrammatic](policy-csp-privacy.md)
 - [LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps](policy-csp-privacy.md)
@@ -873,7 +877,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 
 - [TurnOffWindowsCopilot](policy-csp-windowsai.md)
 - [DisableAIDataAnalysis](policy-csp-windowsai.md)
-- [AllowImageCreator](policy-csp-windowsai.md)
 
 ## WindowsDefenderSecurityCenter
 
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index a51aba5851..ebfe368e86 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -1,14 +1,14 @@
 ---
-title: Policies in Policy CSP supported by Windows 10 Team
-description: Learn about the policies in Policy CSP supported by Windows 10 Team.
-ms.date: 06/19/2024
+title: Policies supported by Windows 10 Team
+description: Learn about the policies supported by Windows 10 Team.
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
 
-# Policies in Policy CSP supported by Windows 10 Team
+# Policies supported by Windows 10 Team
 
-This article lists the policies in Policy CSP that are applicable for the Surface Hub operating system, **Windows 10 Team**.
+This article lists the policies that are applicable for the Surface Hub operating system, **Windows 10 Team**.
 
 ## ApplicationDefaults
 
@@ -118,6 +118,128 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 - [SubmitSamplesConsent](policy-csp-defender.md#submitsamplesconsent)
 - [ThreatSeverityDefaultAction](policy-csp-defender.md#threatseveritydefaultaction)
 
+## Defender CSP
+
+- [{GroupId}](defender-csp.md#configurationdevicecontrolpolicygroupsgroupid)
+- [{RuleId}](defender-csp.md#configurationdevicecontrolpolicyrulesruleid)
+- [{ThreatId}](defender-csp.md#detectionsthreatid)
+- [AllowDatagramProcessingOnWinServer](defender-csp.md#configurationallowdatagramprocessingonwinserver)
+- [AllowNetworkProtectionDownLevel](defender-csp.md#configurationallownetworkprotectiondownlevel)
+- [AllowNetworkProtectionOnWinServer](defender-csp.md#configurationallownetworkprotectiononwinserver)
+- [AllowSwitchToAsyncInspection](defender-csp.md#configurationallowswitchtoasyncinspection)
+- [ArchiveMaxDepth](defender-csp.md#configurationarchivemaxdepth)
+- [ArchiveMaxSize](defender-csp.md#configurationarchivemaxsize)
+- [ASROnlyPerRuleExclusions](defender-csp.md#configurationasronlyperruleexclusions)
+- [BehavioralNetworkBlocks](defender-csp.md#configurationbehavioralnetworkblocks)
+- [BruteForceProtection](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotection)
+- [BruteForceProtectionAggressiveness](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionaggressiveness)
+- [BruteForceProtectionConfiguredState](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionconfiguredstate)
+- [BruteForceProtectionExclusions](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionexclusions)
+- [BruteForceProtectionLocalNetworkBlocking](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionpluginsbruteforceprotectionlocalnetworkblocking)
+- [BruteForceProtectionMaxBlockTime](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionmaxblocktime)
+- [BruteForceProtectionPlugins](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionplugins)
+- [BruteForceProtectionSkipLearningPeriod](defender-csp.md#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionpluginsbruteforceprotectionskiplearningperiod)
+- [Category](defender-csp.md#detectionsthreatidcategory)
+- [ComputerState](defender-csp.md#healthcomputerstate)
+- [Configuration](defender-csp.md#configuration)
+- [CurrentStatus](defender-csp.md#detectionsthreatidcurrentstatus)
+- [DataDuplicationDirectory](defender-csp.md#configurationdataduplicationdirectory)
+- [DataDuplicationLocalRetentionPeriod](defender-csp.md#configurationdataduplicationlocalretentionperiod)
+- [DataDuplicationMaximumQuota](defender-csp.md#configurationdataduplicationmaximumquota)
+- [DataDuplicationRemoteLocation](defender-csp.md#configurationdataduplicationremotelocation)
+- [DaysUntilAggressiveCatchupQuickScan](defender-csp.md#configurationdaysuntilaggressivecatchupquickscan)
+- [DefaultEnforcement](defender-csp.md#configurationdefaultenforcement)
+- [DefenderEnabled](defender-csp.md#healthdefenderenabled)
+- [DefenderVersion](defender-csp.md#healthdefenderversion)
+- [Detections](defender-csp.md#detections)
+- [DeviceControl](defender-csp.md#configurationdevicecontrol)
+- [DeviceControlEnabled](defender-csp.md#configurationdevicecontrolenabled)
+- [DisableCacheMaintenance](defender-csp.md#configurationdisablecachemaintenance)
+- [DisableCoreServiceECSIntegration](defender-csp.md#configurationdisablecoreserviceecsintegration)
+- [DisableCoreServiceTelemetry](defender-csp.md#configurationdisablecoreservicetelemetry)
+- [DisableCpuThrottleOnIdleScans](defender-csp.md#configurationdisablecputhrottleonidlescans)
+- [DisableDatagramProcessing](defender-csp.md#configurationdisabledatagramprocessing)
+- [DisableDnsOverTcpParsing](defender-csp.md#configurationdisablednsovertcpparsing)
+- [DisableDnsParsing](defender-csp.md#configurationdisablednsparsing)
+- [DisableFtpParsing](defender-csp.md#configurationdisableftpparsing)
+- [DisableGradualRelease](defender-csp.md#configurationdisablegradualrelease)
+- [DisableHttpParsing](defender-csp.md#configurationdisablehttpparsing)
+- [DisableInboundConnectionFiltering](defender-csp.md#configurationdisableinboundconnectionfiltering)
+- [DisableLocalAdminMerge](defender-csp.md#configurationdisablelocaladminmerge)
+- [DisableNetworkProtectionPerfTelemetry](defender-csp.md#configurationdisablenetworkprotectionperftelemetry)
+- [DisableQuicParsing](defender-csp.md#configurationdisablequicparsing)
+- [DisableRdpParsing](defender-csp.md#configurationdisablerdpparsing)
+- [DisableSmtpParsing](defender-csp.md#configurationdisablesmtpparsing)
+- [DisableSshParsing](defender-csp.md#configurationdisablesshparsing)
+- [DisableTlsParsing](defender-csp.md#configurationdisabletlsparsing)
+- [EnableConvertWarnToBlock](defender-csp.md#configurationenableconvertwarntoblock)
+- [EnableDnsSinkhole](defender-csp.md#configurationenablednssinkhole)
+- [EnableFileHashComputation](defender-csp.md#configurationenablefilehashcomputation)
+- [EnableUdpReceiveOffload](defender-csp.md#configurationenableudpreceiveoffload)
+- [EnableUdpSegmentationOffload](defender-csp.md#configurationenableudpsegmentationoffload)
+- [EngineUpdatesChannel](defender-csp.md#configurationengineupdateschannel)
+- [EngineVersion](defender-csp.md#healthengineversion)
+- [ExcludedIpAddresses](defender-csp.md#configurationexcludedipaddresses)
+- [ExecutionStatus](defender-csp.md#detectionsthreatidexecutionstatus)
+- [FullScanOverdue](defender-csp.md#healthfullscanoverdue)
+- [FullScanRequired](defender-csp.md#healthfullscanrequired)
+- [FullScanSigVersion](defender-csp.md#healthfullscansigversion)
+- [FullScanTime](defender-csp.md#healthfullscantime)
+- [GroupData](defender-csp.md#configurationdevicecontrolpolicygroupsgroupidgroupdata)
+- [Health](defender-csp.md#health)
+- [HideExclusionsFromLocalAdmins](defender-csp.md#configurationhideexclusionsfromlocaladmins)
+- [HideExclusionsFromLocalUsers](defender-csp.md#configurationhideexclusionsfromlocalusers)
+- [InitialDetectionTime](defender-csp.md#detectionsthreatidinitialdetectiontime)
+- [IntelTDTEnabled](defender-csp.md#configurationinteltdtenabled)
+- [IsVirtualMachine](defender-csp.md#healthisvirtualmachine)
+- [LastThreatStatusChangeTime](defender-csp.md#detectionsthreatidlastthreatstatuschangetime)
+- [MeteredConnectionUpdates](defender-csp.md#configurationmeteredconnectionupdates)
+- [Name](defender-csp.md#detectionsthreatidname)
+- [NetworkProtectionReputationMode](defender-csp.md#configurationnetworkprotectionreputationmode)
+- [NisEnabled](defender-csp.md#healthnisenabled)
+- [NumberOfDetections](defender-csp.md#detectionsthreatidnumberofdetections)
+- [OfflineScan](defender-csp.md#offlinescan)
+- [OobeEnableRtpAndSigUpdate](defender-csp.md#configurationoobeenablertpandsigupdate)
+- [PassiveRemediation](defender-csp.md#configurationpassiveremediation)
+- [PerformanceModeStatus](defender-csp.md#configurationperformancemodestatus)
+- [PlatformUpdatesChannel](defender-csp.md#configurationplatformupdateschannel)
+- [PolicyGroups](defender-csp.md#configurationdevicecontrolpolicygroups)
+- [PolicyRules](defender-csp.md#configurationdevicecontrolpolicyrules)
+- [ProductStatus](defender-csp.md#healthproductstatus)
+- [QuickScanIncludeExclusions](defender-csp.md#configurationquickscanincludeexclusions)
+- [QuickScanOverdue](defender-csp.md#healthquickscanoverdue)
+- [QuickScanSigVersion](defender-csp.md#healthquickscansigversion)
+- [QuickScanTime](defender-csp.md#healthquickscantime)
+- [RandomizeScheduleTaskTimes](defender-csp.md#configurationrandomizescheduletasktimes)
+- [RebootRequired](defender-csp.md#healthrebootrequired)
+- [RemoteEncryptionProtection](defender-csp.md#configurationbehavioralnetworkblocksremoteencryptionprotection)
+- [RemoteEncryptionProtectionAggressiveness](defender-csp.md#configurationbehavioralnetworkblocksremoteencryptionprotectionremoteencryptionprotectionaggressiveness)
+- [RemoteEncryptionProtectionConfiguredState](defender-csp.md#configurationbehavioralnetworkblocksremoteencryptionprotectionremoteencryptionprotectionconfiguredstate)
+- [RemoteEncryptionProtectionExclusions](defender-csp.md#configurationbehavioralnetworkblocksremoteencryptionprotectionremoteencryptionprotectionexclusions)
+- [RemoteEncryptionProtectionMaxBlockTime](defender-csp.md#configurationbehavioralnetworkblocksremoteencryptionprotectionremoteencryptionprotectionmaxblocktime)
+- [RollbackEngine](defender-csp.md#rollbackengine)
+- [RollbackPlatform](defender-csp.md#rollbackplatform)
+- [RtpEnabled](defender-csp.md#healthrtpenabled)
+- [RuleData](defender-csp.md#configurationdevicecontrolpolicyrulesruleidruledata)
+- [Scan](defender-csp.md#scan)
+- [ScanOnlyIfIdleEnabled](defender-csp.md#configurationscanonlyifidleenabled)
+- [SchedulerRandomizationTime](defender-csp.md#configurationschedulerrandomizationtime)
+- [ScheduleSecurityIntelligenceUpdateDay](defender-csp.md#configurationschedulesecurityintelligenceupdateday)
+- [ScheduleSecurityIntelligenceUpdateTime](defender-csp.md#configurationschedulesecurityintelligenceupdatetime)
+- [SecuredDevicesConfiguration](defender-csp.md#configurationsecureddevicesconfiguration)
+- [SecurityIntelligenceLocationUpdateAtScheduledTimeOnly](defender-csp.md#configurationsecurityintelligencelocationupdateatscheduledtimeonly)
+- [SecurityIntelligenceUpdatesChannel](defender-csp.md#configurationsecurityintelligenceupdateschannel)
+- [Severity](defender-csp.md#detectionsthreatidseverity)
+- [SignatureOutOfDate](defender-csp.md#healthsignatureoutofdate)
+- [SignatureVersion](defender-csp.md#healthsignatureversion)
+- [State](defender-csp.md#healthdevicecontrolstate)
+- [SupportLogLocation](defender-csp.md#configurationsupportloglocation)
+- [TamperProtection](defender-csp.md#configurationtamperprotection)
+- [TamperProtectionEnabled](defender-csp.md#healthtamperprotectionenabled)
+- [ThrottleForScheduledScanOnly](defender-csp.md#configurationthrottleforscheduledscanonly)
+- [UpdateSignature](defender-csp.md#updatesignature)
+- [URL](defender-csp.md#detectionsthreatidurl)
+
 ## DeliveryOptimization
 
 - [DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#doabsolutemaxcachesize)
@@ -169,6 +291,10 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 - [EnterpriseProxyServersAreAuthoritative](policy-csp-networkisolation.md#enterpriseproxyserversareauthoritative)
 - [NeutralResources](policy-csp-networkisolation.md#neutralresources)
 
+## Policy CSP
+
+- [ADMXInstall](policy-configuration-service-provider.md#deviceconfigoperationsadmxinstall)
+
 ## Privacy
 
 - [AllowInputPersonalization](policy-csp-privacy.md#allowinputpersonalization)
diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md
new file mode 100644
index 0000000000..0ad7b632c3
--- /dev/null
+++ b/windows/client-management/mdm/policies-in-preview.md
@@ -0,0 +1,304 @@
+---
+title: Configuration service provider preview policies
+description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
+ms.date: 09/11/2024
+---
+
+<!-- Auto-Generated CSP Document -->
+
+# Configuration service provider policies in preview
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+This article lists the policies that are applicable for Windows Insider Preview builds.
+
+## AppDeviceInventory
+
+- [TurnOffInstallTracing](policy-csp-appdeviceinventory.md#turnoffinstalltracing)
+- [TurnOffAPISamping](policy-csp-appdeviceinventory.md#turnoffapisamping)
+- [TurnOffApplicationFootprint](policy-csp-appdeviceinventory.md#turnoffapplicationfootprint)
+
+## ClientCertificateInstall CSP
+
+- [AttestPrivateKey](clientcertificateinstall-csp.md#userscepuniqueidinstallattestprivatekey)
+
+## CloudDesktop CSP
+
+- [EnablePhysicalDeviceAccessOnCtrlAltDel](clouddesktop-csp.md#userenablephysicaldeviceaccessonctrlaltdel)
+- [EnablePhysicalDeviceAccessOnErrorScreens](clouddesktop-csp.md#userenablephysicaldeviceaccessonerrorscreens)
+- [EnableBootToCloudSharedPCMode](clouddesktop-csp.md#deviceenableboottocloudsharedpcmode)
+
+## Cryptography
+
+- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md#configureellipticcurvecryptography)
+- [ConfigureSystemCryptographyForceStrongKeyProtection](policy-csp-cryptography.md#configuresystemcryptographyforcestrongkeyprotection)
+- [OverrideMinimumEnabledTLSVersionClient](policy-csp-cryptography.md#overrideminimumenabledtlsversionclient)
+- [OverrideMinimumEnabledTLSVersionServer](policy-csp-cryptography.md#overrideminimumenabledtlsversionserver)
+- [OverrideMinimumEnabledDTLSVersionClient](policy-csp-cryptography.md#overrideminimumenableddtlsversionclient)
+- [OverrideMinimumEnabledDTLSVersionServer](policy-csp-cryptography.md#overrideminimumenableddtlsversionserver)
+
+## DeclaredConfiguration CSP
+
+- [Document](declaredconfiguration-csp.md#hostcompletedocumentsdociddocument)
+- [Abandoned](declaredconfiguration-csp.md#hostcompletedocumentsdocidpropertiesabandoned)
+
+## DeliveryOptimization
+
+- [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn)
+- [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords)
+
+## DesktopAppInstaller
+
+- [EnableWindowsPackageManagerCommandLineInterfaces](policy-csp-desktopappinstaller.md#enablewindowspackagemanagercommandlineinterfaces)
+- [EnableWindowsPackageManagerConfiguration](policy-csp-desktopappinstaller.md#enablewindowspackagemanagerconfiguration)
+
+## DeviceLock
+
+- [MaximumPasswordAge](policy-csp-devicelock.md#maximumpasswordage)
+- [ClearTextPassword](policy-csp-devicelock.md#cleartextpassword)
+- [PasswordComplexity](policy-csp-devicelock.md#passwordcomplexity)
+- [PasswordHistorySize](policy-csp-devicelock.md#passwordhistorysize)
+- [AccountLockoutPolicy](policy-csp-devicelock.md#accountlockoutpolicy)
+- [AllowAdministratorLockout](policy-csp-devicelock.md#allowadministratorlockout)
+- [MinimumPasswordLength](policy-csp-devicelock.md#minimumpasswordlength)
+- [MinimumPasswordLengthAudit](policy-csp-devicelock.md#minimumpasswordlengthaudit)
+- [RelaxMinimumPasswordLengthLimits](policy-csp-devicelock.md#relaxminimumpasswordlengthlimits)
+
+## DevicePreparation CSP
+
+- [PageEnabled](devicepreparation-csp.md#pageenabled)
+- [PageStatus](devicepreparation-csp.md#pagestatus)
+- [PageErrorPhase](devicepreparation-csp.md#pageerrorphase)
+- [PageErrorCode](devicepreparation-csp.md#pageerrorcode)
+- [PageErrorDetails](devicepreparation-csp.md#pageerrordetails)
+- [PageSettings](devicepreparation-csp.md#pagesettings)
+- [ExecutionContext](devicepreparation-csp.md#bootstrapperagentexecutioncontext)
+- [Progress](devicepreparation-csp.md#mdmproviderprogress)
+- [MdmAgentInstalled](devicepreparation-csp.md#mdmprovidermdmagentinstalled)
+- [RebootRequired](devicepreparation-csp.md#mdmproviderrebootrequired)
+
+## DMClient CSP
+
+- [DiscoveryEndpoint](dmclient-csp.md#deviceproviderprovideridlinkedenrollmentdiscoveryendpoint)
+- [Enabled](dmclient-csp.md#deviceproviderprovideridconfigrefreshenabled)
+- [Cadence](dmclient-csp.md#deviceproviderprovideridconfigrefreshcadence)
+- [PausePeriod](dmclient-csp.md#deviceproviderprovideridconfigrefreshpauseperiod)
+
+## Experience
+
+- [AllowScreenRecorder](policy-csp-experience.md#allowscreenrecorder)
+- [EnableOrganizationalMessages](policy-csp-experience.md#enableorganizationalmessages)
+- [DisableTextTranslation](policy-csp-experience.md#disabletexttranslation)
+
+## FileSystem
+
+- [EnableDevDrive](policy-csp-filesystem.md#enabledevdrive)
+- [DevDriveAttachPolicy](policy-csp-filesystem.md#devdriveattachpolicy)
+
+## HealthAttestation CSP
+
+- [AttestErrorMessage](healthattestation-csp.md#attesterrormessage)
+
+## HumanPresence
+
+- [ForceDisableWakeWhenBatterySaverOn](policy-csp-humanpresence.md#forcedisablewakewhenbatterysaveron)
+- [ForceAllowWakeWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowwakewhenexternaldisplayconnected)
+- [ForceAllowLockWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowlockwhenexternaldisplayconnected)
+- [ForceAllowDimWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowdimwhenexternaldisplayconnected)
+
+## InternetExplorer
+
+- [AllowLegacyURLFields](policy-csp-internetexplorer.md#allowlegacyurlfields)
+
+## LanguagePackManagement CSP
+
+- [Providers](language-pack-management-csp.md#installedlanguageslanguage-idproviders)
+- [LanguageFeatures](language-pack-management-csp.md#installedlanguageslanguage-idlanguagefeatures)
+- [Status](language-pack-management-csp.md#installlanguage-idstatus)
+- [ErrorCode](language-pack-management-csp.md#installlanguage-iderrorcode)
+- [CopyToDeviceInternationalSettings](language-pack-management-csp.md#installlanguage-idcopytodeviceinternationalsettings)
+- [EnableLanguageFeatureInstallations](language-pack-management-csp.md#installlanguage-idenablelanguagefeatureinstallations)
+- [StartInstallation](language-pack-management-csp.md#installlanguage-idstartinstallation)
+- [SystemPreferredUILanguages](language-pack-management-csp.md#languagesettingssystempreferreduilanguages)
+
+## LAPS CSP
+
+- [PassphraseLength](laps-csp.md#policiespassphraselength)
+- [AutomaticAccountManagementEnabled](laps-csp.md#policiesautomaticaccountmanagementenabled)
+- [AutomaticAccountManagementTarget](laps-csp.md#policiesautomaticaccountmanagementtarget)
+- [AutomaticAccountManagementNameOrPrefix](laps-csp.md#policiesautomaticaccountmanagementnameorprefix)
+- [AutomaticAccountManagementEnableAccount](laps-csp.md#policiesautomaticaccountmanagementenableaccount)
+- [AutomaticAccountManagementRandomizeName](laps-csp.md#policiesautomaticaccountmanagementrandomizename)
+
+## LocalPoliciesSecurityOptions
+
+- [Audit_AuditTheUseOfBackupAndRestoreprivilege](policy-csp-localpoliciessecurityoptions.md#audit_audittheuseofbackupandrestoreprivilege)
+- [Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings](policy-csp-localpoliciessecurityoptions.md#audit_forceauditpolicysubcategorysettingstooverrideauditpolicycategorysettings)
+- [Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits](policy-csp-localpoliciessecurityoptions.md#audit_shutdownsystemimmediatelyifunabletologsecurityaudits)
+- [Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly](policy-csp-localpoliciessecurityoptions.md#devices_restrictfloppyaccesstolocallyloggedonuseronly)
+- [DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptorsignsecurechanneldataalways)
+- [DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptsecurechanneldatawhenpossible)
+- [DomainMember_DigitallySignSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallysignsecurechanneldatawhenpossible)
+- [DomainMember_DisableMachineAccountPasswordChanges](policy-csp-localpoliciessecurityoptions.md#domainmember_disablemachineaccountpasswordchanges)
+- [DomainMember_MaximumMachineAccountPasswordAge](policy-csp-localpoliciessecurityoptions.md#domainmember_maximummachineaccountpasswordage)
+- [DomainMember_RequireStrongSessionKey](policy-csp-localpoliciessecurityoptions.md#domainmember_requirestrongsessionkey)
+- [InteractiveLogon_MachineAccountLockoutThreshold](policy-csp-localpoliciessecurityoptions.md#interactivelogon_machineaccountlockoutthreshold)
+- [InteractiveLogon_NumberOfPreviousLogonsToCache](policy-csp-localpoliciessecurityoptions.md#interactivelogon_numberofpreviouslogonstocache)
+- [InteractiveLogon_PromptUserToChangePasswordBeforeExpiration](policy-csp-localpoliciessecurityoptions.md#interactivelogon_promptusertochangepasswordbeforeexpiration)
+- [MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_amountofidletimerequiredbeforesuspendingsession)
+- [MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_disconnectclientswhenlogonhoursexpire)
+- [MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_serverspntargetnamevalidationlevel)
+- [NetworkAccess_AllowAnonymousSIDOrNameTranslation](policy-csp-localpoliciessecurityoptions.md#networkaccess_allowanonymoussidornametranslation)
+- [NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication](policy-csp-localpoliciessecurityoptions.md#networkaccess_donotallowstorageofpasswordsandcredentialsfornetworkauthentication)
+- [NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers](policy-csp-localpoliciessecurityoptions.md#networkaccess_leteveryonepermissionsapplytoanonymoususers)
+- [NetworkAccess_NamedPipesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_namedpipesthatcanbeaccessedanonymously)
+- [NetworkAccess_RemotelyAccessibleRegistryPaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypaths)
+- [NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypathsandsubpaths)
+- [NetworkAccess_SharesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharesthatcanbeaccessedanonymously)
+- [NetworkAccess_SharingAndSecurityModelForLocalAccounts](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharingandsecuritymodelforlocalaccounts)
+- [NetworkSecurity_AllowLocalSystemNULLSessionFallback](policy-csp-localpoliciessecurityoptions.md#networksecurity_allowlocalsystemnullsessionfallback)
+- [NetworkSecurity_ForceLogoffWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#networksecurity_forcelogoffwhenlogonhoursexpire)
+- [NetworkSecurity_LDAPClientSigningRequirements](policy-csp-localpoliciessecurityoptions.md#networksecurity_ldapclientsigningrequirements)
+- [RecoveryConsole_AllowAutomaticAdministrativeLogon](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowautomaticadministrativelogon)
+- [RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowfloppycopyandaccesstoalldrivesandallfolders)
+- [SystemCryptography_ForceStrongKeyProtection](policy-csp-localpoliciessecurityoptions.md#systemcryptography_forcestrongkeyprotection)
+- [SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems](policy-csp-localpoliciessecurityoptions.md#systemobjects_requirecaseinsensitivityfornonwindowssubsystems)
+- [SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects](policy-csp-localpoliciessecurityoptions.md#systemobjects_strengthendefaultpermissionsofinternalsystemobjects)
+- [UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_behavioroftheelevationpromptforadministratorprotection)
+- [UserAccountControl_TypeOfAdminApprovalMode](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_typeofadminapprovalmode)
+
+## MixedReality
+
+- [AutoUnlock](policy-csp-mixedreality.md#autounlock)
+- [ConfigureSharedAccount](policy-csp-mixedreality.md#configuresharedaccount)
+- [ConfigureDeviceStandbyAction](policy-csp-mixedreality.md#configuredevicestandbyaction)
+- [ConfigureDeviceStandbyActionTimeout](policy-csp-mixedreality.md#configuredevicestandbyactiontimeout)
+
+## MSSecurityGuide
+
+- [NetBTNodeTypeConfiguration](policy-csp-mssecurityguide.md#netbtnodetypeconfiguration)
+
+## NetworkListManager
+
+- [AllNetworks_NetworkIcon](policy-csp-networklistmanager.md#allnetworks_networkicon)
+- [AllNetworks_NetworkLocation](policy-csp-networklistmanager.md#allnetworks_networklocation)
+- [AllNetworks_NetworkName](policy-csp-networklistmanager.md#allnetworks_networkname)
+- [IdentifyingNetworks_LocationType](policy-csp-networklistmanager.md#identifyingnetworks_locationtype)
+- [UnidentifiedNetworks_LocationType](policy-csp-networklistmanager.md#unidentifiednetworks_locationtype)
+- [UnidentifiedNetworks_UserPermissions](policy-csp-networklistmanager.md#unidentifiednetworks_userpermissions)
+
+## Notifications
+
+- [DisableAccountNotifications](policy-csp-notifications.md#disableaccountnotifications)
+
+## PassportForWork CSP
+
+- [EnableWindowsHelloProvisioningForSecurityKeys](passportforwork-csp.md#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
+- [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning)
+
+## Reboot CSP
+
+- [WeeklyRecurrent](reboot-csp.md#scheduleweeklyrecurrent)
+
+## RemoteDesktopServices
+
+- [LimitServerToClientClipboardRedirection](policy-csp-remotedesktopservices.md#limitservertoclientclipboardredirection)
+- [LimitClientToServerClipboardRedirection](policy-csp-remotedesktopservices.md#limitclienttoserverclipboardredirection)
+- [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md#disconnectonlocklegacyauthn)
+- [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md#disconnectonlockmicrosoftidentityauthn)
+- [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md#ts_server_remoteapp_use_shellappruntime)
+
+## Search
+
+- [ConfigureSearchOnTaskbarMode](policy-csp-search.md#configuresearchontaskbarmode)
+
+## SettingsSync
+
+- [DisableAccessibilitySettingSync](policy-csp-settingssync.md#disableaccessibilitysettingsync)
+- [DisableLanguageSettingSync](policy-csp-settingssync.md#disablelanguagesettingsync)
+
+## Sudo
+
+- [EnableSudo](policy-csp-sudo.md#enablesudo)
+
+## SurfaceHub CSP
+
+- [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled)
+
+## System
+
+- [HideUnsupportedHardwareNotifications](policy-csp-system.md#hideunsupportedhardwarenotifications)
+
+## SystemServices
+
+- [ConfigureComputerBrowserServiceStartupMode](policy-csp-systemservices.md#configurecomputerbrowserservicestartupmode)
+- [ConfigureIISAdminServiceStartupMode](policy-csp-systemservices.md#configureiisadminservicestartupmode)
+- [ConfigureInfraredMonitorServiceStartupMode](policy-csp-systemservices.md#configureinfraredmonitorservicestartupmode)
+- [ConfigureInternetConnectionSharingServiceStartupMode](policy-csp-systemservices.md#configureinternetconnectionsharingservicestartupmode)
+- [ConfigureLxssManagerServiceStartupMode](policy-csp-systemservices.md#configurelxssmanagerservicestartupmode)
+- [ConfigureMicrosoftFTPServiceStartupMode](policy-csp-systemservices.md#configuremicrosoftftpservicestartupmode)
+- [ConfigureRemoteProcedureCallLocatorServiceStartupMode](policy-csp-systemservices.md#configureremoteprocedurecalllocatorservicestartupmode)
+- [ConfigureRoutingAndRemoteAccessServiceStartupMode](policy-csp-systemservices.md#configureroutingandremoteaccessservicestartupmode)
+- [ConfigureSimpleTCPIPServicesStartupMode](policy-csp-systemservices.md#configuresimpletcpipservicesstartupmode)
+- [ConfigureSpecialAdministrationConsoleHelperServiceStartupMode](policy-csp-systemservices.md#configurespecialadministrationconsolehelperservicestartupmode)
+- [ConfigureSSDPDiscoveryServiceStartupMode](policy-csp-systemservices.md#configuressdpdiscoveryservicestartupmode)
+- [ConfigureUPnPDeviceHostServiceStartupMode](policy-csp-systemservices.md#configureupnpdevicehostservicestartupmode)
+- [ConfigureWebManagementServiceStartupMode](policy-csp-systemservices.md#configurewebmanagementservicestartupmode)
+- [ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode](policy-csp-systemservices.md#configurewindowsmediaplayernetworksharingservicestartupmode)
+- [ConfigureWindowsMobileHotspotServiceStartupMode](policy-csp-systemservices.md#configurewindowsmobilehotspotservicestartupmode)
+- [ConfigureWorldWideWebPublishingServiceStartupMode](policy-csp-systemservices.md#configureworldwidewebpublishingservicestartupmode)
+
+## Update
+
+- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
+- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md#configuredeadlinenoautorebootforfeatureupdates)
+- [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md#configuredeadlinenoautorebootforqualityupdates)
+- [AlwaysAutoRebootAtScheduledTimeMinutes](policy-csp-update.md#alwaysautorebootatscheduledtimeminutes)
+
+## UserRights
+
+- [BypassTraverseChecking](policy-csp-userrights.md#bypasstraversechecking)
+- [ReplaceProcessLevelToken](policy-csp-userrights.md#replaceprocessleveltoken)
+- [ChangeTimeZone](policy-csp-userrights.md#changetimezone)
+- [ShutDownTheSystem](policy-csp-userrights.md#shutdownthesystem)
+- [LogOnAsBatchJob](policy-csp-userrights.md#logonasbatchjob)
+- [ProfileSystemPerformance](policy-csp-userrights.md#profilesystemperformance)
+- [DenyLogOnAsBatchJob](policy-csp-userrights.md#denylogonasbatchjob)
+- [LogOnAsService](policy-csp-userrights.md#logonasservice)
+- [IncreaseProcessWorkingSet](policy-csp-userrights.md#increaseprocessworkingset)
+- [DenyLogOnAsService](policy-csp-userrights.md#denylogonasservice)
+- [AdjustMemoryQuotasForProcess](policy-csp-userrights.md#adjustmemoryquotasforprocess)
+- [AllowLogOnThroughRemoteDesktop](policy-csp-userrights.md#allowlogonthroughremotedesktop)
+
+## WebThreatDefense
+
+- [AutomaticDataCollection](policy-csp-webthreatdefense.md#automaticdatacollection)
+
+## Wifi
+
+- [AllowWFAQosManagementMSCS](policy-csp-wifi.md#allowwfaqosmanagementmscs)
+- [AllowWFAQosManagementDSCPToUPMapping](policy-csp-wifi.md#allowwfaqosmanagementdscptoupmapping)
+
+## WindowsAI
+
+- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis)
+- [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
+- [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
+
+## WindowsLicensing CSP
+
+- [SubscriptionType](windowslicensing-csp.md#subscriptionssubscriptiontype)
+- [SubscriptionStatus](windowslicensing-csp.md#subscriptionssubscriptionstatus)
+- [SubscriptionLastError](windowslicensing-csp.md#subscriptionssubscriptionlasterror)
+- [SubscriptionLastErrorDescription](windowslicensing-csp.md#subscriptionssubscriptionlasterrordescription)
+- [DisableSubscription](windowslicensing-csp.md#subscriptionsdisablesubscription)
+- [RemoveSubscription](windowslicensing-csp.md#subscriptionsremovesubscription)
+
+## WindowsSandbox
+
+- [AllowMappedFolders](policy-csp-windowssandbox.md#allowmappedfolders)
+- [AllowWriteToMappedFolders](policy-csp-windowssandbox.md#allowwritetomappedfolders)
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 7aa96cc52c..0fa200d984 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,7 +1,7 @@
 ---
 title: Policy CSP
 description: Learn more about the Policy CSP.
-ms.date: 04/10/2024
+ms.date: 08/07/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -402,7 +402,7 @@ Unique ID of ADMX file.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4520006](https://support.microsoft.com/help/4520006) [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 with [KB4519978](https://support.microsoft.com/help/4519978) [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 with [KB4520062](https://support.microsoft.com/help/4520062) [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 with [KB4517211](https://support.microsoft.com/help/4517211) [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-OmaUri-Begin -->
@@ -441,7 +441,7 @@ Properties of Win32 App ADMX Ingestion.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4520006](https://support.microsoft.com/help/4520006) [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 with [KB4519978](https://support.microsoft.com/help/4519978) [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 with [KB4520062](https://support.microsoft.com/help/4520062) [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 with [KB4517211](https://support.microsoft.com/help/4517211) [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-OmaUri-Begin -->
@@ -481,7 +481,7 @@ Setting Type of Win32 App. Policy Or Preference.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4520006](https://support.microsoft.com/help/4520006) [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 with [KB4519978](https://support.microsoft.com/help/4519978) [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 with [KB4520062](https://support.microsoft.com/help/4520062) [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 with [KB4517211](https://support.microsoft.com/help/4517211) [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-OmaUri-Begin -->
@@ -521,7 +521,7 @@ Unique ID of ADMX file.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4520006](https://support.microsoft.com/help/4520006) [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 with [KB4519978](https://support.microsoft.com/help/4519978) [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 with [KB4520062](https://support.microsoft.com/help/4520062) [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 with [KB4517211](https://support.microsoft.com/help/4517211) [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-OmaUri-Begin -->
@@ -1069,6 +1069,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [ADMX_WordWheel](policy-csp-admx-wordwheel.md)
 - [ADMX_WorkFoldersClient](policy-csp-admx-workfoldersclient.md)
 - [ADMX_WPN](policy-csp-admx-wpn.md)
+- [AppDeviceInventory](policy-csp-appdeviceinventory.md)
 - [ApplicationDefaults](policy-csp-applicationdefaults.md)
 - [ApplicationManagement](policy-csp-applicationmanagement.md)
 - [AppRuntime](policy-csp-appruntime.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index 5a3a8d415b..23c46228c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ActiveXInstallService Policy CSP
 description: Learn more about the ADMX_ActiveXInstallService Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AxISURLZonePolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AxISURLZonePolicies-Applicability-End -->
 
 <!-- AxISURLZonePolicies-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 481aefeb0c..5aa088da13 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AddRemovePrograms Policy CSP
 description: Learn more about the ADMX_AddRemovePrograms Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DefaultCategory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DefaultCategory-Applicability-End -->
 
 <!-- DefaultCategory-OmaUri-Begin -->
@@ -86,7 +86,7 @@ You can use this setting to direct users to the programs they're most likely to
 <!-- NoAddFromCDorFloppy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddFromCDorFloppy-Applicability-End -->
 
 <!-- NoAddFromCDorFloppy-OmaUri-Begin -->
@@ -148,7 +148,7 @@ This setting doesn't prevent users from using other tools and methods to add or
 <!-- NoAddFromInternet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddFromInternet-Applicability-End -->
 
 <!-- NoAddFromInternet-OmaUri-Begin -->
@@ -210,7 +210,7 @@ This setting doesn't prevent users from using other tools and methods to connect
 <!-- NoAddFromNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddFromNetwork-Applicability-End -->
 
 <!-- NoAddFromNetwork-OmaUri-Begin -->
@@ -276,7 +276,7 @@ Published programs are those programs that the system administrator has explicit
 <!-- NoAddPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddPage-Applicability-End -->
 
 <!-- NoAddPage-OmaUri-Begin -->
@@ -337,7 +337,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoAddRemovePrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddRemovePrograms-Applicability-End -->
 
 <!-- NoAddRemovePrograms-OmaUri-Begin -->
@@ -402,7 +402,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoChooseProgramsPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChooseProgramsPage-Applicability-End -->
 
 <!-- NoChooseProgramsPage-OmaUri-Begin -->
@@ -465,7 +465,7 @@ This setting doesn't prevent the Set Program Access and Defaults icon from appea
 <!-- NoRemovePage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRemovePage-Applicability-End -->
 
 <!-- NoRemovePage-OmaUri-Begin -->
@@ -526,7 +526,7 @@ This setting doesn't prevent users from using other tools and methods to delete
 <!-- NoServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoServices-Applicability-End -->
 
 <!-- NoServices-OmaUri-Begin -->
@@ -594,7 +594,7 @@ To remove "Set up services" and prevent the Windows Component Wizard from starti
 <!-- NoSupportInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSupportInfo-Applicability-End -->
 
 <!-- NoSupportInfo-OmaUri-Begin -->
@@ -656,7 +656,7 @@ If you disable this setting or don't configure it, the Support Info hyperlink ap
 <!-- NoWindowsSetupPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsSetupPage-Applicability-End -->
 
 <!-- NoWindowsSetupPage-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index 24516f1874..4522a908ac 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AdmPwd Policy CSP
 description: Learn more about the ADMX_AdmPwd Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- POL_AdmPwd-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd-Applicability-End -->
 
 <!-- POL_AdmPwd-OmaUri-Begin -->
@@ -74,7 +74,7 @@ If you disable or not configure this setting, local administrator password is NO
 <!-- POL_AdmPwd_AdminName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd_AdminName-Applicability-End -->
 
 <!-- POL_AdmPwd_AdminName-OmaUri-Begin -->
@@ -127,7 +127,7 @@ When you disable or don't configure this setting, password expiration time may b
 <!-- POL_AdmPwd_DontAllowPwdExpirationBehindPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd_DontAllowPwdExpirationBehindPolicy-Applicability-End -->
 
 <!-- POL_AdmPwd_DontAllowPwdExpirationBehindPolicy-OmaUri-Begin -->
@@ -180,7 +180,7 @@ When you disable or don't configure this setting, password expiration time may b
 <!-- POL_AdmPwd_Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd_Enabled-Applicability-End -->
 
 <!-- POL_AdmPwd_Enabled-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index db2d8555a0..af4c3a1089 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AppCompat Policy CSP
 description: Learn more about the ADMX_AppCompat Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AppCompatPrevent16BitMach-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatPrevent16BitMach-Applicability-End -->
 
 <!-- AppCompatPrevent16BitMach-OmaUri-Begin -->
@@ -87,7 +87,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set
 <!-- AppCompatRemoveProgramCompatPropPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatRemoveProgramCompatPropPage-Applicability-End -->
 
 <!-- AppCompatRemoveProgramCompatPropPage-OmaUri-Begin -->
@@ -144,7 +144,7 @@ The compatibility property page displays a list of options that can be selected
 <!-- AppCompatTurnOffApplicationImpactTelemetry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffApplicationImpactTelemetry-Applicability-End -->
 
 <!-- AppCompatTurnOffApplicationImpactTelemetry-OmaUri-Begin -->
@@ -207,7 +207,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
 <!-- AppCompatTurnOffEngine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffEngine-Applicability-End -->
 
 <!-- AppCompatTurnOffEngine-OmaUri-Begin -->
@@ -273,7 +273,7 @@ This option is useful to server administrators who require faster performance an
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_1-Applicability-End -->
 
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_1-OmaUri-Begin -->
@@ -328,7 +328,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_2-Applicability-End -->
 
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_2-OmaUri-Begin -->
@@ -392,7 +392,7 @@ The PCA monitors applications run by the user. When a potential compatibility is
 <!-- AppCompatTurnOffProgramInventory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffProgramInventory-Applicability-End -->
 
 <!-- AppCompatTurnOffProgramInventory-OmaUri-Begin -->
@@ -456,7 +456,7 @@ The Inventory Collector inventories applications, files, devices, and drivers on
 <!-- AppCompatTurnOffSwitchBack-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffSwitchBack-Applicability-End -->
 
 <!-- AppCompatTurnOffSwitchBack-OmaUri-Begin -->
@@ -521,7 +521,7 @@ Please reboot the system after changing the setting to ensure that your system a
 <!-- AppCompatTurnOffUserActionRecord-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffUserActionRecord-Applicability-End -->
 
 <!-- AppCompatTurnOffUserActionRecord-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index afc5924f0e..0cdd78d66b 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AppxPackageManager Policy CSP
 description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowDeploymentInSpecialProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDeploymentInSpecialProfiles-Applicability-End -->
 
 <!-- AllowDeploymentInSpecialProfiles-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 8c3e3054f5..540235107e 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AppXRuntime Policy CSP
 description: Learn more about the ADMX_AppXRuntime Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AppxRuntimeApplicationContentUriRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeApplicationContentUriRules-Applicability-End -->
 
 <!-- AppxRuntimeApplicationContentUriRules-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static
 <!-- AppxRuntimeBlockFileElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeBlockFileElevation-Applicability-End -->
 
 <!-- AppxRuntimeBlockFileElevation-OmaUri-Begin -->
@@ -143,7 +143,7 @@ This policy setting lets you control whether Windows Store apps can open files u
 <!-- AppxRuntimeBlockHostedAppAccessWinRT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeBlockHostedAppAccessWinRT-Applicability-End -->
 
 <!-- AppxRuntimeBlockHostedAppAccessWinRT-OmaUri-Begin -->
@@ -204,7 +204,7 @@ This policy shouldn't be enabled unless recommended by Microsoft as a security r
 <!-- AppxRuntimeBlockProtocolElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeBlockProtocolElevation-Applicability-End -->
 
 <!-- AppxRuntimeBlockProtocolElevation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 43b3293b3c..03730b7ad4 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AttachmentManager Policy CSP
 description: Learn more about the ADMX_AttachmentManager Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AM_EstimateFileHandlerRisk-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_EstimateFileHandlerRisk-Applicability-End -->
 
 <!-- AM_EstimateFileHandlerRisk-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Using both the file handler and type data is the most restrictive option. Window
 <!-- AM_SetFileRiskLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetFileRiskLevel-Applicability-End -->
 
 <!-- AM_SetFileRiskLevel-OmaUri-Begin -->
@@ -153,7 +153,7 @@ Low Risk: If the attachment is in the list of low-risk file types, Windows won't
 <!-- AM_SetHighRiskInclusion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetHighRiskInclusion-Applicability-End -->
 
 <!-- AM_SetHighRiskInclusion-OmaUri-Begin -->
@@ -213,7 +213,7 @@ This policy setting allows you to configure the list of high-risk file types. If
 <!-- AM_SetLowRiskInclusion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetLowRiskInclusion-Applicability-End -->
 
 <!-- AM_SetLowRiskInclusion-OmaUri-Begin -->
@@ -273,7 +273,7 @@ This policy setting allows you to configure the list of low-risk file types. If
 <!-- AM_SetModRiskInclusion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetModRiskInclusion-Applicability-End -->
 
 <!-- AM_SetModRiskInclusion-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index 255926912f..3758b90ad9 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_AuditSettings Policy CSP
 description: Learn more about the ADMX_AuditSettings Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- IncludeCmdLine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IncludeCmdLine-Applicability-End -->
 
 <!-- IncludeCmdLine-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 7762c0431d..00b4cf5513 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Bits Policy CSP
 description: Learn more about the ADMX_Bits Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- BITS_DisableBranchCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_DisableBranchCache-Applicability-End -->
 
 <!-- BITS_DisableBranchCache-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This setting affects whether the BITS client is allowed to use Windows Branch Ca
 <!-- BITS_DisablePeercachingClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_DisablePeercachingClient-Applicability-End -->
 
 <!-- BITS_DisablePeercachingClient-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi
 <!-- BITS_DisablePeercachingServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_DisablePeercachingServer-Applicability-End -->
 
 <!-- BITS_DisablePeercachingServer-OmaUri-Begin -->
@@ -207,7 +207,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi
 <!-- BITS_EnablePeercaching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_EnablePeercaching-Applicability-End -->
 
 <!-- BITS_EnablePeercaching-OmaUri-Begin -->
@@ -268,7 +268,7 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava
 <!-- BITS_MaxBandwidthServedForPeers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxBandwidthServedForPeers-Applicability-End -->
 
 <!-- BITS_MaxBandwidthServedForPeers-OmaUri-Begin -->
@@ -333,7 +333,7 @@ You can change the default behavior of BITS, and specify a fixed maximum bandwid
 <!-- BITS_MaxBandwidthV2_Maintenance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxBandwidthV2_Maintenance-Applicability-End -->
 
 <!-- BITS_MaxBandwidthV2_Maintenance-OmaUri-Begin -->
@@ -397,7 +397,7 @@ You can specify a limit to use for background jobs during a maintenance schedule
 <!-- BITS_MaxBandwidthV2_Work-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxBandwidthV2_Work-Applicability-End -->
 
 <!-- BITS_MaxBandwidthV2_Work-OmaUri-Begin -->
@@ -458,7 +458,7 @@ You can specify a limit to use for background jobs during a work schedule. For e
 <!-- BITS_MaxCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxCacheSize-Applicability-End -->
 
 <!-- BITS_MaxCacheSize-OmaUri-Begin -->
@@ -519,7 +519,7 @@ This policy setting limits the maximum amount of disk space that can be used for
 <!-- BITS_MaxContentAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxContentAge-Applicability-End -->
 
 <!-- BITS_MaxContentAge-OmaUri-Begin -->
@@ -580,7 +580,7 @@ This policy setting limits the maximum age of files in the Background Intelligen
 <!-- BITS_MaxDownloadTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxDownloadTime-Applicability-End -->
 
 <!-- BITS_MaxDownloadTime-OmaUri-Begin -->
@@ -642,7 +642,7 @@ By default BITS uses a maximum download time of 90 days (7,776,000 seconds).
 <!-- BITS_MaxFilesPerJob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxFilesPerJob-Applicability-End -->
 
 <!-- BITS_MaxFilesPerJob-OmaUri-Begin -->
@@ -703,7 +703,7 @@ This policy setting limits the number of files that a BITS job can contain. By d
 <!-- BITS_MaxJobsPerMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxJobsPerMachine-Applicability-End -->
 
 <!-- BITS_MaxJobsPerMachine-OmaUri-Begin -->
@@ -764,7 +764,7 @@ This policy setting limits the number of BITS jobs that can be created for all u
 <!-- BITS_MaxJobsPerUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxJobsPerUser-Applicability-End -->
 
 <!-- BITS_MaxJobsPerUser-OmaUri-Begin -->
@@ -825,7 +825,7 @@ This policy setting limits the number of BITS jobs that can be created by a user
 <!-- BITS_MaxRangesPerFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxRangesPerFile-Applicability-End -->
 
 <!-- BITS_MaxRangesPerFile-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index c2810e7ba4..54835ffbf0 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_CipherSuiteOrder Policy CSP
 description: Learn more about the ADMX_CipherSuiteOrder Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- SSLCipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SSLCipherSuiteOrder-Applicability-End -->
 
 <!-- SSLCipherSuiteOrder-OmaUri-Begin -->
@@ -81,7 +81,7 @@ Link for all the cipherSuites: <https://go.microsoft.com/fwlink/?LinkId=517265>
 <!-- SSLCurveOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SSLCurveOrder-Applicability-End -->
 
 <!-- SSLCurveOrder-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 3497e521fa..308d376d86 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_COM Policy CSP
 description: Learn more about the ADMX_COM Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AppMgmt_COM_SearchForCLSID_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppMgmt_COM_SearchForCLSID_1-Applicability-End -->
 
 <!-- AppMgmt_COM_SearchForCLSID_1-OmaUri-Begin -->
@@ -84,7 +84,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- AppMgmt_COM_SearchForCLSID_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppMgmt_COM_SearchForCLSID_2-Applicability-End -->
 
 <!-- AppMgmt_COM_SearchForCLSID_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index a94e04af2d..b819fe73bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ControlPanel Policy CSP
 description: Learn more about the ADMX_ControlPanel Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisallowCpls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowCpls-Applicability-End -->
 
 <!-- DisallowCpls-OmaUri-Begin -->
@@ -91,7 +91,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
 <!-- ForceClassicControlPanel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceClassicControlPanel-Applicability-End -->
 
 <!-- ForceClassicControlPanel-OmaUri-Begin -->
@@ -155,7 +155,7 @@ This policy setting controls the default Control Panel view, whether by category
 <!-- NoControlPanel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoControlPanel-Applicability-End -->
 
 <!-- NoControlPanel-OmaUri-Begin -->
@@ -230,7 +230,7 @@ If users try to select a Control Panel item from the Properties item on a contex
 <!-- RestrictCpls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictCpls-Applicability-End -->
 
 <!-- RestrictCpls-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index bb5edcf621..af2f85b62d 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ControlPanelDisplay Policy CSP
 description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CPL_Display_Disable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Display_Disable-Applicability-End -->
 
 <!-- CPL_Display_Disable-OmaUri-Begin -->
@@ -80,7 +80,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis
 <!-- CPL_Display_HideSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Display_HideSettings-Applicability-End -->
 
 <!-- CPL_Display_HideSettings-OmaUri-Begin -->
@@ -137,7 +137,7 @@ This setting prevents users from using Control Panel to add, configure, or chang
 <!-- CPL_Personalization_DisableColorSchemeChoice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_DisableColorSchemeChoice-Applicability-End -->
 
 <!-- CPL_Personalization_DisableColorSchemeChoice-OmaUri-Begin -->
@@ -198,7 +198,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting
 <!-- CPL_Personalization_DisableThemeChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_DisableThemeChange-Applicability-End -->
 
 <!-- CPL_Personalization_DisableThemeChange-OmaUri-Begin -->
@@ -260,7 +260,7 @@ This setting disables the theme gallery in the Personalization Control Panel.
 <!-- CPL_Personalization_DisableVisualStyle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_DisableVisualStyle-Applicability-End -->
 
 <!-- CPL_Personalization_DisableVisualStyle-OmaUri-Begin -->
@@ -319,7 +319,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap
 <!-- CPL_Personalization_EnableScreenSaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_EnableScreenSaver-Applicability-End -->
 
 <!-- CPL_Personalization_EnableScreenSaver-OmaUri-Begin -->
@@ -382,7 +382,7 @@ Also, see the "Prevent changing Screen Saver" setting.
 <!-- CPL_Personalization_ForceDefaultLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_ForceDefaultLockScreen-Applicability-End -->
 
 <!-- CPL_Personalization_ForceDefaultLockScreen-OmaUri-Begin -->
@@ -445,7 +445,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon
 <!-- CPL_Personalization_LockFontSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_LockFontSize-Applicability-End -->
 
 <!-- CPL_Personalization_LockFontSize-OmaUri-Begin -->
@@ -504,7 +504,7 @@ Prevents users from changing the size of the font in the windows and buttons dis
 <!-- CPL_Personalization_NoChangingLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoChangingLockScreen-Applicability-End -->
 
 <!-- CPL_Personalization_NoChangingLockScreen-OmaUri-Begin -->
@@ -563,7 +563,7 @@ If you enable this setting, the user won't be able to change their lock screen a
 <!-- CPL_Personalization_NoChangingStartMenuBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoChangingStartMenuBackground-Applicability-End -->
 
 <!-- CPL_Personalization_NoChangingStartMenuBackground-OmaUri-Begin -->
@@ -626,7 +626,7 @@ If the "Force a specific Start background" policy is also set on a supported ver
 <!-- CPL_Personalization_NoColorAppearanceUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoColorAppearanceUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoColorAppearanceUI-OmaUri-Begin -->
@@ -687,7 +687,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes
 <!-- CPL_Personalization_NoDesktopBackgroundUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoDesktopBackgroundUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoDesktopBackgroundUI-OmaUri-Begin -->
@@ -753,7 +753,7 @@ Also, see the "Allow only bitmapped wallpaper" setting.
 <!-- CPL_Personalization_NoDesktopIconsUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoDesktopIconsUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoDesktopIconsUI-OmaUri-Begin -->
@@ -814,7 +814,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t
 <!-- CPL_Personalization_NoLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoLockScreen-Applicability-End -->
 
 <!-- CPL_Personalization_NoLockScreen-OmaUri-Begin -->
@@ -873,7 +873,7 @@ This policy setting controls whether the lock screen appears for users.
 <!-- CPL_Personalization_NoMousePointersUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoMousePointersUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoMousePointersUI-OmaUri-Begin -->
@@ -932,7 +932,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha
 <!-- CPL_Personalization_NoScreenSaverUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoScreenSaverUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoScreenSaverUI-OmaUri-Begin -->
@@ -989,7 +989,7 @@ This setting prevents users from using Control Panel to add, configure, or chang
 <!-- CPL_Personalization_NoSoundSchemeUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoSoundSchemeUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoSoundSchemeUI-OmaUri-Begin -->
@@ -1048,7 +1048,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by
 <!-- CPL_Personalization_PersonalColors-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_PersonalColors-Applicability-End -->
 
 <!-- CPL_Personalization_PersonalColors-OmaUri-Begin -->
@@ -1106,7 +1106,7 @@ If this setting is enabled, the background and accent colors of Windows will be
 <!-- CPL_Personalization_ScreenSaverIsSecure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_ScreenSaverIsSecure-Applicability-End -->
 
 <!-- CPL_Personalization_ScreenSaverIsSecure-OmaUri-Begin -->
@@ -1174,7 +1174,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen
 <!-- CPL_Personalization_ScreenSaverTimeOut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_ScreenSaverTimeOut-Applicability-End -->
 
 <!-- CPL_Personalization_ScreenSaverTimeOut-OmaUri-Begin -->
@@ -1242,7 +1242,7 @@ When not configured, whatever wait time is set on the client through the Screen
 <!-- CPL_Personalization_SetScreenSaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_SetScreenSaver-Applicability-End -->
 
 <!-- CPL_Personalization_SetScreenSaver-OmaUri-Begin -->
@@ -1307,7 +1307,7 @@ If the specified screen saver isn't installed on a computer to which this settin
 <!-- CPL_Personalization_SetTheme-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_SetTheme-Applicability-End -->
 
 <!-- CPL_Personalization_SetTheme-OmaUri-Begin -->
@@ -1369,7 +1369,7 @@ Specifies which theme file is applied to the computer the first time a user logs
 <!-- CPL_Personalization_SetVisualStyle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_SetVisualStyle-Applicability-End -->
 
 <!-- CPL_Personalization_SetVisualStyle-OmaUri-Begin -->
@@ -1438,7 +1438,7 @@ This can be a local computer visual style (aero.msstyles), or a file located on
 <!-- CPL_Personalization_StartBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_StartBackground-Applicability-End -->
 
 <!-- CPL_Personalization_StartBackground-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index b9744965b8..8ff5777e97 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Cpls Policy CSP
 description: Learn more about the ADMX_Cpls Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- UseDefaultTile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UseDefaultTile-Applicability-End -->
 
 <!-- UseDefaultTile-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 6d4b3184a0..66487275ce 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_CredentialProviders Policy CSP
 description: Learn more about the ADMX_CredentialProviders Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowDomainDelayLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDomainDelayLock-Applicability-End -->
 
 <!-- AllowDomainDelayLock-OmaUri-Begin -->
@@ -84,7 +84,7 @@ This policy setting allows you to control whether a user can change the time bef
 <!-- DefaultCredentialProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DefaultCredentialProvider-Applicability-End -->
 
 <!-- DefaultCredentialProvider-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting allows the administrator to assign a specified credential pr
 <!-- ExcludedCredentialProviders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExcludedCredentialProviders-Applicability-End -->
 
 <!-- ExcludedCredentialProviders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index a33e0f4837..3384029777 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_CredSsp Policy CSP
 description: Learn more about the ADMX_CredSsp Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowDefaultCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDefaultCredentials-Applicability-End -->
 
 <!-- AllowDefaultCredentials-OmaUri-Begin -->
@@ -99,7 +99,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowDefCredentialsWhenNTLMOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDefCredentialsWhenNTLMOnly-Applicability-End -->
 
 <!-- AllowDefCredentialsWhenNTLMOnly-OmaUri-Begin -->
@@ -171,7 +171,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowEncryptionOracle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowEncryptionOracle-Applicability-End -->
 
 <!-- AllowEncryptionOracle-OmaUri-Begin -->
@@ -239,7 +239,7 @@ For more information about the vulnerability and servicing requirements for prot
 <!-- AllowFreshCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowFreshCredentials-Applicability-End -->
 
 <!-- AllowFreshCredentials-OmaUri-Begin -->
@@ -315,7 +315,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowFreshCredentialsWhenNTLMOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowFreshCredentialsWhenNTLMOnly-Applicability-End -->
 
 <!-- AllowFreshCredentialsWhenNTLMOnly-OmaUri-Begin -->
@@ -389,7 +389,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowSavedCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSavedCredentials-Applicability-End -->
 
 <!-- AllowSavedCredentials-OmaUri-Begin -->
@@ -463,7 +463,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowSavedCredentialsWhenNTLMOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSavedCredentialsWhenNTLMOnly-Applicability-End -->
 
 <!-- AllowSavedCredentialsWhenNTLMOnly-OmaUri-Begin -->
@@ -537,7 +537,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- DenyDefaultCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyDefaultCredentials-Applicability-End -->
 
 <!-- DenyDefaultCredentials-OmaUri-Begin -->
@@ -609,7 +609,7 @@ This policy setting can be used in combination with the "Allow delegating defaul
 <!-- DenyFreshCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyFreshCredentials-Applicability-End -->
 
 <!-- DenyFreshCredentials-OmaUri-Begin -->
@@ -681,7 +681,7 @@ This policy setting can be used in combination with the "Allow delegating fresh
 <!-- DenySavedCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenySavedCredentials-Applicability-End -->
 
 <!-- DenySavedCredentials-OmaUri-Begin -->
@@ -753,7 +753,7 @@ This policy setting can be used in combination with the "Allow delegating saved
 <!-- RestrictedRemoteAdministration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictedRemoteAdministration-Applicability-End -->
 
 <!-- RestrictedRemoteAdministration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index d173ccb390..1d6008f006 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_CredUI Policy CSP
 description: Learn more about the ADMX_CredUI Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- EnableSecureCredentialPrompting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableSecureCredentialPrompting-Applicability-End -->
 
 <!-- EnableSecureCredentialPrompting-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting requires the user to enter Microsoft Windows credentials usi
 <!-- NoLocalPasswordResetQuestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoLocalPasswordResetQuestions-Applicability-End -->
 
 <!-- NoLocalPasswordResetQuestions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index fb39f06a22..af5b17a0de 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_CtrlAltDel Policy CSP
 description: Learn more about the ADMX_CtrlAltDel Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableChangePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableChangePassword-Applicability-End -->
 
 <!-- DisableChangePassword-OmaUri-Begin -->
@@ -80,7 +80,7 @@ However, users are still able to change their password when prompted by the syst
 <!-- DisableLockComputer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLockComputer-Applicability-End -->
 
 <!-- DisableLockComputer-OmaUri-Begin -->
@@ -144,7 +144,7 @@ While locked, the desktop is hidden and the system can't be used. Only the user
 <!-- DisableTaskMgr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableTaskMgr-Applicability-End -->
 
 <!-- DisableTaskMgr-OmaUri-Begin -->
@@ -205,7 +205,7 @@ Task Manager (taskmgr.exe) lets users start and stop programs; monitor the perfo
 <!-- NoLogoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoLogoff-Applicability-End -->
 
 <!-- NoLogoff-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 88352e9758..da6c059f32 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DataCollection Policy CSP
 description: Learn more about the ADMX_DataCollection Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CommercialIdPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CommercialIdPolicy-Applicability-End -->
 
 <!-- CommercialIdPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index 5243e0bdb3..82338c786f 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DCOM Policy CSP
 description: Learn more about the ADMX_DCOM Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DCOMActivationSecurityCheckAllowLocalList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCOMActivationSecurityCheckAllowLocalList-Applicability-End -->
 
 <!-- DCOMActivationSecurityCheckAllowLocalList-OmaUri-Begin -->
@@ -83,7 +83,7 @@ Allows you to specify that local computer administrators can supplement the "Def
 <!-- DCOMActivationSecurityCheckExemptionList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCOMActivationSecurityCheckExemptionList-Applicability-End -->
 
 <!-- DCOMActivationSecurityCheckExemptionList-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index 74cb4bd0e0..463d46efd4 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Desktop Policy CSP
 description: Learn more about the ADMX_Desktop Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AD_EnableFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AD_EnableFilter-Applicability-End -->
 
 <!-- AD_EnableFilter-OmaUri-Begin -->
@@ -82,7 +82,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl
 <!-- AD_HideDirectoryFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AD_HideDirectoryFolder-Applicability-End -->
 
 <!-- AD_HideDirectoryFolder-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This setting is designed to let users search Active Directory but not tempt them
 <!-- AD_QueryLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AD_QueryLimit-Applicability-End -->
 
 <!-- AD_QueryLimit-OmaUri-Begin -->
@@ -205,7 +205,7 @@ This setting is designed to protect the network and the domain controller from t
 <!-- ForceActiveDesktopOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceActiveDesktopOn-Applicability-End -->
 
 <!-- ForceActiveDesktopOn-OmaUri-Begin -->
@@ -267,7 +267,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
 <!-- NoActiveDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoActiveDesktop-Applicability-End -->
 
 <!-- NoActiveDesktop-OmaUri-Begin -->
@@ -329,7 +329,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
 <!-- NoActiveDesktopChanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoActiveDesktopChanges-Applicability-End -->
 
 <!-- NoActiveDesktopChanges-OmaUri-Begin -->
@@ -386,7 +386,7 @@ This is a comprehensive setting that locks down the configuration you establish
 <!-- NoDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDesktop-Applicability-End -->
 
 <!-- NoDesktop-OmaUri-Begin -->
@@ -449,7 +449,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T
 <!-- NoDesktopCleanupWizard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDesktopCleanupWizard-Applicability-End -->
 
 <!-- NoDesktopCleanupWizard-OmaUri-Begin -->
@@ -511,7 +511,7 @@ Prevents users from using the Desktop Cleanup Wizard.
 <!-- NoInternetIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInternetIcon-Applicability-End -->
 
 <!-- NoInternetIcon-OmaUri-Begin -->
@@ -568,7 +568,7 @@ This setting doesn't prevent the user from starting Internet Explorer by using o
 <!-- NoMyComputerIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMyComputerIcon-Applicability-End -->
 
 <!-- NoMyComputerIcon-OmaUri-Begin -->
@@ -632,7 +632,7 @@ This setting hides Computer from the desktop and from the new Start menu. It als
 <!-- NoMyDocumentsIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMyDocumentsIcon-Applicability-End -->
 
 <!-- NoMyDocumentsIcon-OmaUri-Begin -->
@@ -696,7 +696,7 @@ This setting doesn't remove the My Documents icon from the Start menu. To do so,
 <!-- NoNetHood-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNetHood-Applicability-End -->
 
 <!-- NoNetHood-OmaUri-Begin -->
@@ -756,7 +756,7 @@ This setting only affects the desktop icon. It doesn't prevent users from connec
 <!-- NoPropertiesMyComputer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPropertiesMyComputer-Applicability-End -->
 
 <!-- NoPropertiesMyComputer-OmaUri-Begin -->
@@ -815,7 +815,7 @@ This setting hides Properties on the context menu for Computer.
 <!-- NoPropertiesMyDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPropertiesMyDocuments-Applicability-End -->
 
 <!-- NoPropertiesMyDocuments-OmaUri-Begin -->
@@ -880,7 +880,7 @@ Clicks the My Documents icon, and then presses ALT+ENTER.
 <!-- NoRecentDocsNetHood-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecentDocsNetHood-Applicability-End -->
 
 <!-- NoRecentDocsNetHood-OmaUri-Begin -->
@@ -939,7 +939,7 @@ Remote shared folders aren't added to Network Locations whenever you open a docu
 <!-- NoRecycleBinIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecycleBinIcon-Applicability-End -->
 
 <!-- NoRecycleBinIcon-OmaUri-Begin -->
@@ -1001,7 +1001,7 @@ This setting doesn't prevent the user from using other methods to gain access to
 <!-- NoRecycleBinProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecycleBinProperties-Applicability-End -->
 
 <!-- NoRecycleBinProperties-OmaUri-Begin -->
@@ -1060,7 +1060,7 @@ Removes the Properties option from the Recycle Bin context menu.
 <!-- NoSaveSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSaveSettings-Applicability-End -->
 
 <!-- NoSaveSettings-OmaUri-Begin -->
@@ -1117,7 +1117,7 @@ If you enable this setting, users can change the desktop, but some changes, such
 <!-- NoWindowMinimizingShortcuts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowMinimizingShortcuts-Applicability-End -->
 
 <!-- NoWindowMinimizingShortcuts-OmaUri-Begin -->
@@ -1176,7 +1176,7 @@ Prevents windows from being minimized or restored when the active window is shak
 <!-- sz_AdminComponents_Title-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_AdminComponents_Title-Applicability-End -->
 
 <!-- sz_AdminComponents_Title-OmaUri-Begin -->
@@ -1240,7 +1240,7 @@ You can also use this setting to delete particular Web-based items from users' d
 <!-- sz_ATC_DisableAdd-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableAdd-Applicability-End -->
 
 <!-- sz_ATC_DisableAdd-OmaUri-Begin -->
@@ -1299,7 +1299,7 @@ Also, see the "Disable all items" setting.
 <!-- sz_ATC_DisableClose-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableClose-Applicability-End -->
 
 <!-- sz_ATC_DisableClose-OmaUri-Begin -->
@@ -1361,7 +1361,7 @@ If you enable this setting, items added to the desktop can't be closed; they alw
 <!-- sz_ATC_DisableDel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableDel-Applicability-End -->
 
 <!-- sz_ATC_DisableDel-OmaUri-Begin -->
@@ -1422,7 +1422,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings.
 <!-- sz_ATC_DisableEdit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableEdit-Applicability-End -->
 
 <!-- sz_ATC_DisableEdit-OmaUri-Begin -->
@@ -1479,7 +1479,7 @@ This setting disables the Properties button on the Web tab in Display in Control
 <!-- sz_ATC_NoComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_NoComponents-Applicability-End -->
 
 <!-- sz_ATC_NoComponents-OmaUri-Begin -->
@@ -1539,7 +1539,7 @@ This setting removes all Active Desktop items from the desktop. It also removes
 <!-- sz_DB_DragDropClose-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_DB_DragDropClose-Applicability-End -->
 
 <!-- sz_DB_DragDropClose-OmaUri-Begin -->
@@ -1604,7 +1604,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting.
 <!-- sz_DB_Moving-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_DB_Moving-Applicability-End -->
 
 <!-- sz_DB_Moving-OmaUri-Begin -->
@@ -1666,7 +1666,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool
 <!-- sz_DWP_NoHTMLPaper-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_DWP_NoHTMLPaper-Applicability-End -->
 
 <!-- sz_DWP_NoHTMLPaper-OmaUri-Begin -->
@@ -1723,7 +1723,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User
 <!-- Wallpaper-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Wallpaper-Applicability-End -->
 
 <!-- Wallpaper-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index 0992bb4dbb..ee02c1fdb1 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DeviceCompat Policy CSP
 description: Learn more about the ADMX_DeviceCompat Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DeviceFlags-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceFlags-Applicability-End -->
 
 <!-- DeviceFlags-OmaUri-Begin -->
@@ -76,7 +76,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices.
 <!-- DriverShims-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverShims-Applicability-End -->
 
 <!-- DriverShims-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index 3873ad69da..94711a96ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DeviceGuard Policy CSP
 description: Learn more about the ADMX_DeviceGuard Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -23,7 +23,7 @@ ms.date: 01/18/2024
 <!-- ConfigCIPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigCIPolicy-Applicability-End -->
 
 <!-- ConfigCIPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 2fb1234e02..04bbcda528 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DeviceInstallation Policy CSP
 description: Learn more about the ADMX_DeviceInstallation Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DeviceInstall_AllowAdminInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_AllowAdminInstall-Applicability-End -->
 
 <!-- DeviceInstall_AllowAdminInstall-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting allows you to determine whether members of the Administrator
 <!-- DeviceInstall_DeniedPolicy_DetailText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_DeniedPolicy_DetailText-Applicability-End -->
 
 <!-- DeviceInstall_DeniedPolicy_DetailText-OmaUri-Begin -->
@@ -140,7 +140,7 @@ This policy setting allows you to display a custom message to users in a notific
 <!-- DeviceInstall_DeniedPolicy_SimpleText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_DeniedPolicy_SimpleText-Applicability-End -->
 
 <!-- DeviceInstall_DeniedPolicy_SimpleText-OmaUri-Begin -->
@@ -198,7 +198,7 @@ This policy setting allows you to display a custom message title in a notificati
 <!-- DeviceInstall_InstallTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_InstallTimeout-Applicability-End -->
 
 <!-- DeviceInstall_InstallTimeout-OmaUri-Begin -->
@@ -256,7 +256,7 @@ This policy setting allows you to configure the number of seconds Windows waits
 <!-- DeviceInstall_Policy_RebootTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_Policy_RebootTime-Applicability-End -->
 
 <!-- DeviceInstall_Policy_RebootTime-OmaUri-Begin -->
@@ -318,7 +318,7 @@ This policy setting establishes the amount of time (in seconds) that the system
 <!-- DeviceInstall_Removable_Deny-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_Removable_Deny-Applicability-End -->
 
 <!-- DeviceInstall_Removable_Deny-OmaUri-Begin -->
@@ -382,7 +382,7 @@ This policy setting allows you to prevent Windows from installing removable devi
 <!-- DeviceInstall_SystemRestore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_SystemRestore-Applicability-End -->
 
 <!-- DeviceInstall_SystemRestore-OmaUri-Begin -->
@@ -441,7 +441,7 @@ This policy setting allows you to prevent Windows from creating a system restore
 <!-- DriverInstall_Classes_AllowUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverInstall_Classes_AllowUser-Applicability-End -->
 
 <!-- DriverInstall_Classes_AllowUser-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index d298ee4f28..67eea97170 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DeviceSetup Policy CSP
 description: Learn more about the ADMX_DeviceSetup Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DeviceInstall_BalloonTips-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_BalloonTips-Applicability-End -->
 
 <!-- DeviceInstall_BalloonTips-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting allows you to turn off "Found New Hardware" balloons during
 <!-- DriverSearchPlaces_SearchOrderConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverSearchPlaces_SearchOrderConfiguration-Applicability-End -->
 
 <!-- DriverSearchPlaces_SearchOrderConfiguration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 8b8a9fd98e..6e3f90a479 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DFS Policy CSP
 description: Learn more about the ADMX_DFS Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DFSDiscoverDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DFSDiscoverDC-Applicability-End -->
 
 <!-- DFSDiscoverDC-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index b9cab4363f..44cc32a941 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DigitalLocker Policy CSP
 description: Learn more about the ADMX_DigitalLocker Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Digitalx_DiableApplication_TitleText_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Digitalx_DiableApplication_TitleText_1-Applicability-End -->
 
 <!-- Digitalx_DiableApplication_TitleText_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla
 <!-- Digitalx_DiableApplication_TitleText_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Digitalx_DiableApplication_TitleText_2-Applicability-End -->
 
 <!-- Digitalx_DiableApplication_TitleText_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 6fe0e41bc7..fd3f6d2bcd 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DiskDiagnostic Policy CSP
 description: Learn more about the ADMX_DiskDiagnostic Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DfdAlertPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DfdAlertPolicy-Applicability-End -->
 
 <!-- DfdAlertPolicy-OmaUri-Begin -->
@@ -86,7 +86,7 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 7aebe11d5c..c05e1abb81 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DiskNVCache Policy CSP
 description: Learn more about the ADMX_DiskNVCache Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- BootResumePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BootResumePolicy-Applicability-End -->
 
 <!-- BootResumePolicy-OmaUri-Begin -->
@@ -85,7 +85,7 @@ This policy setting turns off the boot and resume optimizations for the hybrid h
 <!-- CachePowerModePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CachePowerModePolicy-Applicability-End -->
 
 <!-- CachePowerModePolicy-OmaUri-Begin -->
@@ -149,7 +149,7 @@ This policy setting turns off power save mode on the hybrid hard disks in the sy
 <!-- FeatureOffPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FeatureOffPolicy-Applicability-End -->
 
 <!-- FeatureOffPolicy-OmaUri-Begin -->
@@ -213,7 +213,7 @@ This policy setting turns off all support for the non-volatile (NV) cache on all
 <!-- SolidStatePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SolidStatePolicy-Applicability-End -->
 
 <!-- SolidStatePolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index 3822ac0264..9ed30a6596 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DiskQuota Policy CSP
 description: Learn more about the ADMX_DiskQuota Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DQ_Enable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_Enable-Applicability-End -->
 
 <!-- DQ_Enable-OmaUri-Begin -->
@@ -90,7 +90,7 @@ To prevent users from changing the setting while a setting is in effect, the sys
 <!-- DQ_Enforce-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_Enforce-Applicability-End -->
 
 <!-- DQ_Enforce-OmaUri-Begin -->
@@ -159,7 +159,7 @@ Enforcement is optional. When users reach an enforced disk quota limit, the syst
 <!-- DQ_Limit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_Limit-Applicability-End -->
 
 <!-- DQ_Limit-OmaUri-Begin -->
@@ -225,7 +225,7 @@ This policy setting is effective only when disk quota management is enabled on t
 <!-- DQ_LogEventOverLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_LogEventOverLimit-Applicability-End -->
 
 <!-- DQ_LogEventOverLimit-OmaUri-Begin -->
@@ -293,7 +293,7 @@ Also, this policy setting doesn't affect the Quota Entries window on the Quota t
 <!-- DQ_LogEventOverThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_LogEventOverThreshold-Applicability-End -->
 
 <!-- DQ_LogEventOverThreshold-OmaUri-Begin -->
@@ -359,7 +359,7 @@ This policy setting doesn't affect the Quota Entries window on the Quota tab. Ev
 <!-- DQ_RemovableMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_RemovableMedia-Applicability-End -->
 
 <!-- DQ_RemovableMedia-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index 10ff8682a8..86db7ab46f 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DistributedLinkTracking Policy CSP
 description: Learn more about the ADMX_DistributedLinkTracking Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DLT_AllowDomainMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DLT_AllowDomainMode-Applicability-End -->
 
 <!-- DLT_AllowDomainMode-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 66b65954ea..2f447009b6 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DnsClient Policy CSP
 description: Learn more about the ADMX_DnsClient Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DNS_AllowFQDNNetBiosQueries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_AllowFQDNNetBiosQueries-Applicability-End -->
 
 <!-- DNS_AllowFQDNNetBiosQueries-OmaUri-Begin -->
@@ -80,7 +80,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie
 <!-- DNS_AppendToMultiLabelName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_AppendToMultiLabelName-Applicability-End -->
 
 <!-- DNS_AppendToMultiLabelName-OmaUri-Begin -->
@@ -147,7 +147,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix
 <!-- DNS_Domain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_Domain-Applicability-End -->
 
 <!-- DNS_Domain-OmaUri-Begin -->
@@ -207,7 +207,7 @@ To use this policy setting, click Enabled, and then enter a string value represe
 <!-- DNS_DomainNameDevolutionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_DomainNameDevolutionLevel-Applicability-End -->
 
 <!-- DNS_DomainNameDevolutionLevel-OmaUri-Begin -->
@@ -284,7 +284,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
 <!-- DNS_IdnEncoding-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_IdnEncoding-Applicability-End -->
 
 <!-- DNS_IdnEncoding-OmaUri-Begin -->
@@ -343,7 +343,7 @@ Specifies whether the DNS client should convert internationalized domain names (
 <!-- DNS_IdnMapping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_IdnMapping-Applicability-End -->
 
 <!-- DNS_IdnMapping-OmaUri-Begin -->
@@ -402,7 +402,7 @@ Specifies whether the DNS client should convert internationalized domain names (
 <!-- DNS_NameServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_NameServer-Applicability-End -->
 
 <!-- DNS_NameServer-OmaUri-Begin -->
@@ -462,7 +462,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list
 <!-- DNS_PreferLocalResponsesOverLowerOrderDns-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_PreferLocalResponsesOverLowerOrderDns-Applicability-End -->
 
 <!-- DNS_PreferLocalResponsesOverLowerOrderDns-OmaUri-Begin -->
@@ -524,7 +524,7 @@ Specifies that responses from link local name resolution protocols received over
 <!-- DNS_PrimaryDnsSuffix-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_PrimaryDnsSuffix-Applicability-End -->
 
 <!-- DNS_PrimaryDnsSuffix-OmaUri-Begin -->
@@ -589,7 +589,7 @@ You can use this policy setting to prevent users, including local administrators
 <!-- DNS_RegisterAdapterName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegisterAdapterName-Applicability-End -->
 
 <!-- DNS_RegisterAdapterName-OmaUri-Begin -->
@@ -655,7 +655,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso
 <!-- DNS_RegisterReverseLookup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegisterReverseLookup-Applicability-End -->
 
 <!-- DNS_RegisterReverseLookup-OmaUri-Begin -->
@@ -723,7 +723,7 @@ Register only if A record registration succeeds: Computers will attempt to regis
 <!-- DNS_RegistrationEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationEnabled-Applicability-End -->
 
 <!-- DNS_RegistrationEnabled-OmaUri-Begin -->
@@ -782,7 +782,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic
 <!-- DNS_RegistrationOverwritesInConflict-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationOverwritesInConflict-Applicability-End -->
 
 <!-- DNS_RegistrationOverwritesInConflict-OmaUri-Begin -->
@@ -845,7 +845,7 @@ During dynamic update of resource records in a zone that doesn't use Secure Dyna
 <!-- DNS_RegistrationRefreshInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationRefreshInterval-Applicability-End -->
 
 <!-- DNS_RegistrationRefreshInterval-OmaUri-Begin -->
@@ -910,7 +910,7 @@ To specify the registration refresh interval, click Enabled and then enter a val
 <!-- DNS_RegistrationTtl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationTtl-Applicability-End -->
 
 <!-- DNS_RegistrationTtl-OmaUri-Begin -->
@@ -970,7 +970,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example
 <!-- DNS_SearchList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_SearchList-Applicability-End -->
 
 <!-- DNS_SearchList-OmaUri-Begin -->
@@ -1034,7 +1034,7 @@ To use this policy setting, click Enabled, and then enter a string value represe
 <!-- DNS_SmartMultiHomedNameResolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_SmartMultiHomedNameResolution-Applicability-End -->
 
 <!-- DNS_SmartMultiHomedNameResolution-OmaUri-Begin -->
@@ -1093,7 +1093,7 @@ Specifies that a multi-homed DNS client should optimize name resolution across n
 <!-- DNS_SmartProtocolReorder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_SmartProtocolReorder-Applicability-End -->
 
 <!-- DNS_SmartProtocolReorder-OmaUri-Begin -->
@@ -1155,7 +1155,7 @@ Specifies that the DNS client should prefer responses from link local name resol
 <!-- DNS_UpdateSecurityLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_UpdateSecurityLevel-Applicability-End -->
 
 <!-- DNS_UpdateSecurityLevel-OmaUri-Begin -->
@@ -1221,7 +1221,7 @@ Only secure - computers send only secure dynamic updates.
 <!-- DNS_UpdateTopLevelDomainZones-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_UpdateTopLevelDomainZones-Applicability-End -->
 
 <!-- DNS_UpdateTopLevelDomainZones-OmaUri-Begin -->
@@ -1282,7 +1282,7 @@ By default, a DNS client that's configured to perform dynamic DNS update will up
 <!-- DNS_UseDomainNameDevolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_UseDomainNameDevolution-Applicability-End -->
 
 <!-- DNS_UseDomainNameDevolution-OmaUri-Begin -->
@@ -1359,7 +1359,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
 <!-- Turn_Off_Multicast-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Turn_Off_Multicast-Applicability-End -->
 
 <!-- Turn_Off_Multicast-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index d44012983a..1cfe66691d 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_DWM Policy CSP
 description: Learn more about the ADMX_DWM Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DwmDefaultColorizationColor_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDefaultColorizationColor_1-Applicability-End -->
 
 <!-- DwmDefaultColorizationColor_1-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting controls the default color for window frames when the user d
 <!-- DwmDefaultColorizationColor_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDefaultColorizationColor_2-Applicability-End -->
 
 <!-- DwmDefaultColorizationColor_2-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting controls the default color for window frames when the user d
 <!-- DwmDisallowAnimations_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowAnimations_1-Applicability-End -->
 
 <!-- DwmDisallowAnimations_1-OmaUri-Begin -->
@@ -206,7 +206,7 @@ Changing this policy setting requires a logoff for it to be applied.
 <!-- DwmDisallowAnimations_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowAnimations_2-Applicability-End -->
 
 <!-- DwmDisallowAnimations_2-OmaUri-Begin -->
@@ -267,7 +267,7 @@ Changing this policy setting requires a logoff for it to be applied.
 <!-- DwmDisallowColorizationColorChanges_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowColorizationColorChanges_1-Applicability-End -->
 
 <!-- DwmDisallowColorizationColorChanges_1-OmaUri-Begin -->
@@ -329,7 +329,7 @@ This policy setting controls the ability to change the color of window frames.
 <!-- DwmDisallowColorizationColorChanges_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowColorizationColorChanges_2-Applicability-End -->
 
 <!-- DwmDisallowColorizationColorChanges_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index f7038edb13..8c7874f974 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EAIME Policy CSP
 description: Learn more about the ADMX_EAIME Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList-Applicability-End -->
 
 <!-- L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList-OmaUri-Begin -->
@@ -85,7 +85,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_RestrictCharacterCodeRangeOfConversion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_RestrictCharacterCodeRangeOfConversion-Applicability-End -->
 
 <!-- L_RestrictCharacterCodeRangeOfConversion-OmaUri-Begin -->
@@ -160,7 +160,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_TurnOffCustomDictionary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffCustomDictionary-Applicability-End -->
 
 <!-- L_TurnOffCustomDictionary-OmaUri-Begin -->
@@ -228,7 +228,7 @@ This policy setting is applied to Japanese Microsoft IME.
 <!-- L_TurnOffHistorybasedPredictiveInput-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffHistorybasedPredictiveInput-Applicability-End -->
 
 <!-- L_TurnOffHistorybasedPredictiveInput-OmaUri-Begin -->
@@ -292,7 +292,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_TurnOffInternetSearchIntegration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffInternetSearchIntegration-Applicability-End -->
 
 <!-- L_TurnOffInternetSearchIntegration-OmaUri-Begin -->
@@ -358,7 +358,7 @@ This policy setting applies to Japanese Microsoft IME.
 <!-- L_TurnOffOpenExtendedDictionary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffOpenExtendedDictionary-Applicability-End -->
 
 <!-- L_TurnOffOpenExtendedDictionary-OmaUri-Begin -->
@@ -421,7 +421,7 @@ This policy setting is applied to Japanese Microsoft IME.
 <!-- L_TurnOffSavingAutoTuningDataToFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffSavingAutoTuningDataToFile-Applicability-End -->
 
 <!-- L_TurnOffSavingAutoTuningDataToFile-OmaUri-Begin -->
@@ -482,7 +482,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_TurnOnCloudCandidate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnCloudCandidate-Applicability-End -->
 
 <!-- L_TurnOnCloudCandidate-OmaUri-Begin -->
@@ -545,7 +545,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.
 <!-- L_TurnOnCloudCandidateCHS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnCloudCandidateCHS-Applicability-End -->
 
 <!-- L_TurnOnCloudCandidateCHS-OmaUri-Begin -->
@@ -608,7 +608,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
 <!-- L_TurnOnLexiconUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnLexiconUpdate-Applicability-End -->
 
 <!-- L_TurnOnLexiconUpdate-OmaUri-Begin -->
@@ -667,7 +667,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
 <!-- L_TurnOnLiveStickers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnLiveStickers-Applicability-End -->
 
 <!-- L_TurnOnLiveStickers-OmaUri-Begin -->
@@ -726,7 +726,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
 <!-- L_TurnOnMisconversionLoggingForMisconversionReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnMisconversionLoggingForMisconversionReport-Applicability-End -->
 
 <!-- L_TurnOnMisconversionLoggingForMisconversionReport-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 7e4e793bf7..4ff4c47c53 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EncryptFilesonMove Policy CSP
 description: Learn more about the ADMX_EncryptFilesonMove Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- NoEncryptOnMove-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoEncryptOnMove-Applicability-End -->
 
 <!-- NoEncryptOnMove-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 899f863d68..f9c29b883f 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EnhancedStorage Policy CSP
 description: Learn more about the ADMX_EnhancedStorage Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ApprovedEnStorDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApprovedEnStorDevices-Applicability-End -->
 
 <!-- ApprovedEnStorDevices-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting allows you to configure a list of Enhanced Storage devices b
 <!-- ApprovedSilos-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApprovedSilos-Applicability-End -->
 
 <!-- ApprovedSilos-OmaUri-Begin -->
@@ -139,7 +139,7 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi
 <!-- DisablePasswordAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePasswordAuthentication-Applicability-End -->
 
 <!-- DisablePasswordAuthentication-OmaUri-Begin -->
@@ -198,7 +198,7 @@ This policy setting configures whether or not a password can be used to unlock a
 <!-- DisallowLegacyDiskDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowLegacyDiskDevices-Applicability-End -->
 
 <!-- DisallowLegacyDiskDevices-OmaUri-Begin -->
@@ -257,7 +257,7 @@ This policy setting configures whether or not non-Enhanced Storage removable dev
 <!-- LockDeviceOnMachineLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockDeviceOnMachineLock-Applicability-End -->
 
 <!-- LockDeviceOnMachineLock-OmaUri-Begin -->
@@ -318,7 +318,7 @@ This policy setting is supported in Windows Server SKUs only.
 <!-- RootHubConnectedEnStorDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RootHubConnectedEnStorDevices-Applicability-End -->
 
 <!-- RootHubConnectedEnStorDevices-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 4d1b6c454d..7c0a9b383c 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ErrorReporting Policy CSP
 description: Learn more about the ADMX_ErrorReporting Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PCH_AllOrNoneDef-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_AllOrNoneDef-Applicability-End -->
 
 <!-- PCH_AllOrNoneDef-OmaUri-Begin -->
@@ -85,7 +85,7 @@ For related information, see the Configure Error Reporting and Report Operating
 <!-- PCH_AllOrNoneEx-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_AllOrNoneEx-Applicability-End -->
 
 <!-- PCH_AllOrNoneEx-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting controls Windows Error Reporting behavior for errors in gene
 <!-- PCH_AllOrNoneInc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_AllOrNoneInc-Applicability-End -->
 
 <!-- PCH_AllOrNoneInc-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab
 <!-- PCH_ConfigureReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_ConfigureReport-Applicability-End -->
 
 <!-- PCH_ConfigureReport-OmaUri-Begin -->
@@ -292,7 +292,7 @@ See related policy settings Display Error Notification (same folder as this poli
 <!-- PCH_ReportOperatingSystemFaults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_ReportOperatingSystemFaults-Applicability-End -->
 
 <!-- PCH_ReportOperatingSystemFaults-OmaUri-Begin -->
@@ -355,7 +355,7 @@ See also the Configure Error Reporting policy setting.
 <!-- WerArchive_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerArchive_1-Applicability-End -->
 
 <!-- WerArchive_1-OmaUri-Begin -->
@@ -414,7 +414,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive
 <!-- WerArchive_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerArchive_2-Applicability-End -->
 
 <!-- WerArchive_2-OmaUri-Begin -->
@@ -473,7 +473,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive
 <!-- WerAutoApproveOSDumps_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerAutoApproveOSDumps_1-Applicability-End -->
 
 <!-- WerAutoApproveOSDumps_1-OmaUri-Begin -->
@@ -532,7 +532,7 @@ This policy setting controls whether memory dumps in support of OS-generated err
 <!-- WerAutoApproveOSDumps_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerAutoApproveOSDumps_2-Applicability-End -->
 
 <!-- WerAutoApproveOSDumps_2-OmaUri-Begin -->
@@ -591,7 +591,7 @@ This policy setting controls whether memory dumps in support of OS-generated err
 <!-- WerBypassDataThrottling_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassDataThrottling_1-Applicability-End -->
 
 <!-- WerBypassDataThrottling_1-OmaUri-Begin -->
@@ -650,7 +650,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit
 <!-- WerBypassDataThrottling_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassDataThrottling_2-Applicability-End -->
 
 <!-- WerBypassDataThrottling_2-OmaUri-Begin -->
@@ -709,7 +709,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit
 <!-- WerBypassNetworkCostThrottling_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassNetworkCostThrottling_1-Applicability-End -->
 
 <!-- WerBypassNetworkCostThrottling_1-OmaUri-Begin -->
@@ -768,7 +768,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for
 <!-- WerBypassNetworkCostThrottling_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassNetworkCostThrottling_2-Applicability-End -->
 
 <!-- WerBypassNetworkCostThrottling_2-OmaUri-Begin -->
@@ -827,7 +827,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for
 <!-- WerBypassPowerThrottling_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassPowerThrottling_1-Applicability-End -->
 
 <!-- WerBypassPowerThrottling_1-OmaUri-Begin -->
@@ -886,7 +886,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t
 <!-- WerBypassPowerThrottling_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassPowerThrottling_2-Applicability-End -->
 
 <!-- WerBypassPowerThrottling_2-OmaUri-Begin -->
@@ -945,7 +945,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t
 <!-- WerCER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerCER-Applicability-End -->
 
 <!-- WerCER-OmaUri-Begin -->
@@ -1003,7 +1003,7 @@ This policy setting specifies a corporate server to which Windows Error Reportin
 <!-- WerConsentCustomize_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerConsentCustomize_1-Applicability-End -->
 
 <!-- WerConsentCustomize_1-OmaUri-Begin -->
@@ -1071,7 +1071,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f
 <!-- WerConsentOverride_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerConsentOverride_1-Applicability-End -->
 
 <!-- WerConsentOverride_1-OmaUri-Begin -->
@@ -1130,7 +1130,7 @@ This policy setting determines the behavior of the Configure Default Consent set
 <!-- WerConsentOverride_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerConsentOverride_2-Applicability-End -->
 
 <!-- WerConsentOverride_2-OmaUri-Begin -->
@@ -1189,7 +1189,7 @@ This policy setting determines the behavior of the Configure Default Consent set
 <!-- WerDefaultConsent_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerDefaultConsent_1-Applicability-End -->
 
 <!-- WerDefaultConsent_1-OmaUri-Begin -->
@@ -1255,7 +1255,7 @@ This policy setting determines the default consent behavior of Windows Error Rep
 <!-- WerDefaultConsent_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerDefaultConsent_2-Applicability-End -->
 
 <!-- WerDefaultConsent_2-OmaUri-Begin -->
@@ -1321,7 +1321,7 @@ This policy setting determines the default consent behavior of Windows Error Rep
 <!-- WerDisable_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerDisable_1-Applicability-End -->
 
 <!-- WerDisable_1-OmaUri-Begin -->
@@ -1380,7 +1380,7 @@ This policy setting turns off Windows Error Reporting, so that reports aren't co
 <!-- WerExlusion_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerExlusion_1-Applicability-End -->
 
 <!-- WerExlusion_1-OmaUri-Begin -->
@@ -1440,7 +1440,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera
 <!-- WerExlusion_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerExlusion_2-Applicability-End -->
 
 <!-- WerExlusion_2-OmaUri-Begin -->
@@ -1500,7 +1500,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera
 <!-- WerNoLogging_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerNoLogging_1-Applicability-End -->
 
 <!-- WerNoLogging_1-OmaUri-Begin -->
@@ -1559,7 +1559,7 @@ This policy setting controls whether Windows Error Reporting saves its own event
 <!-- WerNoLogging_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerNoLogging_2-Applicability-End -->
 
 <!-- WerNoLogging_2-OmaUri-Begin -->
@@ -1618,7 +1618,7 @@ This policy setting controls whether Windows Error Reporting saves its own event
 <!-- WerNoSecondLevelData_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerNoSecondLevelData_1-Applicability-End -->
 
 <!-- WerNoSecondLevelData_1-OmaUri-Begin -->
@@ -1677,7 +1677,7 @@ This policy setting controls whether additional data in support of error reports
 <!-- WerQueue_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerQueue_1-Applicability-End -->
 
 <!-- WerQueue_1-OmaUri-Begin -->
@@ -1738,7 +1738,7 @@ The Maximum number of reports to queue setting determines how many reports can b
 <!-- WerQueue_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerQueue_2-Applicability-End -->
 
 <!-- WerQueue_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index 1f768733bc..13353ee9ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EventForwarding Policy CSP
 description: Learn more about the ADMX_EventForwarding Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ForwarderResourceUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForwarderResourceUsage-Applicability-End -->
 
 <!-- ForwarderResourceUsage-OmaUri-Begin -->
@@ -81,7 +81,7 @@ This setting applies across all subscriptions for the forwarder (source computer
 <!-- SubscriptionManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SubscriptionManager-Applicability-End -->
 
 <!-- SubscriptionManager-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 55c84c956a..016c98016e 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EventLog Policy CSP
 description: Learn more about the ADMX_EventLog Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Channel_Log_AutoBackup_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_1-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_AutoBackup_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_2-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_2-OmaUri-Begin -->
@@ -143,7 +143,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_AutoBackup_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_3-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_3-OmaUri-Begin -->
@@ -204,7 +204,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_AutoBackup_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_4-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_4-OmaUri-Begin -->
@@ -265,7 +265,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_FileLogAccess_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_1-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_1-OmaUri-Begin -->
@@ -326,7 +326,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_2-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_2-OmaUri-Begin -->
@@ -387,7 +387,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_3-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_3-OmaUri-Begin -->
@@ -448,7 +448,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_4-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_4-OmaUri-Begin -->
@@ -509,7 +509,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_5-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_5-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_5-OmaUri-Begin -->
@@ -569,7 +569,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_6-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_6-OmaUri-Begin -->
@@ -629,7 +629,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_7-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_7-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_7-OmaUri-Begin -->
@@ -689,7 +689,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_8-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_8-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_8-OmaUri-Begin -->
@@ -749,7 +749,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_Retention_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_Retention_2-Applicability-End -->
 
 <!-- Channel_Log_Retention_2-OmaUri-Begin -->
@@ -811,7 +811,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_Retention_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_Retention_3-Applicability-End -->
 
 <!-- Channel_Log_Retention_3-OmaUri-Begin -->
@@ -873,7 +873,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_Retention_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_Retention_4-Applicability-End -->
 
 <!-- Channel_Log_Retention_4-OmaUri-Begin -->
@@ -935,7 +935,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_LogEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogEnabled-Applicability-End -->
 
 <!-- Channel_LogEnabled-OmaUri-Begin -->
@@ -994,7 +994,7 @@ This policy setting turns on logging.
 <!-- Channel_LogFilePath_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_1-Applicability-End -->
 
 <!-- Channel_LogFilePath_1-OmaUri-Begin -->
@@ -1052,7 +1052,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogFilePath_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_2-Applicability-End -->
 
 <!-- Channel_LogFilePath_2-OmaUri-Begin -->
@@ -1110,7 +1110,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogFilePath_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_3-Applicability-End -->
 
 <!-- Channel_LogFilePath_3-OmaUri-Begin -->
@@ -1168,7 +1168,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogFilePath_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_4-Applicability-End -->
 
 <!-- Channel_LogFilePath_4-OmaUri-Begin -->
@@ -1226,7 +1226,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogMaxSize_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogMaxSize_3-Applicability-End -->
 
 <!-- Channel_LogMaxSize_3-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index f72a8ff776..3c13367734 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EventLogging Policy CSP
 description: Learn more about the ADMX_EventLogging Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- EnableProtectedEventLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableProtectedEventLogging-Applicability-End -->
 
 <!-- EnableProtectedEventLogging-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index 8b171fc73b..74f43583b2 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_EventViewer Policy CSP
 description: Learn more about the ADMX_EventViewer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- EventViewer_RedirectionProgram-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_RedirectionProgram-Applicability-End -->
 
 <!-- EventViewer_RedirectionProgram-OmaUri-Begin -->
@@ -75,7 +75,7 @@ This is the program that will be invoked when the user clicks the events.asp lin
 <!-- EventViewer_RedirectionProgramCommandLineParameters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_RedirectionProgramCommandLineParameters-Applicability-End -->
 
 <!-- EventViewer_RedirectionProgramCommandLineParameters-OmaUri-Begin -->
@@ -129,7 +129,7 @@ This specifies the command line parameters that will be passed to the events.asp
 <!-- EventViewer_RedirectionURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_RedirectionURL-Applicability-End -->
 
 <!-- EventViewer_RedirectionURL-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index afe2fa4fee..e9a61f1c6b 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Explorer Policy CSP
 description: Learn more about the ADMX_Explorer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AdminInfoUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AdminInfoUrl-Applicability-End -->
 
 <!-- AdminInfoUrl-OmaUri-Begin -->
@@ -75,7 +75,7 @@ Sets the target of the More Information link that will be displayed when the use
 <!-- AlwaysShowClassicMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AlwaysShowClassicMenu-Applicability-End -->
 
 <!-- AlwaysShowClassicMenu-OmaUri-Begin -->
@@ -140,7 +140,7 @@ This policy setting configures File Explorer to always display the menu bar.
 <!-- DisableRoamedProfileInit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRoamedProfileInit-Applicability-End -->
 
 <!-- DisableRoamedProfileInit-OmaUri-Begin -->
@@ -197,7 +197,7 @@ If you enable this policy setting on a machine that doesn't contain all programs
 <!-- PreventItemCreationInUsersFilesFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventItemCreationInUsersFilesFolder-Applicability-End -->
 
 <!-- PreventItemCreationInUsersFilesFolder-OmaUri-Begin -->
@@ -259,7 +259,7 @@ This policy setting allows administrators to prevent users from adding new items
 <!-- TurnOffSPIAnimations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffSPIAnimations-Applicability-End -->
 
 <!-- TurnOffSPIAnimations-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index ea236024a2..5f345d1ef6 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ExternalBoot Policy CSP
 description: Learn more about the ADMX_ExternalBoot Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PortableOperatingSystem_Hibernate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PortableOperatingSystem_Hibernate-Applicability-End -->
 
 <!-- PortableOperatingSystem_Hibernate-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Specifies whether the PC can use the hibernation sleep state (S4) when started f
 <!-- PortableOperatingSystem_Launcher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PortableOperatingSystem_Launcher-Applicability-End -->
 
 <!-- PortableOperatingSystem_Launcher-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting controls whether the PC will boot to Windows To Go if a USB
 <!-- PortableOperatingSystem_Sleep-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PortableOperatingSystem_Sleep-Applicability-End -->
 
 <!-- PortableOperatingSystem_Sleep-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 6fa3f2524f..f2b3cb91db 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_FileRecovery Policy CSP
 description: Learn more about the ADMX_FileRecovery Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index 4f69113a08..f62f39edaf 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_FileRevocation Policy CSP
 description: Learn more about the ADMX_FileRevocation Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DelegatedPackageFamilyNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DelegatedPackageFamilyNames-Applicability-End -->
 
 <!-- DelegatedPackageFamilyNames-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 09b719884e..f539b5910d 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_FileServerVSSProvider Policy CSP
 description: Learn more about the ADMX_FileServerVSSProvider Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Pol_EncryptProtocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EncryptProtocol-Applicability-End -->
 
 <!-- Pol_EncryptProtocol-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 125fd2482d..03c6eabd47 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_FileSys Policy CSP
 description: Learn more about the ADMX_FileSys Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableCompression-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCompression-Applicability-End -->
 
 <!-- DisableCompression-OmaUri-Begin -->
@@ -78,7 +78,7 @@ A reboot is required for this setting to take effect.
 <!-- DisableDeleteNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableDeleteNotification-Applicability-End -->
 
 <!-- DisableDeleteNotification-OmaUri-Begin -->
@@ -137,7 +137,7 @@ A value of 1 will disable delete notifications for all volumes.
 <!-- DisableEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableEncryption-Applicability-End -->
 
 <!-- DisableEncryption-OmaUri-Begin -->
@@ -194,7 +194,7 @@ A reboot is required for this setting to take effect.
 <!-- EnablePagefileEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnablePagefileEncryption-Applicability-End -->
 
 <!-- EnablePagefileEncryption-OmaUri-Begin -->
@@ -249,7 +249,7 @@ Encrypting the page file prevents malicious users from reading data that has bee
 <!-- LongPathsEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LongPathsEnabled-Applicability-End -->
 
 <!-- LongPathsEnabled-OmaUri-Begin -->
@@ -304,7 +304,7 @@ Enabling Win32 long paths will allow manifested win32 applications and Windows S
 <!-- ShortNameCreationSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShortNameCreationSettings-Applicability-End -->
 
 <!-- ShortNameCreationSettings-OmaUri-Begin -->
@@ -360,7 +360,7 @@ If you enable short names on all volumes then short names will always be generat
 <!-- SymlinkEvaluation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SymlinkEvaluation-Applicability-End -->
 
 <!-- SymlinkEvaluation-OmaUri-Begin -->
@@ -428,7 +428,7 @@ For further information please refer to the Windows Help section.
 <!-- TxfDeprecatedFunctionality-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TxfDeprecatedFunctionality-Applicability-End -->
 
 <!-- TxfDeprecatedFunctionality-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index 8515f89060..bd04e0fa4f 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_FolderRedirection Policy CSP
 description: Learn more about the ADMX_FolderRedirection Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableFRAdminPin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableFRAdminPin-Applicability-End -->
 
 <!-- DisableFRAdminPin-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting allows you to control whether all redirected shell folders,
 <!-- DisableFRAdminPinByFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableFRAdminPinByFolder-Applicability-End -->
 
 <!-- DisableFRAdminPinByFolder-OmaUri-Begin -->
@@ -153,7 +153,7 @@ If you disable or don't configure this policy setting, all redirected shell fold
 <!-- FolderRedirectionEnableCacheRename-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FolderRedirectionEnableCacheRename-Applicability-End -->
 
 <!-- FolderRedirectionEnableCacheRename-OmaUri-Begin -->
@@ -212,7 +212,7 @@ This policy setting controls whether the contents of redirected folders is copie
 <!-- LocalizeXPRelativePaths_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocalizeXPRelativePaths_1-Applicability-End -->
 
 <!-- LocalizeXPRelativePaths_1-OmaUri-Begin -->
@@ -274,7 +274,7 @@ This policy setting allows the administrator to define whether Folder Redirectio
 <!-- LocalizeXPRelativePaths_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocalizeXPRelativePaths_2-Applicability-End -->
 
 <!-- LocalizeXPRelativePaths_2-OmaUri-Begin -->
@@ -336,7 +336,7 @@ This policy setting allows the administrator to define whether Folder Redirectio
 <!-- PrimaryComputer_FR_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrimaryComputer_FR_1-Applicability-End -->
 
 <!-- PrimaryComputer_FR_1-OmaUri-Begin -->
@@ -400,7 +400,7 @@ To designate a user's primary computers, an administrator must use management so
 <!-- PrimaryComputer_FR_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrimaryComputer_FR_2-Applicability-End -->
 
 <!-- PrimaryComputer_FR_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index bdc13bd323..a6e699f57e 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_FramePanes Policy CSP
 description: Learn more about the ADMX_FramePanes Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- NoPreviewPane-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPreviewPane-Applicability-End -->
 
 <!-- NoPreviewPane-OmaUri-Begin -->
@@ -84,7 +84,7 @@ If you disable, or don't configure this policy setting, the Details Pane is hidd
 <!-- NoReadingPane-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoReadingPane-Applicability-End -->
 
 <!-- NoReadingPane-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index 0bd737cd3c..6151b18e4e 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_fthsvc Policy CSP
 description: Learn more about the ADMX_fthsvc Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 5266b42db2..6dc909c654 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Globalization Policy CSP
 description: Learn more about the ADMX_Globalization Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- BlockUserInputMethodsForSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockUserInputMethodsForSignIn-Applicability-End -->
 
 <!-- BlockUserInputMethodsForSignIn-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Note this doesn't affect the availability of user input methods on the lock scre
 <!-- CustomLocalesNoSelect_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomLocalesNoSelect_1-Applicability-End -->
 
 <!-- CustomLocalesNoSelect_1-OmaUri-Begin -->
@@ -153,7 +153,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
 <!-- CustomLocalesNoSelect_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomLocalesNoSelect_2-Applicability-End -->
 
 <!-- CustomLocalesNoSelect_2-OmaUri-Begin -->
@@ -224,7 +224,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
 <!-- HideAdminOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideAdminOptions-Applicability-End -->
 
 <!-- HideAdminOptions-OmaUri-Begin -->
@@ -288,7 +288,7 @@ This policy setting is used only to simplify the Regional Options control panel.
 <!-- HideCurrentLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideCurrentLocation-Applicability-End -->
 
 <!-- HideCurrentLocation-OmaUri-Begin -->
@@ -352,7 +352,7 @@ This policy setting is used only to simplify the Regional Options control panel.
 <!-- HideLanguageSelection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideLanguageSelection-Applicability-End -->
 
 <!-- HideLanguageSelection-OmaUri-Begin -->
@@ -416,7 +416,7 @@ This policy setting is used only to simplify the Regional Options control panel.
 <!-- HideLocaleSelectAndCustomize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideLocaleSelectAndCustomize-Applicability-End -->
 
 <!-- HideLocaleSelectAndCustomize-OmaUri-Begin -->
@@ -477,7 +477,7 @@ This policy setting is used only to simplify the Regional and Language Options c
 <!-- ImplicitDataCollectionOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ImplicitDataCollectionOff_1-Applicability-End -->
 
 <!-- ImplicitDataCollectionOff_1-OmaUri-Begin -->
@@ -552,7 +552,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol
 <!-- ImplicitDataCollectionOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ImplicitDataCollectionOff_2-Applicability-End -->
 
 <!-- ImplicitDataCollectionOff_2-OmaUri-Begin -->
@@ -627,7 +627,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol
 <!-- LocaleSystemRestrict-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocaleSystemRestrict-Applicability-End -->
 
 <!-- LocaleSystemRestrict-OmaUri-Begin -->
@@ -688,7 +688,7 @@ The locale list is specified using language names, separated by a semicolon (;).
 <!-- LocaleUserRestrict_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocaleUserRestrict_1-Applicability-End -->
 
 <!-- LocaleUserRestrict_1-OmaUri-Begin -->
@@ -757,7 +757,7 @@ The locale list is specified using language tags, separated by a semicolon (;).
 <!-- LocaleUserRestrict_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocaleUserRestrict_2-Applicability-End -->
 
 <!-- LocaleUserRestrict_2-OmaUri-Begin -->
@@ -826,7 +826,7 @@ The locale list is specified using language tags, separated by a semicolon (;).
 <!-- LockMachineUILanguage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockMachineUILanguage-Applicability-End -->
 
 <!-- LockMachineUILanguage-OmaUri-Begin -->
@@ -886,7 +886,7 @@ This is a policy setting for computers with more than one UI language installed.
 <!-- LockUserUILanguage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockUserUILanguage-Applicability-End -->
 
 <!-- LockUserUILanguage-OmaUri-Begin -->
@@ -948,7 +948,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200
 <!-- PreventGeoIdChange_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventGeoIdChange_1-Applicability-End -->
 
 <!-- PreventGeoIdChange_1-OmaUri-Begin -->
@@ -1015,7 +1015,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
 <!-- PreventGeoIdChange_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventGeoIdChange_2-Applicability-End -->
 
 <!-- PreventGeoIdChange_2-OmaUri-Begin -->
@@ -1082,7 +1082,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
 <!-- PreventUserOverrides_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventUserOverrides_1-Applicability-End -->
 
 <!-- PreventUserOverrides_1-OmaUri-Begin -->
@@ -1151,7 +1151,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
 <!-- PreventUserOverrides_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventUserOverrides_2-Applicability-End -->
 
 <!-- PreventUserOverrides_2-OmaUri-Begin -->
@@ -1220,7 +1220,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
 <!-- RestrictUILangSelect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictUILangSelect-Applicability-End -->
 
 <!-- RestrictUILangSelect-OmaUri-Begin -->
@@ -1280,7 +1280,7 @@ To enable this policy setting in Windows Vista, use the "Restricts the UI langua
 <!-- TurnOffAutocorrectMisspelledWords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffAutocorrectMisspelledWords-Applicability-End -->
 
 <!-- TurnOffAutocorrectMisspelledWords-OmaUri-Begin -->
@@ -1343,7 +1343,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- TurnOffHighlightMisspelledWords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffHighlightMisspelledWords-Applicability-End -->
 
 <!-- TurnOffHighlightMisspelledWords-OmaUri-Begin -->
@@ -1406,7 +1406,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- TurnOffInsertSpace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffInsertSpace-Applicability-End -->
 
 <!-- TurnOffInsertSpace-OmaUri-Begin -->
@@ -1469,7 +1469,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- TurnOffOfferTextPredictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffOfferTextPredictions-Applicability-End -->
 
 <!-- TurnOffOfferTextPredictions-OmaUri-Begin -->
@@ -1532,7 +1532,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- Y2K-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Y2K-Applicability-End -->
 
 <!-- Y2K-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index 51baad84e5..e28587728d 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_GroupPolicy Policy CSP
 description: Learn more about the ADMX_GroupPolicy Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowX-ForestPolicy-and-RUP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowX-ForestPolicy-and-RUP-Applicability-End -->
 
 <!-- AllowX-ForestPolicy-and-RUP-OmaUri-Begin -->
@@ -92,7 +92,7 @@ This policy setting affects all user accounts that interactively log on to a com
 <!-- CorpConnSyncWaitTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CorpConnSyncWaitTime-Applicability-End -->
 
 <!-- CorpConnSyncWaitTime-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy setting specifies how long Group Policy should wait for workplace co
 <!-- CSE_AppMgmt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_AppMgmt-Applicability-End -->
 
 <!-- CSE_AppMgmt-OmaUri-Begin -->
@@ -216,7 +216,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_DiskQuota-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_DiskQuota-Applicability-End -->
 
 <!-- CSE_DiskQuota-OmaUri-Begin -->
@@ -284,7 +284,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_EFSRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_EFSRecovery-Applicability-End -->
 
 <!-- CSE_EFSRecovery-OmaUri-Begin -->
@@ -352,7 +352,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_FolderRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_FolderRedirection-Applicability-End -->
 
 <!-- CSE_FolderRedirection-OmaUri-Begin -->
@@ -418,7 +418,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_IEM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_IEM-Applicability-End -->
 
 <!-- CSE_IEM-OmaUri-Begin -->
@@ -486,7 +486,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_IPSecurity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_IPSecurity-Applicability-End -->
 
 <!-- CSE_IPSecurity-OmaUri-Begin -->
@@ -554,7 +554,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Registry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Registry-Applicability-End -->
 
 <!-- CSE_Registry-OmaUri-Begin -->
@@ -618,7 +618,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Scripts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Scripts-Applicability-End -->
 
 <!-- CSE_Scripts-OmaUri-Begin -->
@@ -684,7 +684,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Security-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Security-Applicability-End -->
 
 <!-- CSE_Security-OmaUri-Begin -->
@@ -750,7 +750,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Wired-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Wired-Applicability-End -->
 
 <!-- CSE_Wired-OmaUri-Begin -->
@@ -818,7 +818,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Wireless-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Wireless-Applicability-End -->
 
 <!-- CSE_Wireless-OmaUri-Begin -->
@@ -886,7 +886,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- DenyRsopToInteractiveUser_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyRsopToInteractiveUser_1-Applicability-End -->
 
 <!-- DenyRsopToInteractiveUser_1-OmaUri-Begin -->
@@ -958,7 +958,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu
 <!-- DenyRsopToInteractiveUser_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyRsopToInteractiveUser_2-Applicability-End -->
 
 <!-- DenyRsopToInteractiveUser_2-OmaUri-Begin -->
@@ -1030,7 +1030,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu
 <!-- DisableAOACProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAOACProcessing-Applicability-End -->
 
 <!-- DisableAOACProcessing-OmaUri-Begin -->
@@ -1085,7 +1085,7 @@ This policy setting prevents the Group Policy Client Service from stopping when
 <!-- DisableAutoADMUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoADMUpdate-Applicability-End -->
 
 <!-- DisableAutoADMUpdate-OmaUri-Begin -->
@@ -1149,7 +1149,7 @@ Changing the status of this setting to Disabled will enforce the default behavio
 <!-- DisableBackgroundPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBackgroundPolicy-Applicability-End -->
 
 <!-- DisableBackgroundPolicy-OmaUri-Begin -->
@@ -1211,7 +1211,7 @@ This policy setting prevents Group Policy from being updated while the computer
 <!-- DisableLGPOProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLGPOProcessing-Applicability-End -->
 
 <!-- DisableLGPOProcessing-OmaUri-Begin -->
@@ -1275,7 +1275,7 @@ By default, the policy settings in Local GPOs are applied before any domain-base
 <!-- DisableUsersFromMachGP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableUsersFromMachGP-Applicability-End -->
 
 <!-- DisableUsersFromMachGP-OmaUri-Begin -->
@@ -1342,7 +1342,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t
 <!-- EnableCDP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableCDP-Applicability-End -->
 
 <!-- EnableCDP-OmaUri-Begin -->
@@ -1403,7 +1403,7 @@ This policy setting determines whether the Windows device is allowed to particip
 <!-- EnableLogonOptimization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableLogonOptimization-Applicability-End -->
 
 <!-- EnableLogonOptimization-OmaUri-Begin -->
@@ -1466,7 +1466,7 @@ The timeout value that's defined in this policy setting determines how long Grou
 <!-- EnableLogonOptimizationOnServerSKU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableLogonOptimizationOnServerSKU-Applicability-End -->
 
 <!-- EnableLogonOptimizationOnServerSKU-OmaUri-Begin -->
@@ -1529,7 +1529,7 @@ The timeout value that's defined in this policy setting determines how long Grou
 <!-- EnableMMX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableMMX-Applicability-End -->
 
 <!-- EnableMMX-OmaUri-Begin -->
@@ -1590,7 +1590,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t
 <!-- EnforcePoliciesOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnforcePoliciesOnly-Applicability-End -->
 
 <!-- EnforcePoliciesOnly-OmaUri-Begin -->
@@ -1656,7 +1656,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f
 <!-- FontMitigation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FontMitigation-Applicability-End -->
 
 <!-- FontMitigation-OmaUri-Begin -->
@@ -1710,7 +1710,7 @@ This security feature provides a global setting to prevent programs from loading
 <!-- GPDCOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GPDCOptions-Applicability-End -->
 
 <!-- GPDCOptions-OmaUri-Begin -->
@@ -1777,7 +1777,7 @@ This policy setting determines which domain controller the Group Policy Object E
 <!-- GPTransferRate_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GPTransferRate_1-Applicability-End -->
 
 <!-- GPTransferRate_1-OmaUri-Begin -->
@@ -1846,7 +1846,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
 <!-- GPTransferRate_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GPTransferRate_2-Applicability-End -->
 
 <!-- GPTransferRate_2-OmaUri-Begin -->
@@ -1915,7 +1915,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
 <!-- GroupPolicyRefreshRate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GroupPolicyRefreshRate-Applicability-End -->
 
 <!-- GroupPolicyRefreshRate-OmaUri-Begin -->
@@ -1986,7 +1986,7 @@ This setting is only used when the "Turn off background refresh of Group Policy"
 <!-- GroupPolicyRefreshRateDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GroupPolicyRefreshRateDC-Applicability-End -->
 
 <!-- GroupPolicyRefreshRateDC-OmaUri-Begin -->
@@ -2051,7 +2051,7 @@ This setting also lets you specify how much the actual update interval varies. T
 <!-- GroupPolicyRefreshRateUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GroupPolicyRefreshRateUser-Applicability-End -->
 
 <!-- GroupPolicyRefreshRateUser-OmaUri-Begin -->
@@ -2124,7 +2124,7 @@ This setting also lets you specify how much the actual update interval varies. T
 <!-- LogonScriptDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LogonScriptDelay-Applicability-End -->
 
 <!-- LogonScriptDelay-OmaUri-Begin -->
@@ -2189,7 +2189,7 @@ By default, the Group Policy client waits five minutes before running logon scri
 <!-- NewGPODisplayName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NewGPODisplayName-Applicability-End -->
 
 <!-- NewGPODisplayName-OmaUri-Begin -->
@@ -2249,7 +2249,7 @@ If this setting is Disabled or Not Configured, the default display name of New G
 <!-- NewGPOLinksDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NewGPOLinksDisabled-Applicability-End -->
 
 <!-- NewGPOLinksDisabled-OmaUri-Begin -->
@@ -2308,7 +2308,7 @@ This policy setting allows you to create new Group Policy object links in the di
 <!-- OnlyUseLocalAdminFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- OnlyUseLocalAdminFiles-Applicability-End -->
 
 <!-- OnlyUseLocalAdminFiles-OmaUri-Begin -->
@@ -2384,7 +2384,7 @@ This leads to the following behavior:
 <!-- ProcessMitigationOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProcessMitigationOptions-Applicability-End -->
 
 <!-- ProcessMitigationOptions-OmaUri-Begin -->
@@ -2464,7 +2464,7 @@ Setting flags not specified here to any value other than ? results in undefined
 <!-- ResetDfsClientInfoDuringRefreshPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ResetDfsClientInfoDuringRefreshPolicy-Applicability-End -->
 
 <!-- ResetDfsClientInfoDuringRefreshPolicy-OmaUri-Begin -->
@@ -2519,7 +2519,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same
 <!-- RSoPLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RSoPLogging-Applicability-End -->
 
 <!-- RSoPLogging-OmaUri-Begin -->
@@ -2583,7 +2583,7 @@ RSoP logs information on Group Policy settings that have been applied to the cli
 <!-- SlowLinkDefaultForDirectAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SlowLinkDefaultForDirectAccess-Applicability-End -->
 
 <!-- SlowLinkDefaultForDirectAccess-OmaUri-Begin -->
@@ -2647,7 +2647,7 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the
 <!-- SlowlinkDefaultToAsync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SlowlinkDefaultToAsync-Applicability-End -->
 
 <!-- SlowlinkDefaultToAsync-OmaUri-Begin -->
@@ -2716,7 +2716,7 @@ Note There are two conditions that will cause Group Policy to be processed synch
 <!-- SyncWaitTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncWaitTime-Applicability-End -->
 
 <!-- SyncWaitTime-OmaUri-Begin -->
@@ -2774,7 +2774,7 @@ This policy setting specifies how long Group Policy should wait for network avai
 <!-- UserPolicyMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UserPolicyMode-Applicability-End -->
 
 <!-- UserPolicyMode-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index b51b3ad8ab..fdb73b28f4 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Help Policy CSP
 description: Learn more about the ADMX_Help Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 04/10/2024
 <!-- DisableHHDEP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableHHDEP-Applicability-End -->
 
 <!-- DisableHHDEP-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a
 <!-- HelpQualifiedRootDir_Comp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HelpQualifiedRootDir_Comp-Applicability-End -->
 
 <!-- HelpQualifiedRootDir_Comp-OmaUri-Begin -->
@@ -154,7 +154,7 @@ For additional options, see the "Restrict these programs from being launched fro
 <!-- RestrictRunFromHelp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictRunFromHelp-Applicability-End -->
 
 <!-- RestrictRunFromHelp-OmaUri-Begin -->
@@ -218,7 +218,7 @@ This policy setting allows you to restrict programs from being run from online H
 <!-- RestrictRunFromHelp_Comp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictRunFromHelp_Comp-Applicability-End -->
 
 <!-- RestrictRunFromHelp_Comp-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index 3d1cc2cff2..6f4a746867 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_HelpAndSupport Policy CSP
 description: Learn more about the ADMX_HelpAndSupport Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ActiveHelp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ActiveHelp-Applicability-End -->
 
 <!-- ActiveHelp-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting specifies whether active content links in trusted assistance
 <!-- HPExplicitFeedback-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HPExplicitFeedback-Applicability-End -->
 
 <!-- HPExplicitFeedback-OmaUri-Begin -->
@@ -141,7 +141,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
 <!-- HPImplicitFeedback-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HPImplicitFeedback-Applicability-End -->
 
 <!-- HPImplicitFeedback-OmaUri-Begin -->
@@ -200,7 +200,7 @@ This policy setting specifies whether users can participate in the Help Experien
 <!-- HPOnlineAssistance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HPOnlineAssistance-Applicability-End -->
 
 <!-- HPOnlineAssistance-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 731f6ed051..25af4fd561 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_hotspotauth Policy CSP
 description: Learn more about the ADMX_hotspotauth Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- HotspotAuth_Enable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HotspotAuth_Enable-Applicability-End -->
 
 <!-- HotspotAuth_Enable-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index 643e4044d3..c1437d3c2c 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ICM Policy CSP
 description: Learn more about the ADMX_ICM Area in Policy CSP.
-ms.date: 02/28/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 02/28/2024
 <!-- CEIPEnable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CEIPEnable-Applicability-End -->
 
 <!-- CEIPEnable-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting turns off the Windows Customer Experience Improvement Progra
 <!-- CertMgr_DisableAutoRootUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertMgr_DisableAutoRootUpdates-Applicability-End -->
 
 <!-- CertMgr_DisableAutoRootUpdates-OmaUri-Begin -->
@@ -143,7 +143,7 @@ Typically, a certificate is used when you use a secure website or when you send
 <!-- DisableHTTPPrinting_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableHTTPPrinting_1-Applicability-End -->
 
 <!-- DisableHTTPPrinting_1-OmaUri-Begin -->
@@ -209,7 +209,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi
 <!-- DisableWebPnPDownload_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWebPnPDownload_1-Applicability-End -->
 
 <!-- DisableWebPnPDownload_1-OmaUri-Begin -->
@@ -273,7 +273,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
 <!-- DriverSearchPlaces_DontSearchWindowsUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverSearchPlaces_DontSearchWindowsUpdate-Applicability-End -->
 
 <!-- DriverSearchPlaces_DontSearchWindowsUpdate-OmaUri-Begin -->
@@ -339,7 +339,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ
 <!-- EventViewer_DisableLinks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_DisableLinks-Applicability-End -->
 
 <!-- EventViewer_DisableLinks-OmaUri-Begin -->
@@ -400,7 +400,7 @@ The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate t
 <!-- HSS_HeadlinesPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HSS_HeadlinesPolicy-Applicability-End -->
 
 <!-- HSS_HeadlinesPolicy-OmaUri-Begin -->
@@ -463,7 +463,7 @@ You might want to enable this policy setting for users who don't have Internet a
 <!-- HSS_KBSearchPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HSS_KBSearchPolicy-Applicability-End -->
 
 <!-- HSS_KBSearchPolicy-OmaUri-Begin -->
@@ -524,7 +524,7 @@ The Knowledge Base is an online source of technical support information and self
 <!-- InternetManagement_RestrictCommunication_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetManagement_RestrictCommunication_1-Applicability-End -->
 
 <!-- InternetManagement_RestrictCommunication_1-OmaUri-Begin -->
@@ -585,7 +585,7 @@ This policy setting specifies whether Windows can access the Internet to accompl
 <!-- InternetManagement_RestrictCommunication_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetManagement_RestrictCommunication_2-Applicability-End -->
 
 <!-- InternetManagement_RestrictCommunication_2-OmaUri-Begin -->
@@ -646,7 +646,7 @@ This policy setting specifies whether Windows can access the Internet to accompl
 <!-- NC_ExitOnISP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ExitOnISP-Applicability-End -->
 
 <!-- NC_ExitOnISP-OmaUri-Begin -->
@@ -705,7 +705,7 @@ This policy setting specifies whether the Internet Connection Wizard can connect
 <!-- NC_NoRegistration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_NoRegistration-Applicability-End -->
 
 <!-- NC_NoRegistration-OmaUri-Begin -->
@@ -766,7 +766,7 @@ Note that registration is optional and involves submitting some personal informa
 <!-- PCH_DoNotReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_DoNotReport-Applicability-End -->
 
 <!-- PCH_DoNotReport-OmaUri-Begin -->
@@ -830,7 +830,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa
 <!-- RemoveWindowsUpdate_ICM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveWindowsUpdate_ICM-Applicability-End -->
 
 <!-- RemoveWindowsUpdate_ICM-OmaUri-Begin -->
@@ -892,7 +892,7 @@ This policy setting allows you to remove access to Windows Update.
 <!-- SearchCompanion_DisableFileUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SearchCompanion_DisableFileUpdates-Applicability-End -->
 
 <!-- SearchCompanion_DisableFileUpdates-OmaUri-Begin -->
@@ -956,7 +956,7 @@ When users search the local computer or the Internet, Search Companion occasiona
 <!-- ShellNoUseInternetOpenWith_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseInternetOpenWith_1-Applicability-End -->
 
 <!-- ShellNoUseInternetOpenWith_1-OmaUri-Begin -->
@@ -1017,7 +1017,7 @@ When a user opens a file that has an extension that isn't associated with any ap
 <!-- ShellNoUseInternetOpenWith_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseInternetOpenWith_2-Applicability-End -->
 
 <!-- ShellNoUseInternetOpenWith_2-OmaUri-Begin -->
@@ -1078,7 +1078,7 @@ When a user opens a file that has an extension that isn't associated with any ap
 <!-- ShellNoUseStoreOpenWith_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseStoreOpenWith_1-Applicability-End -->
 
 <!-- ShellNoUseStoreOpenWith_1-OmaUri-Begin -->
@@ -1139,7 +1139,7 @@ When a user opens a file type or protocol that isn't associated with any applica
 <!-- ShellNoUseStoreOpenWith_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseStoreOpenWith_2-Applicability-End -->
 
 <!-- ShellNoUseStoreOpenWith_2-OmaUri-Begin -->
@@ -1200,7 +1200,7 @@ When a user opens a file type or protocol that isn't associated with any applica
 <!-- ShellPreventWPWDownload_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellPreventWPWDownload_1-Applicability-End -->
 
 <!-- ShellPreventWPWDownload_1-OmaUri-Begin -->
@@ -1263,7 +1263,7 @@ See the documentation for the web publishing and online ordering wizards for mor
 <!-- ShellRemoveOrderPrints_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemoveOrderPrints_1-Applicability-End -->
 
 <!-- ShellRemoveOrderPrints_1-OmaUri-Begin -->
@@ -1324,7 +1324,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow
 <!-- ShellRemoveOrderPrints_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemoveOrderPrints_2-Applicability-End -->
 
 <!-- ShellRemoveOrderPrints_2-OmaUri-Begin -->
@@ -1385,7 +1385,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow
 <!-- ShellRemovePublishToWeb_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemovePublishToWeb_1-Applicability-End -->
 
 <!-- ShellRemovePublishToWeb_1-OmaUri-Begin -->
@@ -1446,7 +1446,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user
 <!-- ShellRemovePublishToWeb_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemovePublishToWeb_2-Applicability-End -->
 
 <!-- ShellRemovePublishToWeb_2-OmaUri-Begin -->
@@ -1507,7 +1507,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user
 <!-- WinMSG_NoInstrumentation_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WinMSG_NoInstrumentation_1-Applicability-End -->
 
 <!-- WinMSG_NoInstrumentation_1-OmaUri-Begin -->
@@ -1570,7 +1570,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c
 <!-- WinMSG_NoInstrumentation_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WinMSG_NoInstrumentation_2-Applicability-End -->
 
 <!-- WinMSG_NoInstrumentation_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index d447964117..56fbe8386c 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_IIS Policy CSP
 description: Learn more about the ADMX_IIS Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PreventIISInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventIISInstall-Applicability-End -->
 
 <!-- PreventIISInstall-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index 2e5c716a1d..8f386092d9 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_iSCSI Policy CSP
 description: Learn more about the ADMX_iSCSI Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- iSCSIDiscovery_ConfigureiSNSServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_ConfigureiSNSServers-Applicability-End -->
 
 <!-- iSCSIDiscovery_ConfigureiSNSServers-OmaUri-Begin -->
@@ -76,7 +76,7 @@ If enabled then new iSNS servers may not be added and thus new targets discovere
 <!-- iSCSIDiscovery_ConfigureTargetPortals-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_ConfigureTargetPortals-Applicability-End -->
 
 <!-- iSCSIDiscovery_ConfigureTargetPortals-OmaUri-Begin -->
@@ -131,7 +131,7 @@ If enabled then new target portals may not be added and thus new targets discove
 <!-- iSCSIDiscovery_ConfigureTargets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_ConfigureTargets-Applicability-End -->
 
 <!-- iSCSIDiscovery_ConfigureTargets-OmaUri-Begin -->
@@ -186,7 +186,7 @@ If enabled then discovered targets may not be manually configured. If disabled t
 <!-- iSCSIDiscovery_NewStaticTargets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_NewStaticTargets-Applicability-End -->
 
 <!-- iSCSIDiscovery_NewStaticTargets-OmaUri-Begin -->
@@ -241,7 +241,7 @@ If enabled then new targets may not be manually configured by entering the targe
 <!-- iSCSIGeneral_ChangeIQNName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIGeneral_ChangeIQNName-Applicability-End -->
 
 <!-- iSCSIGeneral_ChangeIQNName-OmaUri-Begin -->
@@ -296,7 +296,7 @@ If enabled then don't allow the initiator iqn name to be changed. If disabled th
 <!-- iSCSIGeneral_RestrictAdditionalLogins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIGeneral_RestrictAdditionalLogins-Applicability-End -->
 
 <!-- iSCSIGeneral_RestrictAdditionalLogins-OmaUri-Begin -->
@@ -351,7 +351,7 @@ If enabled then only those sessions that are established via a persistent login
 <!-- iSCSISecurity_ChangeCHAPSecret-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_ChangeCHAPSecret-Applicability-End -->
 
 <!-- iSCSISecurity_ChangeCHAPSecret-OmaUri-Begin -->
@@ -406,7 +406,7 @@ If enabled then don't allow the initiator CHAP secret to be changed. If disabled
 <!-- iSCSISecurity_RequireIPSec-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_RequireIPSec-Applicability-End -->
 
 <!-- iSCSISecurity_RequireIPSec-OmaUri-Begin -->
@@ -461,7 +461,7 @@ If enabled then only those connections that are configured for IPSec may be esta
 <!-- iSCSISecurity_RequireMutualCHAP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_RequireMutualCHAP-Applicability-End -->
 
 <!-- iSCSISecurity_RequireMutualCHAP-OmaUri-Begin -->
@@ -516,7 +516,7 @@ If enabled then only those sessions that are configured for mutual CHAP may be e
 <!-- iSCSISecurity_RequireOneWayCHAP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_RequireOneWayCHAP-Applicability-End -->
 
 <!-- iSCSISecurity_RequireOneWayCHAP-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index f972a10971..17a430e267 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_kdc Policy CSP
 description: Learn more about the ADMX_kdc Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CbacAndArmor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CbacAndArmor-Applicability-End -->
 
 <!-- CbacAndArmor-OmaUri-Begin -->
@@ -110,7 +110,7 @@ Impact on domain controller performance when this policy setting is enabled:
 <!-- emitlili-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- emitlili-Applicability-End -->
 
 <!-- emitlili-OmaUri-Begin -->
@@ -174,7 +174,7 @@ For Windows Logon to leverage this feature, the "Display information about previ
 <!-- ForestSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForestSearch-Applicability-End -->
 
 <!-- ForestSearch-OmaUri-Begin -->
@@ -235,7 +235,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
 <!-- PKINITFreshness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PKINITFreshness-Applicability-End -->
 
 <!-- PKINITFreshness-OmaUri-Begin -->
@@ -299,7 +299,7 @@ Required: PKInit Freshness Extension is required for successful authentication.
 <!-- RequestCompoundId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RequestCompoundId-Applicability-End -->
 
 <!-- RequestCompoundId-OmaUri-Begin -->
@@ -361,7 +361,7 @@ This policy setting allows you to configure a domain controller to request compo
 <!-- TicketSizeThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TicketSizeThreshold-Applicability-End -->
 
 <!-- TicketSizeThreshold-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 085ac4f942..44ad26e627 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Kerberos Policy CSP
 description: Learn more about the ADMX_Kerberos Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AlwaysSendCompoundId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AlwaysSendCompoundId-Applicability-End -->
 
 <!-- AlwaysSendCompoundId-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting controls whether a device always sends a compound authentica
 <!-- DevicePKInitEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DevicePKInitEnabled-Applicability-End -->
 
 <!-- DevicePKInitEnabled-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Force: Device will always authenticate using its certificate. If a DC can't be f
 <!-- HostToRealm-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HostToRealm-Applicability-End -->
 
 <!-- HostToRealm-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf
 <!-- KdcProxyDisableServerRevocationCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- KdcProxyDisableServerRevocationCheck-Applicability-End -->
 
 <!-- KdcProxyDisableServerRevocationCheck-OmaUri-Begin -->
@@ -273,7 +273,7 @@ This policy setting allows you to disable revocation check for the SSL certifica
 <!-- KdcProxyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- KdcProxyServer-Applicability-End -->
 
 <!-- KdcProxyServer-OmaUri-Begin -->
@@ -332,7 +332,7 @@ This policy setting configures the Kerberos client's mapping to KDC proxy server
 <!-- MitRealms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MitRealms-Applicability-End -->
 
 <!-- MitRealms-OmaUri-Begin -->
@@ -393,7 +393,7 @@ This policy setting configures the Kerberos client so that it can authenticate w
 <!-- ServerAcceptsCompound-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ServerAcceptsCompound-Applicability-End -->
 
 <!-- ServerAcceptsCompound-OmaUri-Begin -->
@@ -462,7 +462,7 @@ Always: Compound authentication is always provided for this computer account.
 <!-- StrictTarget-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StrictTarget-Applicability-End -->
 
 <!-- StrictTarget-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index 97c9ecc2d4..15984c691c 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_LanmanServer Policy CSP
 description: Learn more about the ADMX_LanmanServer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Pol_CipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CipherSuiteOrder-Applicability-End -->
 
 <!-- Pol_CipherSuiteOrder-OmaUri-Begin -->
@@ -100,7 +100,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 <!-- Pol_HashPublication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_HashPublication-Applicability-End -->
 
 <!-- Pol_HashPublication-OmaUri-Begin -->
@@ -172,7 +172,7 @@ In circumstances where this policy setting is enabled, you can also select the f
 <!-- Pol_HashSupportVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_HashSupportVersion-Applicability-End -->
 
 <!-- Pol_HashSupportVersion-OmaUri-Begin -->
@@ -248,7 +248,7 @@ Hash version supported:
 <!-- Pol_HonorCipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_HonorCipherSuiteOrder-Applicability-End -->
 
 <!-- Pol_HonorCipherSuiteOrder-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index b507c61a1e..b2fcbf19da 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_LanmanWorkstation Policy CSP
 description: Learn more about the ADMX_LanmanWorkstation Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Pol_CipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CipherSuiteOrder-Applicability-End -->
 
 <!-- Pol_CipherSuiteOrder-OmaUri-Begin -->
@@ -101,7 +101,7 @@ AES_256 is not supported on Windows 10 version 20H2 and lower. If you enter only
 <!-- Pol_EnableHandleCachingForCAFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EnableHandleCachingForCAFiles-Applicability-End -->
 
 <!-- Pol_EnableHandleCachingForCAFiles-OmaUri-Begin -->
@@ -163,7 +163,7 @@ This policy setting determines the behavior of SMB handle caching for clients co
 <!-- Pol_EnableOfflineFilesforCAShares-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EnableOfflineFilesforCAShares-Applicability-End -->
 
 <!-- Pol_EnableOfflineFilesforCAShares-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 067d3135e1..794a21e5a0 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_LeakDiagnostic Policy CSP
 description: Learn more about the ADMX_LeakDiagnostic Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 469330d891..636061e02e 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_LinkLayerTopologyDiscovery Policy CSP
 description: Learn more about the ADMX_LinkLayerTopologyDiscovery Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- LLTD_EnableLLTDIO-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LLTD_EnableLLTDIO-Applicability-End -->
 
 <!-- LLTD_EnableLLTDIO-OmaUri-Begin -->
@@ -82,7 +82,7 @@ LLTDIO allows a computer to discover the topology of a network it's connected to
 <!-- LLTD_EnableRspndr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LLTD_EnableRspndr-Applicability-End -->
 
 <!-- LLTD_EnableRspndr-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 970d6b6704..872eaf9994 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_LocationProviderAdm Policy CSP
 description: Learn more about the ADMX_LocationProviderAdm Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -23,7 +23,7 @@ ms.date: 01/18/2024
 <!-- DisableWindowsLocationProvider_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWindowsLocationProvider_1-Applicability-End -->
 
 <!-- DisableWindowsLocationProvider_1-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index dba5786104..dc5b8605ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Logon Policy CSP
 description: Learn more about the ADMX_Logon Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- BlockUserFromShowingAccountDetailsOnSignin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockUserFromShowingAccountDetailsOnSignin-Applicability-End -->
 
 <!-- BlockUserFromShowingAccountDetailsOnSignin-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy prevents the user from showing account details (email address or use
 <!-- DisableAcrylicBackgroundOnLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAcrylicBackgroundOnLogon-Applicability-End -->
 
 <!-- DisableAcrylicBackgroundOnLogon-OmaUri-Begin -->
@@ -134,7 +134,7 @@ This policy prevents the user from showing account details (email address or use
 <!-- DisableExplorerRunLegacy_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunLegacy_1-Applicability-End -->
 
 <!-- DisableExplorerRunLegacy_1-OmaUri-Begin -->
@@ -202,7 +202,7 @@ Also, see the "Do not process the run once list" policy setting.
 <!-- DisableExplorerRunLegacy_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunLegacy_2-Applicability-End -->
 
 <!-- DisableExplorerRunLegacy_2-OmaUri-Begin -->
@@ -270,7 +270,7 @@ Also, see the "Do not process the run once list" policy setting.
 <!-- DisableExplorerRunOnceLegacy_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunOnceLegacy_1-Applicability-End -->
 
 <!-- DisableExplorerRunOnceLegacy_1-OmaUri-Begin -->
@@ -338,7 +338,7 @@ Also, see the "Do not process the legacy run list" policy setting.
 <!-- DisableExplorerRunOnceLegacy_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunOnceLegacy_2-Applicability-End -->
 
 <!-- DisableExplorerRunOnceLegacy_2-OmaUri-Begin -->
@@ -406,7 +406,7 @@ Also, see the "Do not process the legacy run list" policy setting.
 <!-- DisableStatusMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableStatusMessages-Applicability-End -->
 
 <!-- DisableStatusMessages-OmaUri-Begin -->
@@ -465,7 +465,7 @@ This policy setting suppresses system status messages.
 <!-- DontEnumerateConnectedUsers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DontEnumerateConnectedUsers-Applicability-End -->
 
 <!-- DontEnumerateConnectedUsers-OmaUri-Begin -->
@@ -524,7 +524,7 @@ This policy setting prevents connected users from being enumerated on domain-joi
 <!-- NoWelcomeTips_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWelcomeTips_1-Applicability-End -->
 
 <!-- NoWelcomeTips_1-OmaUri-Begin -->
@@ -593,7 +593,7 @@ This setting applies only to Windows 2000 Professional. It doesn't affect the "C
 <!-- NoWelcomeTips_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWelcomeTips_2-Applicability-End -->
 
 <!-- NoWelcomeTips_2-OmaUri-Begin -->
@@ -662,7 +662,7 @@ This setting applies only to Windows 2000 Professional. It doesn't affect the "C
 <!-- Run_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_1-Applicability-End -->
 
 <!-- Run_1-OmaUri-Begin -->
@@ -727,7 +727,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
 <!-- Run_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_2-Applicability-End -->
 
 <!-- Run_2-OmaUri-Begin -->
@@ -792,7 +792,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
 <!-- SyncForegroundPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncForegroundPolicy-Applicability-End -->
 
 <!-- SyncForegroundPolicy-OmaUri-Begin -->
@@ -870,7 +870,7 @@ Note
 <!-- UseOEMBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UseOEMBackground-Applicability-End -->
 
 <!-- UseOEMBackground-OmaUri-Begin -->
@@ -931,7 +931,7 @@ This policy setting may be used to make Windows give preference to a custom logo
 <!-- VerboseStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- VerboseStatus-Applicability-End -->
 
 <!-- VerboseStatus-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index d56fe04616..124f07bbb0 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MicrosoftDefenderAntivirus Policy CSP
 description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowFastServiceStartup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowFastServiceStartup-Applicability-End -->
 
 <!-- AllowFastServiceStartup-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting controls the load priority for the antimalware service. Incr
 <!-- DisableAntiSpywareDefender-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAntiSpywareDefender-Applicability-End -->
 
 <!-- DisableAntiSpywareDefender-OmaUri-Begin -->
@@ -145,7 +145,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 <!-- DisableAutoExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoExclusions-Applicability-End -->
 
 <!-- DisableAutoExclusions-OmaUri-Begin -->
@@ -212,7 +212,7 @@ Same as Disabled.
 <!-- DisableBlockAtFirstSeen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBlockAtFirstSeen-Applicability-End -->
 
 <!-- DisableBlockAtFirstSeen-OmaUri-Begin -->
@@ -283,7 +283,7 @@ Real-time Protection -> Don't enable the "Turn off real-time protection" policy
 <!-- DisableLocalAdminMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalAdminMerge-Applicability-End -->
 
 <!-- DisableLocalAdminMerge-OmaUri-Begin -->
@@ -342,7 +342,7 @@ This policy setting controls whether or not complex list settings configured by
 <!-- DisableRealtimeMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRealtimeMonitoring-Applicability-End -->
 
 <!-- DisableRealtimeMonitoring-OmaUri-Begin -->
@@ -405,7 +405,7 @@ Real-time protection consists of always-on scanning with file and process behavi
 <!-- DisableRoutinelyTakingAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRoutinelyTakingAction-Applicability-End -->
 
 <!-- DisableRoutinelyTakingAction-OmaUri-Begin -->
@@ -466,7 +466,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 <!-- Exclusions_Extensions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Exclusions_Extensions-Applicability-End -->
 
 <!-- Exclusions_Extensions-OmaUri-Begin -->
@@ -523,7 +523,7 @@ This policy setting allows you specify a list of file types that should be exclu
 <!-- Exclusions_Paths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Exclusions_Paths-Applicability-End -->
 
 <!-- Exclusions_Paths-OmaUri-Begin -->
@@ -580,7 +580,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 <!-- Exclusions_Processes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Exclusions_Processes-Applicability-End -->
 
 <!-- Exclusions_Processes-OmaUri-Begin -->
@@ -637,7 +637,7 @@ This policy setting allows you to disable real-time scanning for any file opened
 <!-- ExploitGuard_ASR_ASROnlyExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ASR_ASROnlyExclusions-Applicability-End -->
 
 <!-- ExploitGuard_ASR_ASROnlyExclusions-OmaUri-Begin -->
@@ -711,7 +711,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s
 <!-- ExploitGuard_ASR_Rules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ASR_Rules-Applicability-End -->
 
 <!-- ExploitGuard_ASR_Rules-OmaUri-Begin -->
@@ -812,7 +812,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur
 <!-- ExploitGuard_ControlledFolderAccess_AllowedApplications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ControlledFolderAccess_AllowedApplications-Applicability-End -->
 
 <!-- ExploitGuard_ControlledFolderAccess_AllowedApplications-OmaUri-Begin -->
@@ -887,7 +887,7 @@ Default system folders are automatically guarded, but you can add folders in the
 <!-- ExploitGuard_ControlledFolderAccess_ProtectedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ControlledFolderAccess_ProtectedFolders-Applicability-End -->
 
 <!-- ExploitGuard_ControlledFolderAccess_ProtectedFolders-OmaUri-Begin -->
@@ -964,7 +964,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
 <!-- MpEngine_EnableFileHashComputation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MpEngine_EnableFileHashComputation-Applicability-End -->
 
 <!-- MpEngine_EnableFileHashComputation-OmaUri-Begin -->
@@ -1031,7 +1031,7 @@ Same as Disabled.
 <!-- Nis_Consumers_IPS_DisableSignatureRetirement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Nis_Consumers_IPS_DisableSignatureRetirement-Applicability-End -->
 
 <!-- Nis_Consumers_IPS_DisableSignatureRetirement-OmaUri-Begin -->
@@ -1090,7 +1090,7 @@ This policy setting allows you to configure definition retirement for network pr
 <!-- Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid-Applicability-End -->
 
 <!-- Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid-OmaUri-Begin -->
@@ -1145,7 +1145,7 @@ This policy setting defines additional definition sets to enable for network tra
 <!-- Nis_DisableProtocolRecognition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Nis_DisableProtocolRecognition-Applicability-End -->
 
 <!-- Nis_DisableProtocolRecognition-OmaUri-Begin -->
@@ -1204,7 +1204,7 @@ This policy setting allows you to configure protocol recognition for network pro
 <!-- ProxyBypass-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProxyBypass-Applicability-End -->
 
 <!-- ProxyBypass-OmaUri-Begin -->
@@ -1262,7 +1262,7 @@ This policy, if defined, will prevent antimalware from using the configured prox
 <!-- ProxyPacUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProxyPacUrl-Applicability-End -->
 
 <!-- ProxyPacUrl-OmaUri-Begin -->
@@ -1328,7 +1328,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe
 <!-- ProxyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProxyServer-Applicability-End -->
 
 <!-- ProxyServer-OmaUri-Begin -->
@@ -1394,7 +1394,7 @@ This policy setting allows you to configure the named proxy that should be used
 <!-- Quarantine_LocalSettingOverridePurgeItemsAfterDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Quarantine_LocalSettingOverridePurgeItemsAfterDelay-Applicability-End -->
 
 <!-- Quarantine_LocalSettingOverridePurgeItemsAfterDelay-OmaUri-Begin -->
@@ -1453,7 +1453,7 @@ This policy setting configures a local override for the configuration of the num
 <!-- Quarantine_PurgeItemsAfterDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Quarantine_PurgeItemsAfterDelay-Applicability-End -->
 
 <!-- Quarantine_PurgeItemsAfterDelay-OmaUri-Begin -->
@@ -1512,7 +1512,7 @@ This policy setting defines the number of days items should be kept in the Quara
 <!-- RandomizeScheduleTaskTimes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RandomizeScheduleTaskTimes-Applicability-End -->
 
 <!-- RandomizeScheduleTaskTimes-OmaUri-Begin -->
@@ -1571,7 +1571,7 @@ This policy setting allows you to configure the scheduled scan, and the schedule
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Applicability-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-OmaUri-Begin -->
@@ -1632,7 +1632,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- RealtimeProtection_DisableIOAVProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableIOAVProtection-Applicability-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-OmaUri-Begin -->
@@ -1693,7 +1693,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- RealtimeProtection_DisableOnAccessProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableOnAccessProtection-Applicability-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-OmaUri-Begin -->
@@ -1754,7 +1754,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- RealtimeProtection_DisableRawWriteNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableRawWriteNotification-Applicability-End -->
 
 <!-- RealtimeProtection_DisableRawWriteNotification-OmaUri-Begin -->
@@ -1813,7 +1813,7 @@ This policy setting controls whether raw volume write notifications are sent to
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Applicability-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-OmaUri-Begin -->
@@ -1874,7 +1874,7 @@ This policy setting allows you to configure process scanning when real-time prot
 <!-- RealtimeProtection_IOAVMaxSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_IOAVMaxSize-Applicability-End -->
 
 <!-- RealtimeProtection_IOAVMaxSize-OmaUri-Begin -->
@@ -1933,7 +1933,7 @@ This policy setting defines the maximum size (in kilobytes) of downloaded files
 <!-- RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring-OmaUri-Begin -->
@@ -1992,7 +1992,7 @@ This policy setting configures a local override for the configuration of behavio
 <!-- RealtimeProtection_LocalSettingOverrideDisableIOAVProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableIOAVProtection-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableIOAVProtection-OmaUri-Begin -->
@@ -2051,7 +2051,7 @@ This policy setting configures a local override for the configuration of scannin
 <!-- RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection-OmaUri-Begin -->
@@ -2110,7 +2110,7 @@ This policy setting configures a local override for the configuration of monitor
 <!-- RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring-OmaUri-Begin -->
@@ -2169,7 +2169,7 @@ This policy setting configures a local override for the configuration to turn on
 <!-- RealtimeProtection_LocalSettingOverrideRealtimeScanDirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideRealtimeScanDirection-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideRealtimeScanDirection-OmaUri-Begin -->
@@ -2228,7 +2228,7 @@ This policy setting configures a local override for the configuration of monitor
 <!-- Remediation_LocalSettingOverrideScan_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Remediation_LocalSettingOverrideScan_ScheduleTime-Applicability-End -->
 
 <!-- Remediation_LocalSettingOverrideScan_ScheduleTime-OmaUri-Begin -->
@@ -2287,7 +2287,7 @@ This policy setting configures a local override for the configuration of the tim
 <!-- Remediation_Scan_ScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Remediation_Scan_ScheduleDay-Applicability-End -->
 
 <!-- Remediation_Scan_ScheduleDay-OmaUri-Begin -->
@@ -2350,7 +2350,7 @@ This setting can be configured with the following ordinal number values:
 <!-- Remediation_Scan_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Remediation_Scan_ScheduleTime-Applicability-End -->
 
 <!-- Remediation_Scan_ScheduleTime-OmaUri-Begin -->
@@ -2409,7 +2409,7 @@ This policy setting allows you to specify the time of day at which to perform a
 <!-- Reporting_AdditionalActionTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_AdditionalActionTimeout-Applicability-End -->
 
 <!-- Reporting_AdditionalActionTimeout-OmaUri-Begin -->
@@ -2464,7 +2464,7 @@ This policy setting configures the time in minutes before a detection in the "ad
 <!-- Reporting_CriticalFailureTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_CriticalFailureTimeout-Applicability-End -->
 
 <!-- Reporting_CriticalFailureTimeout-OmaUri-Begin -->
@@ -2519,7 +2519,7 @@ This policy setting configures the time in minutes before a detection in the "cr
 <!-- Reporting_DisableEnhancedNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_DisableEnhancedNotifications-Applicability-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-OmaUri-Begin -->
@@ -2580,7 +2580,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 <!-- Reporting_DisablegenericrePorts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_DisablegenericrePorts-Applicability-End -->
 
 <!-- Reporting_DisablegenericrePorts-OmaUri-Begin -->
@@ -2639,7 +2639,7 @@ This policy setting allows you to configure whether or not Watson events are sen
 <!-- Reporting_NonCriticalTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_NonCriticalTimeout-Applicability-End -->
 
 <!-- Reporting_NonCriticalTimeout-OmaUri-Begin -->
@@ -2694,7 +2694,7 @@ This policy setting configures the time in minutes before a detection in the "no
 <!-- Reporting_RecentlyCleanedTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_RecentlyCleanedTimeout-Applicability-End -->
 
 <!-- Reporting_RecentlyCleanedTimeout-OmaUri-Begin -->
@@ -2749,7 +2749,7 @@ This policy setting configures the time in minutes before a detection in the "co
 <!-- Reporting_WppTracingComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_WppTracingComponents-Applicability-End -->
 
 <!-- Reporting_WppTracingComponents-OmaUri-Begin -->
@@ -2804,7 +2804,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing
 <!-- Reporting_WppTracingLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_WppTracingLevel-Applicability-End -->
 
 <!-- Reporting_WppTracingLevel-OmaUri-Begin -->
@@ -2866,7 +2866,7 @@ Tracing levels are defined as:
 <!-- Scan_AllowPause-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_AllowPause-Applicability-End -->
 
 <!-- Scan_AllowPause-OmaUri-Begin -->
@@ -2925,7 +2925,7 @@ This policy setting allows you to manage whether or not end users can pause a sc
 <!-- Scan_ArchiveMaxDepth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ArchiveMaxDepth-Applicability-End -->
 
 <!-- Scan_ArchiveMaxDepth-OmaUri-Begin -->
@@ -2984,7 +2984,7 @@ This policy setting allows you to configure the maximum directory depth level in
 <!-- Scan_ArchiveMaxSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ArchiveMaxSize-Applicability-End -->
 
 <!-- Scan_ArchiveMaxSize-OmaUri-Begin -->
@@ -3043,7 +3043,7 @@ This policy setting allows you to configure the maximum size of archive files su
 <!-- Scan_DisableArchiveScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableArchiveScanning-Applicability-End -->
 
 <!-- Scan_DisableArchiveScanning-OmaUri-Begin -->
@@ -3104,7 +3104,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- Scan_DisableEmailScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableEmailScanning-Applicability-End -->
 
 <!-- Scan_DisableEmailScanning-OmaUri-Begin -->
@@ -3163,7 +3163,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin
 <!-- Scan_DisableHeuristics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableHeuristics-Applicability-End -->
 
 <!-- Scan_DisableHeuristics-OmaUri-Begin -->
@@ -3222,7 +3222,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisablePackedExeScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisablePackedExeScanning-Applicability-End -->
 
 <!-- Scan_DisablePackedExeScanning-OmaUri-Begin -->
@@ -3281,7 +3281,7 @@ This policy setting allows you to configure scanning for packed executables. It'
 <!-- Scan_DisableRemovableDriveScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableRemovableDriveScanning-Applicability-End -->
 
 <!-- Scan_DisableRemovableDriveScanning-OmaUri-Begin -->
@@ -3340,7 +3340,7 @@ This policy setting allows you to manage whether or not to scan for malicious so
 <!-- Scan_DisableReparsePointScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableReparsePointScanning-Applicability-End -->
 
 <!-- Scan_DisableReparsePointScanning-OmaUri-Begin -->
@@ -3399,7 +3399,7 @@ This policy setting allows you to configure reparse point scanning. If you allow
 <!-- Scan_DisableRestorePoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableRestorePoint-Applicability-End -->
 
 <!-- Scan_DisableRestorePoint-OmaUri-Begin -->
@@ -3458,7 +3458,7 @@ This policy setting allows you to create a system restore point on the computer
 <!-- Scan_DisableScanningMappedNetworkDrivesForFullScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableScanningMappedNetworkDrivesForFullScan-Applicability-End -->
 
 <!-- Scan_DisableScanningMappedNetworkDrivesForFullScan-OmaUri-Begin -->
@@ -3517,7 +3517,7 @@ This policy setting allows you to configure scanning mapped network drives.
 <!-- Scan_DisableScanningNetworkFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableScanningNetworkFiles-Applicability-End -->
 
 <!-- Scan_DisableScanningNetworkFiles-OmaUri-Begin -->
@@ -3576,7 +3576,7 @@ This policy setting allows you to configure scanning for network files. It's rec
 <!-- Scan_LocalSettingOverrideAvgCPULoadFactor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideAvgCPULoadFactor-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideAvgCPULoadFactor-OmaUri-Begin -->
@@ -3635,7 +3635,7 @@ This policy setting configures a local override for the configuration of maximum
 <!-- Scan_LocalSettingOverrideScanParameters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScanParameters-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScanParameters-OmaUri-Begin -->
@@ -3694,7 +3694,7 @@ This policy setting configures a local override for the configuration of the sca
 <!-- Scan_LocalSettingOverrideScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScheduleDay-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScheduleDay-OmaUri-Begin -->
@@ -3753,7 +3753,7 @@ This policy setting configures a local override for the configuration of schedul
 <!-- Scan_LocalSettingOverrideScheduleQuickScantime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScheduleQuickScantime-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScheduleQuickScantime-OmaUri-Begin -->
@@ -3812,7 +3812,7 @@ This policy setting configures a local override for the configuration of schedul
 <!-- Scan_LocalSettingOverrideScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScheduleTime-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScheduleTime-OmaUri-Begin -->
@@ -3871,7 +3871,7 @@ This policy setting configures a local override for the configuration of schedul
 <!-- Scan_LowCpuPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LowCpuPriority-Applicability-End -->
 
 <!-- Scan_LowCpuPriority-OmaUri-Begin -->
@@ -3930,7 +3930,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul
 <!-- Scan_MissedScheduledScanCountBeforeCatchup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_MissedScheduledScanCountBeforeCatchup-Applicability-End -->
 
 <!-- Scan_MissedScheduledScanCountBeforeCatchup-OmaUri-Begin -->
@@ -3989,7 +3989,7 @@ This policy setting allows you to define the number of consecutive scheduled sca
 <!-- Scan_PurgeItemsAfterDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_PurgeItemsAfterDelay-Applicability-End -->
 
 <!-- Scan_PurgeItemsAfterDelay-OmaUri-Begin -->
@@ -4048,7 +4048,7 @@ This policy setting defines the number of days items should be kept in the scan
 <!-- Scan_QuickScanInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_QuickScanInterval-Applicability-End -->
 
 <!-- Scan_QuickScanInterval-OmaUri-Begin -->
@@ -4107,7 +4107,7 @@ This policy setting allows you to specify an interval at which to perform a quic
 <!-- Scan_ScanOnlyIfIdle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ScanOnlyIfIdle-Applicability-End -->
 
 <!-- Scan_ScanOnlyIfIdle-OmaUri-Begin -->
@@ -4166,7 +4166,7 @@ This policy setting allows you to configure scheduled scans to start only when y
 <!-- Scan_ScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ScheduleDay-Applicability-End -->
 
 <!-- Scan_ScheduleDay-OmaUri-Begin -->
@@ -4229,7 +4229,7 @@ This setting can be configured with the following ordinal number values:
 <!-- Scan_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ScheduleTime-Applicability-End -->
 
 <!-- Scan_ScheduleTime-OmaUri-Begin -->
@@ -4288,7 +4288,7 @@ This policy setting allows you to specify the time of day at which to perform a
 <!-- ServiceKeepAlive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ServiceKeepAlive-Applicability-End -->
 
 <!-- ServiceKeepAlive-OmaUri-Begin -->
@@ -4347,7 +4347,7 @@ This policy setting allows you to configure whether or not the antimalware servi
 <!-- SignatureUpdate_ASSignatureDue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ASSignatureDue-Applicability-End -->
 
 <!-- SignatureUpdate_ASSignatureDue-OmaUri-Begin -->
@@ -4406,7 +4406,7 @@ This policy setting allows you to define the number of days that must pass befor
 <!-- SignatureUpdate_AVSignatureDue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_AVSignatureDue-Applicability-End -->
 
 <!-- SignatureUpdate_AVSignatureDue-OmaUri-Begin -->
@@ -4465,7 +4465,7 @@ This policy setting allows you to define the number of days that must pass befor
 <!-- SignatureUpdate_DefinitionUpdateFileSharesSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DefinitionUpdateFileSharesSources-Applicability-End -->
 
 <!-- SignatureUpdate_DefinitionUpdateFileSharesSources-OmaUri-Begin -->
@@ -4523,7 +4523,7 @@ This policy setting allows you to configure UNC file share sources for downloadi
 <!-- SignatureUpdate_DisableScanOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DisableScanOnUpdate-Applicability-End -->
 
 <!-- SignatureUpdate_DisableScanOnUpdate-OmaUri-Begin -->
@@ -4582,7 +4582,7 @@ This policy setting allows you to configure the automatic scan which starts afte
 <!-- SignatureUpdate_DisableScheduledSignatureUpdateonBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DisableScheduledSignatureUpdateonBattery-Applicability-End -->
 
 <!-- SignatureUpdate_DisableScheduledSignatureUpdateonBattery-OmaUri-Begin -->
@@ -4641,7 +4641,7 @@ This policy setting allows you to configure security intelligence updates when t
 <!-- SignatureUpdate_DisableUpdateOnStartupWithoutEngine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DisableUpdateOnStartupWithoutEngine-Applicability-End -->
 
 <!-- SignatureUpdate_DisableUpdateOnStartupWithoutEngine-OmaUri-Begin -->
@@ -4700,7 +4700,7 @@ This policy setting allows you to configure security intelligence updates on sta
 <!-- SignatureUpdate_FallbackOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_FallbackOrder-Applicability-End -->
 
 <!-- SignatureUpdate_FallbackOrder-OmaUri-Begin -->
@@ -4760,7 +4760,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }`
 <!-- SignatureUpdate_ForceUpdateFromMU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ForceUpdateFromMU-Applicability-End -->
 
 <!-- SignatureUpdate_ForceUpdateFromMU-OmaUri-Begin -->
@@ -4819,7 +4819,7 @@ This policy setting allows you to enable download of security intelligence updat
 <!-- SignatureUpdate_RealtimeSignatureDelivery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_RealtimeSignatureDelivery-Applicability-End -->
 
 <!-- SignatureUpdate_RealtimeSignatureDelivery-OmaUri-Begin -->
@@ -4878,7 +4878,7 @@ This policy setting allows you to enable real-time security intelligence updates
 <!-- SignatureUpdate_ScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ScheduleDay-Applicability-End -->
 
 <!-- SignatureUpdate_ScheduleDay-OmaUri-Begin -->
@@ -4942,7 +4942,7 @@ This setting can be configured with the following ordinal number values:
 <!-- SignatureUpdate_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ScheduleTime-Applicability-End -->
 
 <!-- SignatureUpdate_ScheduleTime-OmaUri-Begin -->
@@ -5001,7 +5001,7 @@ This policy setting allows you to specify the time of day at which to check for
 <!-- SignatureUpdate_SharedSignaturesLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_SharedSignaturesLocation-Applicability-End -->
 
 <!-- SignatureUpdate_SharedSignaturesLocation-OmaUri-Begin -->
@@ -5057,7 +5057,7 @@ If you disable or don't configure this setting, security intelligence will be re
 <!-- SignatureUpdate_SignatureDisableNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_SignatureDisableNotification-Applicability-End -->
 
 <!-- SignatureUpdate_SignatureDisableNotification-OmaUri-Begin -->
@@ -5116,7 +5116,7 @@ This policy setting allows you to configure the antimalware service to receive n
 <!-- SignatureUpdate_SignatureUpdateCatchupInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_SignatureUpdateCatchupInterval-Applicability-End -->
 
 <!-- SignatureUpdate_SignatureUpdateCatchupInterval-OmaUri-Begin -->
@@ -5175,7 +5175,7 @@ This policy setting allows you to define the number of days after which a catch-
 <!-- SignatureUpdate_UpdateOnStartup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_UpdateOnStartup-Applicability-End -->
 
 <!-- SignatureUpdate_UpdateOnStartup-OmaUri-Begin -->
@@ -5234,7 +5234,7 @@ This policy setting allows you to manage whether a check for new virus and spywa
 <!-- Spynet_LocalSettingOverrideSpynetReporting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Spynet_LocalSettingOverrideSpynetReporting-Applicability-End -->
 
 <!-- Spynet_LocalSettingOverrideSpynetReporting-OmaUri-Begin -->
@@ -5293,7 +5293,7 @@ This policy setting configures a local override for the configuration to join Mi
 <!-- SpynetReporting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SpynetReporting-Applicability-End -->
 
 <!-- SpynetReporting-OmaUri-Begin -->
@@ -5365,7 +5365,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 <!-- Threats_ThreatIdDefaultAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Threats_ThreatIdDefaultAction-Applicability-End -->
 
 <!-- Threats_ThreatIdDefaultAction-OmaUri-Begin -->
@@ -5426,7 +5426,7 @@ Valid remediation action values are:
 <!-- UX_Configuration_CustomDefaultActionToastString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_CustomDefaultActionToastString-Applicability-End -->
 
 <!-- UX_Configuration_CustomDefaultActionToastString-OmaUri-Begin -->
@@ -5484,7 +5484,7 @@ This policy setting allows you to configure whether or not to display additional
 <!-- UX_Configuration_Notification_Suppress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_Notification_Suppress-Applicability-End -->
 
 <!-- UX_Configuration_Notification_Suppress-OmaUri-Begin -->
@@ -5545,7 +5545,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 <!-- UX_Configuration_SuppressRebootNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_SuppressRebootNotification-Applicability-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-OmaUri-Begin -->
@@ -5604,7 +5604,7 @@ If you enable this setting AM UI won't show reboot notifications.
 <!-- UX_Configuration_UILockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_UILockdown-Applicability-End -->
 
 <!-- UX_Configuration_UILockdown-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index d127a3b726..2b2fc19e76 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MMC Policy CSP
 description: Learn more about the ADMX_MMC Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- MMC_ActiveXControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveXControl-Applicability-End -->
 
 <!-- MMC_ActiveXControl-OmaUri-Begin -->
@@ -90,7 +90,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ExtendView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ExtendView-Applicability-End -->
 
 <!-- MMC_ExtendView-OmaUri-Begin -->
@@ -159,7 +159,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_LinkToWeb-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_LinkToWeb-Applicability-End -->
 
 <!-- MMC_LinkToWeb-OmaUri-Begin -->
@@ -228,7 +228,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Restrict_Author-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Restrict_Author-Applicability-End -->
 
 <!-- MMC_Restrict_Author-OmaUri-Begin -->
@@ -291,7 +291,7 @@ If you disable this setting or don't configure it, users can enter author mode a
 <!-- MMC_Restrict_To_Permitted_Snapins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Restrict_To_Permitted_Snapins-Applicability-End -->
 
 <!-- MMC_Restrict_To_Permitted_Snapins-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index d854617402..91840fc2df 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MMCSnapins Policy CSP
 description: Learn more about the ADMX_MMCSnapins Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- MMC_ActiveDirDomTrusts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveDirDomTrusts-Applicability-End -->
 
 <!-- MMC_ActiveDirDomTrusts-OmaUri-Begin -->
@@ -92,7 +92,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ActiveDirSitesServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveDirSitesServices-Applicability-End -->
 
 <!-- MMC_ActiveDirSitesServices-OmaUri-Begin -->
@@ -163,7 +163,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ActiveDirUsersComp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveDirUsersComp-Applicability-End -->
 
 <!-- MMC_ActiveDirUsersComp-OmaUri-Begin -->
@@ -234,7 +234,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMComputers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMComputers_1-Applicability-End -->
 
 <!-- MMC_ADMComputers_1-OmaUri-Begin -->
@@ -305,7 +305,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMComputers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMComputers_2-Applicability-End -->
 
 <!-- MMC_ADMComputers_2-OmaUri-Begin -->
@@ -376,7 +376,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMUsers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMUsers_1-Applicability-End -->
 
 <!-- MMC_ADMUsers_1-OmaUri-Begin -->
@@ -447,7 +447,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMUsers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMUsers_2-Applicability-End -->
 
 <!-- MMC_ADMUsers_2-OmaUri-Begin -->
@@ -518,7 +518,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADSI-Applicability-End -->
 
 <!-- MMC_ADSI-OmaUri-Begin -->
@@ -589,7 +589,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_AppleTalkRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_AppleTalkRouting-Applicability-End -->
 
 <!-- MMC_AppleTalkRouting-OmaUri-Begin -->
@@ -660,7 +660,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_AuthMan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_AuthMan-Applicability-End -->
 
 <!-- MMC_AuthMan-OmaUri-Begin -->
@@ -731,7 +731,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_CertAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_CertAuth-Applicability-End -->
 
 <!-- MMC_CertAuth-OmaUri-Begin -->
@@ -802,7 +802,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_CertAuthPolSet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_CertAuthPolSet-Applicability-End -->
 
 <!-- MMC_CertAuthPolSet-OmaUri-Begin -->
@@ -873,7 +873,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Certs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Certs-Applicability-End -->
 
 <!-- MMC_Certs-OmaUri-Begin -->
@@ -944,7 +944,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_CertsTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_CertsTemplate-Applicability-End -->
 
 <!-- MMC_CertsTemplate-OmaUri-Begin -->
@@ -1015,7 +1015,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ComponentServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ComponentServices-Applicability-End -->
 
 <!-- MMC_ComponentServices-OmaUri-Begin -->
@@ -1086,7 +1086,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ComputerManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ComputerManagement-Applicability-End -->
 
 <!-- MMC_ComputerManagement-OmaUri-Begin -->
@@ -1157,7 +1157,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ConnectionSharingNAT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ConnectionSharingNAT-Applicability-End -->
 
 <!-- MMC_ConnectionSharingNAT-OmaUri-Begin -->
@@ -1228,7 +1228,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DCOMCFG-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DCOMCFG-Applicability-End -->
 
 <!-- MMC_DCOMCFG-OmaUri-Begin -->
@@ -1299,7 +1299,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DeviceManager_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DeviceManager_1-Applicability-End -->
 
 <!-- MMC_DeviceManager_1-OmaUri-Begin -->
@@ -1370,7 +1370,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DeviceManager_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DeviceManager_2-Applicability-End -->
 
 <!-- MMC_DeviceManager_2-OmaUri-Begin -->
@@ -1441,7 +1441,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DFS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DFS-Applicability-End -->
 
 <!-- MMC_DFS-OmaUri-Begin -->
@@ -1512,7 +1512,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DHCPRelayMgmt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DHCPRelayMgmt-Applicability-End -->
 
 <!-- MMC_DHCPRelayMgmt-OmaUri-Begin -->
@@ -1583,7 +1583,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DiskDefrag-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DiskDefrag-Applicability-End -->
 
 <!-- MMC_DiskDefrag-OmaUri-Begin -->
@@ -1654,7 +1654,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DiskMgmt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DiskMgmt-Applicability-End -->
 
 <!-- MMC_DiskMgmt-OmaUri-Begin -->
@@ -1725,7 +1725,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EnterprisePKI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EnterprisePKI-Applicability-End -->
 
 <!-- MMC_EnterprisePKI-OmaUri-Begin -->
@@ -1796,7 +1796,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_1-Applicability-End -->
 
 <!-- MMC_EventViewer_1-OmaUri-Begin -->
@@ -1867,7 +1867,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_2-Applicability-End -->
 
 <!-- MMC_EventViewer_2-OmaUri-Begin -->
@@ -1938,7 +1938,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_3-Applicability-End -->
 
 <!-- MMC_EventViewer_3-OmaUri-Begin -->
@@ -2009,7 +2009,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_4-Applicability-End -->
 
 <!-- MMC_EventViewer_4-OmaUri-Begin -->
@@ -2080,7 +2080,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FailoverClusters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FailoverClusters-Applicability-End -->
 
 <!-- MMC_FailoverClusters-OmaUri-Begin -->
@@ -2151,7 +2151,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FAXService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FAXService-Applicability-End -->
 
 <!-- MMC_FAXService-OmaUri-Begin -->
@@ -2222,7 +2222,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FolderRedirection_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FolderRedirection_1-Applicability-End -->
 
 <!-- MMC_FolderRedirection_1-OmaUri-Begin -->
@@ -2293,7 +2293,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FolderRedirection_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FolderRedirection_2-Applicability-End -->
 
 <!-- MMC_FolderRedirection_2-OmaUri-Begin -->
@@ -2364,7 +2364,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FrontPageExt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FrontPageExt-Applicability-End -->
 
 <!-- MMC_FrontPageExt-OmaUri-Begin -->
@@ -2435,7 +2435,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_GroupPolicyManagementSnapIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_GroupPolicyManagementSnapIn-Applicability-End -->
 
 <!-- MMC_GroupPolicyManagementSnapIn-OmaUri-Begin -->
@@ -2506,7 +2506,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_GroupPolicySnapIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_GroupPolicySnapIn-Applicability-End -->
 
 <!-- MMC_GroupPolicySnapIn-OmaUri-Begin -->
@@ -2577,7 +2577,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_GroupPolicyTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_GroupPolicyTab-Applicability-End -->
 
 <!-- MMC_GroupPolicyTab-OmaUri-Begin -->
@@ -2646,7 +2646,7 @@ When the Group Policy tab is inaccessible, it doesn't appear in the site, domain
 <!-- MMC_HRA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_HRA-Applicability-End -->
 
 <!-- MMC_HRA-OmaUri-Begin -->
@@ -2717,7 +2717,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IAS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IAS-Applicability-End -->
 
 <!-- MMC_IAS-OmaUri-Begin -->
@@ -2788,7 +2788,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IASLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IASLogging-Applicability-End -->
 
 <!-- MMC_IASLogging-OmaUri-Begin -->
@@ -2859,7 +2859,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IEMaintenance_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IEMaintenance_1-Applicability-End -->
 
 <!-- MMC_IEMaintenance_1-OmaUri-Begin -->
@@ -2930,7 +2930,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IEMaintenance_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IEMaintenance_2-Applicability-End -->
 
 <!-- MMC_IEMaintenance_2-OmaUri-Begin -->
@@ -3001,7 +3001,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IGMPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IGMPRouting-Applicability-End -->
 
 <!-- MMC_IGMPRouting-OmaUri-Begin -->
@@ -3072,7 +3072,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IIS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IIS-Applicability-End -->
 
 <!-- MMC_IIS-OmaUri-Begin -->
@@ -3143,7 +3143,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IndexingService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IndexingService-Applicability-End -->
 
 <!-- MMC_IndexingService-OmaUri-Begin -->
@@ -3214,7 +3214,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPRouting-Applicability-End -->
 
 <!-- MMC_IPRouting-OmaUri-Begin -->
@@ -3285,7 +3285,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IpSecManage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IpSecManage-Applicability-End -->
 
 <!-- MMC_IpSecManage-OmaUri-Begin -->
@@ -3356,7 +3356,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPSecManage_GP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPSecManage_GP-Applicability-End -->
 
 <!-- MMC_IPSecManage_GP-OmaUri-Begin -->
@@ -3427,7 +3427,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IpSecMonitor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IpSecMonitor-Applicability-End -->
 
 <!-- MMC_IpSecMonitor-OmaUri-Begin -->
@@ -3498,7 +3498,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPXRIPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPXRIPRouting-Applicability-End -->
 
 <!-- MMC_IPXRIPRouting-OmaUri-Begin -->
@@ -3569,7 +3569,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPXRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPXRouting-Applicability-End -->
 
 <!-- MMC_IPXRouting-OmaUri-Begin -->
@@ -3640,7 +3640,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPXSAPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPXSAPRouting-Applicability-End -->
 
 <!-- MMC_IPXSAPRouting-OmaUri-Begin -->
@@ -3711,7 +3711,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_LocalUsersGroups-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_LocalUsersGroups-Applicability-End -->
 
 <!-- MMC_LocalUsersGroups-OmaUri-Begin -->
@@ -3782,7 +3782,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_LogicalMappedDrives-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_LogicalMappedDrives-Applicability-End -->
 
 <!-- MMC_LogicalMappedDrives-OmaUri-Begin -->
@@ -3853,7 +3853,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_NapSnap-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_NapSnap-Applicability-End -->
 
 <!-- MMC_NapSnap-OmaUri-Begin -->
@@ -3924,7 +3924,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_NapSnap_GP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_NapSnap_GP-Applicability-End -->
 
 <!-- MMC_NapSnap_GP-OmaUri-Begin -->
@@ -3995,7 +3995,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Net_Framework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Net_Framework-Applicability-End -->
 
 <!-- MMC_Net_Framework-OmaUri-Begin -->
@@ -4066,7 +4066,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_NPSUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_NPSUI-Applicability-End -->
 
 <!-- MMC_NPSUI-OmaUri-Begin -->
@@ -4137,7 +4137,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_OCSP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_OCSP-Applicability-End -->
 
 <!-- MMC_OCSP-OmaUri-Begin -->
@@ -4208,7 +4208,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_OSPFRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_OSPFRouting-Applicability-End -->
 
 <!-- MMC_OSPFRouting-OmaUri-Begin -->
@@ -4279,7 +4279,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_PerfLogsAlerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_PerfLogsAlerts-Applicability-End -->
 
 <!-- MMC_PerfLogsAlerts-OmaUri-Begin -->
@@ -4350,7 +4350,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_PublicKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_PublicKey-Applicability-End -->
 
 <!-- MMC_PublicKey-OmaUri-Begin -->
@@ -4421,7 +4421,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_QoSAdmission-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_QoSAdmission-Applicability-End -->
 
 <!-- MMC_QoSAdmission-OmaUri-Begin -->
@@ -4492,7 +4492,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RAS_DialinUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RAS_DialinUser-Applicability-End -->
 
 <!-- MMC_RAS_DialinUser-OmaUri-Begin -->
@@ -4563,7 +4563,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RemoteAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RemoteAccess-Applicability-End -->
 
 <!-- MMC_RemoteAccess-OmaUri-Begin -->
@@ -4634,7 +4634,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RemoteDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RemoteDesktop-Applicability-End -->
 
 <!-- MMC_RemoteDesktop-OmaUri-Begin -->
@@ -4705,7 +4705,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RemStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RemStore-Applicability-End -->
 
 <!-- MMC_RemStore-OmaUri-Begin -->
@@ -4776,7 +4776,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ResultantSetOfPolicySnapIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ResultantSetOfPolicySnapIn-Applicability-End -->
 
 <!-- MMC_ResultantSetOfPolicySnapIn-OmaUri-Begin -->
@@ -4847,7 +4847,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RIPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RIPRouting-Applicability-End -->
 
 <!-- MMC_RIPRouting-OmaUri-Begin -->
@@ -4918,7 +4918,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RIS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RIS-Applicability-End -->
 
 <!-- MMC_RIS-OmaUri-Begin -->
@@ -4989,7 +4989,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Routing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Routing-Applicability-End -->
 
 <!-- MMC_Routing-OmaUri-Begin -->
@@ -5060,7 +5060,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RRA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RRA-Applicability-End -->
 
 <!-- MMC_RRA-OmaUri-Begin -->
@@ -5131,7 +5131,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RSM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RSM-Applicability-End -->
 
 <!-- MMC_RSM-OmaUri-Begin -->
@@ -5202,7 +5202,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SCA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SCA-Applicability-End -->
 
 <!-- MMC_SCA-OmaUri-Begin -->
@@ -5273,7 +5273,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsMachine_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsMachine_1-Applicability-End -->
 
 <!-- MMC_ScriptsMachine_1-OmaUri-Begin -->
@@ -5344,7 +5344,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsMachine_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsMachine_2-Applicability-End -->
 
 <!-- MMC_ScriptsMachine_2-OmaUri-Begin -->
@@ -5415,7 +5415,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsUser_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsUser_1-Applicability-End -->
 
 <!-- MMC_ScriptsUser_1-OmaUri-Begin -->
@@ -5486,7 +5486,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsUser_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsUser_2-Applicability-End -->
 
 <!-- MMC_ScriptsUser_2-OmaUri-Begin -->
@@ -5557,7 +5557,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SecuritySettings_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SecuritySettings_1-Applicability-End -->
 
 <!-- MMC_SecuritySettings_1-OmaUri-Begin -->
@@ -5628,7 +5628,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SecuritySettings_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SecuritySettings_2-Applicability-End -->
 
 <!-- MMC_SecuritySettings_2-OmaUri-Begin -->
@@ -5699,7 +5699,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SecurityTemplates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SecurityTemplates-Applicability-End -->
 
 <!-- MMC_SecurityTemplates-OmaUri-Begin -->
@@ -5770,7 +5770,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SendConsoleMessage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SendConsoleMessage-Applicability-End -->
 
 <!-- MMC_SendConsoleMessage-OmaUri-Begin -->
@@ -5841,7 +5841,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ServerManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ServerManager-Applicability-End -->
 
 <!-- MMC_ServerManager-OmaUri-Begin -->
@@ -5912,7 +5912,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ServiceDependencies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ServiceDependencies-Applicability-End -->
 
 <!-- MMC_ServiceDependencies-OmaUri-Begin -->
@@ -5983,7 +5983,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Services-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Services-Applicability-End -->
 
 <!-- MMC_Services-OmaUri-Begin -->
@@ -6054,7 +6054,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SharedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SharedFolders-Applicability-End -->
 
 <!-- MMC_SharedFolders-OmaUri-Begin -->
@@ -6125,7 +6125,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SharedFolders_Ext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SharedFolders_Ext-Applicability-End -->
 
 <!-- MMC_SharedFolders_Ext-OmaUri-Begin -->
@@ -6196,7 +6196,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SMTPProtocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SMTPProtocol-Applicability-End -->
 
 <!-- MMC_SMTPProtocol-OmaUri-Begin -->
@@ -6267,7 +6267,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SNMP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SNMP-Applicability-End -->
 
 <!-- MMC_SNMP-OmaUri-Begin -->
@@ -6338,7 +6338,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstalationComputers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstalationComputers_1-Applicability-End -->
 
 <!-- MMC_SoftwareInstalationComputers_1-OmaUri-Begin -->
@@ -6409,7 +6409,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstalationComputers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstalationComputers_2-Applicability-End -->
 
 <!-- MMC_SoftwareInstalationComputers_2-OmaUri-Begin -->
@@ -6480,7 +6480,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstallationUsers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstallationUsers_1-Applicability-End -->
 
 <!-- MMC_SoftwareInstallationUsers_1-OmaUri-Begin -->
@@ -6551,7 +6551,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstallationUsers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstallationUsers_2-Applicability-End -->
 
 <!-- MMC_SoftwareInstallationUsers_2-OmaUri-Begin -->
@@ -6622,7 +6622,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SysInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SysInfo-Applicability-End -->
 
 <!-- MMC_SysInfo-OmaUri-Begin -->
@@ -6693,7 +6693,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SysProp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SysProp-Applicability-End -->
 
 <!-- MMC_SysProp-OmaUri-Begin -->
@@ -6764,7 +6764,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Telephony-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Telephony-Applicability-End -->
 
 <!-- MMC_Telephony-OmaUri-Begin -->
@@ -6835,7 +6835,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_TerminalServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_TerminalServices-Applicability-End -->
 
 <!-- MMC_TerminalServices-OmaUri-Begin -->
@@ -6906,7 +6906,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_TPMManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_TPMManagement-Applicability-End -->
 
 <!-- MMC_TPMManagement-OmaUri-Begin -->
@@ -6977,7 +6977,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WindowsFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WindowsFirewall-Applicability-End -->
 
 <!-- MMC_WindowsFirewall-OmaUri-Begin -->
@@ -7048,7 +7048,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WindowsFirewall_GP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WindowsFirewall_GP-Applicability-End -->
 
 <!-- MMC_WindowsFirewall_GP-OmaUri-Begin -->
@@ -7119,7 +7119,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WiredNetworkPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WiredNetworkPolicy-Applicability-End -->
 
 <!-- MMC_WiredNetworkPolicy-OmaUri-Begin -->
@@ -7190,7 +7190,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WirelessMon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WirelessMon-Applicability-End -->
 
 <!-- MMC_WirelessMon-OmaUri-Begin -->
@@ -7261,7 +7261,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WirelessNetworkPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WirelessNetworkPolicy-Applicability-End -->
 
 <!-- MMC_WirelessNetworkPolicy-OmaUri-Begin -->
@@ -7332,7 +7332,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WMI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WMI-Applicability-End -->
 
 <!-- MMC_WMI-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 7e94f79eac..ef789f1e59 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MobilePCMobilityCenter Policy CSP
 description: Learn more about the ADMX_MobilePCMobilityCenter Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- MobilityCenterEnable_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MobilityCenterEnable_1-Applicability-End -->
 
 <!-- MobilityCenterEnable_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting turns off Windows Mobility Center.
 <!-- MobilityCenterEnable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MobilityCenterEnable_2-Applicability-End -->
 
 <!-- MobilityCenterEnable_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index 7fecf79eed..fd3c2b80c1 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MobilePCPresentationSettings Policy CSP
 description: Learn more about the ADMX_MobilePCPresentationSettings Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PresentationSettingsEnable_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PresentationSettingsEnable_1-Applicability-End -->
 
 <!-- PresentationSettingsEnable_1-OmaUri-Begin -->
@@ -85,7 +85,7 @@ This policy setting turns off Windows presentation settings.
 <!-- PresentationSettingsEnable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PresentationSettingsEnable_2-Applicability-End -->
 
 <!-- PresentationSettingsEnable_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index b253142cc0..f15b1bf8f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MSAPolicy Policy CSP
 description: Learn more about the ADMX_MSAPolicy Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- MicrosoftAccount_DisableUserAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftAccount_DisableUserAuth-Applicability-End -->
 
 <!-- MicrosoftAccount_DisableUserAuth-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 7d53cbdc2b..47f4f1113c 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_msched Policy CSP
 description: Learn more about the ADMX_msched Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ActivationBoundaryPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ActivationBoundaryPolicy-Applicability-End -->
 
 <!-- ActivationBoundaryPolicy-OmaUri-Begin -->
@@ -81,7 +81,7 @@ The maintenance activation boundary is the daily schduled time at which Automati
 <!-- RandomDelayPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RandomDelayPolicy-Applicability-End -->
 
 <!-- RandomDelayPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 33e06d7063..4824f2f7af 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MSDT Policy CSP
 description: Learn more about the ADMX_MSDT Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- MsdtSupportProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MsdtSupportProvider-Applicability-End -->
 
 <!-- MsdtSupportProvider-OmaUri-Begin -->
@@ -86,7 +86,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- MsdtToolDownloadPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MsdtToolDownloadPolicy-Applicability-End -->
 
 <!-- MsdtToolDownloadPolicy-OmaUri-Begin -->
@@ -159,7 +159,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index 30e507028d..104e20e9ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MSI Policy CSP
 description: Learn more about the ADMX_MSI Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowLockdownBrowse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLockdownBrowse-Applicability-End -->
 
 <!-- AllowLockdownBrowse-OmaUri-Begin -->
@@ -84,7 +84,7 @@ This policy setting doesn't affect installations that run in the user's security
 <!-- AllowLockdownMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLockdownMedia-Applicability-End -->
 
 <!-- AllowLockdownMedia-OmaUri-Begin -->
@@ -147,7 +147,7 @@ Also, see the "Prevent removable media source for any install" policy setting.
 <!-- AllowLockdownPatch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLockdownPatch-Applicability-End -->
 
 <!-- AllowLockdownPatch-OmaUri-Begin -->
@@ -208,7 +208,7 @@ This policy setting doesn't affect installations that run in the user's security
 <!-- DisableAutomaticApplicationShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutomaticApplicationShutdown-Applicability-End -->
 
 <!-- DisableAutomaticApplicationShutdown-OmaUri-Begin -->
@@ -272,7 +272,7 @@ This policy setting controls Windows Installer's interaction with the Restart Ma
 <!-- DisableBrowse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBrowse-Applicability-End -->
 
 <!-- DisableBrowse-OmaUri-Begin -->
@@ -337,7 +337,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting.
 <!-- DisableFlyweightPatching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableFlyweightPatching-Applicability-End -->
 
 <!-- DisableFlyweightPatching-OmaUri-Begin -->
@@ -395,7 +395,7 @@ This policy setting controls the ability to turn off all patch optimizations.
 <!-- DisableLoggingFromPackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLoggingFromPackage-Applicability-End -->
 
 <!-- DisableLoggingFromPackage-OmaUri-Begin -->
@@ -457,7 +457,7 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr
 <!-- DisableMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableMedia-Applicability-End -->
 
 <!-- DisableMedia-OmaUri-Begin -->
@@ -520,7 +520,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad
 <!-- DisableMSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableMSI-Applicability-End -->
 
 <!-- DisableMSI-OmaUri-Begin -->
@@ -584,7 +584,7 @@ This policy setting affects Windows Installer only. It doesn't prevent users fro
 <!-- DisablePatch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePatch-Applicability-End -->
 
 <!-- DisablePatch-OmaUri-Begin -->
@@ -648,7 +648,7 @@ Also, see the "Enable user to patch elevated products" policy setting.
 <!-- DisableRollback_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRollback_1-Applicability-End -->
 
 <!-- DisableRollback_1-OmaUri-Begin -->
@@ -711,7 +711,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- DisableRollback_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRollback_2-Applicability-End -->
 
 <!-- DisableRollback_2-OmaUri-Begin -->
@@ -774,7 +774,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- DisableSharedComponent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSharedComponent-Applicability-End -->
 
 <!-- DisableSharedComponent-OmaUri-Begin -->
@@ -833,7 +833,7 @@ This policy setting controls the ability to turn off shared components.
 <!-- MSI_DisableLUAPatching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisableLUAPatching-Applicability-End -->
 
 <!-- MSI_DisableLUAPatching-OmaUri-Begin -->
@@ -894,7 +894,7 @@ Non-administrator updates provide a mechanism for the author of an application t
 <!-- MSI_DisablePatchUninstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisablePatchUninstall-Applicability-End -->
 
 <!-- MSI_DisablePatchUninstall-OmaUri-Begin -->
@@ -955,7 +955,7 @@ This policy setting should be used if you need to maintain a tight control over
 <!-- MSI_DisableSRCheckPoints-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisableSRCheckPoints-Applicability-End -->
 
 <!-- MSI_DisableSRCheckPoints-OmaUri-Begin -->
@@ -1014,7 +1014,7 @@ This policy setting prevents Windows Installer from creating a System Restore ch
 <!-- MSI_DisableUserInstalls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisableUserInstalls-Applicability-End -->
 
 <!-- MSI_DisableUserInstalls-OmaUri-Begin -->
@@ -1072,7 +1072,7 @@ This policy setting allows you to configure user installs. To configure this pol
 <!-- MSI_EnforceUpgradeComponentRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_EnforceUpgradeComponentRules-Applicability-End -->
 
 <!-- MSI_EnforceUpgradeComponentRules-OmaUri-Begin -->
@@ -1139,7 +1139,7 @@ The new feature must be added as a new leaf feature to an existing feature tree.
 <!-- MSI_MaxPatchCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_MaxPatchCacheSize-Applicability-End -->
 
 <!-- MSI_MaxPatchCacheSize-OmaUri-Begin -->
@@ -1203,7 +1203,7 @@ If you set the baseline cache to 100, the Windows Installer will use available f
 <!-- MsiDisableEmbeddedUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MsiDisableEmbeddedUI-Applicability-End -->
 
 <!-- MsiDisableEmbeddedUI-OmaUri-Begin -->
@@ -1262,7 +1262,7 @@ This policy setting controls the ability to prevent embedded UI.
 <!-- MSILogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSILogging-Applicability-End -->
 
 <!-- MSILogging-OmaUri-Begin -->
@@ -1322,7 +1322,7 @@ If you disable or don't configure this policy setting, Windows Installer logs th
 <!-- SafeForScripting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SafeForScripting-Applicability-End -->
 
 <!-- SafeForScripting-OmaUri-Begin -->
@@ -1383,7 +1383,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist
 <!-- SearchOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SearchOrder-Applicability-End -->
 
 <!-- SearchOrder-OmaUri-Begin -->
@@ -1449,7 +1449,7 @@ To exclude a file source, omit or delete the letter representing that source typ
 <!-- TransformsSecure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TransformsSecure-Applicability-End -->
 
 <!-- TransformsSecure-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index e87b0fb09d..5fd4e17f27 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MsiFileRecovery Policy CSP
 description: Learn more about the ADMX_MsiFileRecovery Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
index 27e93c1b63..a99b4bd0bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
+++ b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_MSS-legacy Policy CSP
 description: Learn more about the ADMX_MSS-legacy Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Pol_MSS_AutoAdminLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoAdminLogon-Applicability-End -->
 
 <!-- Pol_MSS_AutoAdminLogon-OmaUri-Begin -->
@@ -72,7 +72,7 @@ Enable Automatic Logon (not recommended).
 <!-- Pol_MSS_AutoReboot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoReboot-Applicability-End -->
 
 <!-- Pol_MSS_AutoReboot-OmaUri-Begin -->
@@ -123,7 +123,7 @@ Allow Windows to automatically restart after a system crash (recommended except
 <!-- Pol_MSS_AutoShareServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoShareServer-Applicability-End -->
 
 <!-- Pol_MSS_AutoShareServer-OmaUri-Begin -->
@@ -174,7 +174,7 @@ Enable administrative shares on servers (recommended except for highly secure en
 <!-- Pol_MSS_AutoShareWks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoShareWks-Applicability-End -->
 
 <!-- Pol_MSS_AutoShareWks-OmaUri-Begin -->
@@ -225,7 +225,7 @@ Enable administrative shares on workstations (recommended except for highly secu
 <!-- Pol_MSS_DisableSavePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_DisableSavePassword-Applicability-End -->
 
 <!-- Pol_MSS_DisableSavePassword-OmaUri-Begin -->
@@ -276,7 +276,7 @@ Prevent the dial-up password from being saved (recommended).
 <!-- Pol_MSS_EnableDeadGWDetect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_EnableDeadGWDetect-Applicability-End -->
 
 <!-- Pol_MSS_EnableDeadGWDetect-OmaUri-Begin -->
@@ -327,7 +327,7 @@ Allow automatic detection of dead network gateways (could lead to DoS).
 <!-- Pol_MSS_HideFromBrowseList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_HideFromBrowseList-Applicability-End -->
 
 <!-- Pol_MSS_HideFromBrowseList-OmaUri-Begin -->
@@ -378,7 +378,7 @@ Hide Computer From the Browse List (not recommended except for highly secure env
 <!-- Pol_MSS_KeepAliveTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_KeepAliveTime-Applicability-End -->
 
 <!-- Pol_MSS_KeepAliveTime-OmaUri-Begin -->
@@ -429,7 +429,7 @@ Define how often keep-alive packets are sent in milliseconds.
 <!-- Pol_MSS_NoDefaultExempt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_NoDefaultExempt-Applicability-End -->
 
 <!-- Pol_MSS_NoDefaultExempt-OmaUri-Begin -->
@@ -480,7 +480,7 @@ Configure IPSec exemptions for various types of network traffic.
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-End -->
 
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-Begin -->
@@ -531,7 +531,7 @@ Enable the computer to stop generating 8.3 style filenames.
 <!-- Pol_MSS_PerformRouterDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_PerformRouterDiscovery-Applicability-End -->
 
 <!-- Pol_MSS_PerformRouterDiscovery-OmaUri-Begin -->
@@ -582,7 +582,7 @@ Enable the computer to stop generating 8.3 style filenames.
 <!-- Pol_MSS_SafeDllSearchMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_SafeDllSearchMode-Applicability-End -->
 
 <!-- Pol_MSS_SafeDllSearchMode-OmaUri-Begin -->
@@ -633,7 +633,7 @@ Enable Safe DLL search mode (recommended).
 <!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-End -->
 
 <!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-Begin -->
@@ -684,7 +684,7 @@ he time in seconds before the screen saver grace period expires (0 recommended).
 <!-- Pol_MSS_SynAttackProtect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_SynAttackProtect-Applicability-End -->
 
 <!-- Pol_MSS_SynAttackProtect-OmaUri-Begin -->
@@ -735,7 +735,7 @@ Syn attack protection level (protects against DoS).
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-End -->
 
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-Begin -->
@@ -786,7 +786,7 @@ SYN-ACK retransmissions when a connection request is not acknowledged.
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-End -->
 
 <!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-Begin -->
@@ -837,7 +837,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-End -->
 
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-Begin -->
@@ -888,7 +888,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is
 <!-- Pol_MSS_WarningLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_WarningLevel-Applicability-End -->
 
 <!-- Pol_MSS_WarningLevel-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 8e47bcbc86..4c6b4307a3 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_nca Policy CSP
 description: Learn more about the ADMX_nca Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CorporateResources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CorporateResources-Applicability-End -->
 
 <!-- CorporateResources-OmaUri-Begin -->
@@ -93,7 +93,7 @@ You must configure this setting to have complete NCA functionality.
 <!-- CustomCommands-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomCommands-Applicability-End -->
 
 <!-- CustomCommands-OmaUri-Begin -->
@@ -147,7 +147,7 @@ Specifies commands configured by the administrator for custom logging. These com
 <!-- DTEs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DTEs-Applicability-End -->
 
 <!-- DTEs-OmaUri-Begin -->
@@ -207,7 +207,7 @@ You must configure this setting to have complete NCA functionality.
 <!-- FriendlyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FriendlyName-Applicability-End -->
 
 <!-- FriendlyName-OmaUri-Begin -->
@@ -263,7 +263,7 @@ If this setting isn't configured, the string that appears for DirectAccess conne
 <!-- LocalNamesOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocalNamesOn-Applicability-End -->
 
 <!-- LocalNamesOn-OmaUri-Begin -->
@@ -330,7 +330,7 @@ If this setting isn't configured, users don't have Connect or Disconnect options
 <!-- PassiveMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PassiveMode-Applicability-End -->
 
 <!-- PassiveMode-OmaUri-Begin -->
@@ -387,7 +387,7 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting
 <!-- ShowUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowUI-Applicability-End -->
 
 <!-- ShowUI-OmaUri-Begin -->
@@ -446,7 +446,7 @@ If this setting isn't configured, the entry for DirectAccess connectivity appear
 <!-- SupportEmail-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SupportEmail-Applicability-End -->
 
 <!-- SupportEmail-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 59719047b8..05752f6756 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_NCSI Policy CSP
 description: Learn more about the ADMX_NCSI Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- NCSI_CorpDnsProbeContent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpDnsProbeContent-Applicability-End -->
 
 <!-- NCSI_CorpDnsProbeContent-OmaUri-Begin -->
@@ -77,7 +77,7 @@ This policy setting enables you to specify the expected address of the host name
 <!-- NCSI_CorpDnsProbeHost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpDnsProbeHost-Applicability-End -->
 
 <!-- NCSI_CorpDnsProbeHost-OmaUri-Begin -->
@@ -133,7 +133,7 @@ This policy setting enables you to specify the host name of a computer known to
 <!-- NCSI_CorpSitePrefixes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpSitePrefixes-Applicability-End -->
 
 <!-- NCSI_CorpSitePrefixes-OmaUri-Begin -->
@@ -189,7 +189,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi
 <!-- NCSI_CorpWebProbeUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpWebProbeUrl-Applicability-End -->
 
 <!-- NCSI_CorpWebProbeUrl-OmaUri-Begin -->
@@ -245,7 +245,7 @@ This policy setting enables you to specify the URL of the corporate website, aga
 <!-- NCSI_DomainLocationDeterminationUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_DomainLocationDeterminationUrl-Applicability-End -->
 
 <!-- NCSI_DomainLocationDeterminationUrl-OmaUri-Begin -->
@@ -301,7 +301,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit
 <!-- NCSI_GlobalDns-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_GlobalDns-Applicability-End -->
 
 <!-- NCSI_GlobalDns-OmaUri-Begin -->
@@ -355,7 +355,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default
 <!-- NCSI_PassivePolling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_PassivePolling-Applicability-End -->
 
 <!-- NCSI_PassivePolling-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index cc98c5cf2d..6603256c75 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Netlogon Policy CSP
 description: Learn more about the ADMX_Netlogon Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Netlogon_AddressLookupOnPingBehavior-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AddressLookupOnPingBehavior-Applicability-End -->
 
 <!-- Netlogon_AddressLookupOnPingBehavior-OmaUri-Begin -->
@@ -89,7 +89,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_AddressTypeReturned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AddressTypeReturned-Applicability-End -->
 
 <!-- Netlogon_AddressTypeReturned-OmaUri-Begin -->
@@ -152,7 +152,7 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica
 <!-- Netlogon_AllowDnsSuffixSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AllowDnsSuffixSearch-Applicability-End -->
 
 <!-- Netlogon_AllowDnsSuffixSearch-OmaUri-Begin -->
@@ -213,7 +213,7 @@ By default, when no setting is specified for this policy, the behavior is the sa
 <!-- Netlogon_AllowNT4Crypto-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AllowNT4Crypto-Applicability-End -->
 
 <!-- Netlogon_AllowNT4Crypto-OmaUri-Begin -->
@@ -276,7 +276,7 @@ By default, Net Logon won't allow the older cryptography algorithms to be used a
 <!-- Netlogon_AllowSingleLabelDnsDomain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AllowSingleLabelDnsDomain-Applicability-End -->
 
 <!-- Netlogon_AllowSingleLabelDnsDomain-OmaUri-Begin -->
@@ -339,7 +339,7 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A
 <!-- Netlogon_AutoSiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AutoSiteCoverage-Applicability-End -->
 
 <!-- Netlogon_AutoSiteCoverage-OmaUri-Begin -->
@@ -400,7 +400,7 @@ This policy setting determines whether domain controllers (DC) will dynamically
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-Applicability-End -->
 
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-OmaUri-Begin -->
@@ -463,7 +463,7 @@ Note that this policy setting doesn't affect NetBIOS-based discovery for DC loca
 <!-- Netlogon_AvoidPdcOnWan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AvoidPdcOnWan-Applicability-End -->
 
 <!-- Netlogon_AvoidPdcOnWan-OmaUri-Begin -->
@@ -526,7 +526,7 @@ Contacting the PDC emulator is useful in case the client's password was recently
 <!-- Netlogon_BackgroundRetryInitialPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundRetryInitialPeriod-Applicability-End -->
 
 <!-- Netlogon_BackgroundRetryInitialPeriod-OmaUri-Begin -->
@@ -589,7 +589,7 @@ If the value of this setting is less than the value specified in the NegativeCac
 <!-- Netlogon_BackgroundRetryMaximumPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundRetryMaximumPeriod-Applicability-End -->
 
 <!-- Netlogon_BackgroundRetryMaximumPeriod-OmaUri-Begin -->
@@ -654,7 +654,7 @@ If the value for this setting is too small and the DC isn't available, the frequ
 <!-- Netlogon_BackgroundRetryQuitTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundRetryQuitTime-Applicability-End -->
 
 <!-- Netlogon_BackgroundRetryQuitTime-OmaUri-Begin -->
@@ -713,7 +713,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
 <!-- Netlogon_BackgroundSuccessfulRefreshPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundSuccessfulRefreshPeriod-Applicability-End -->
 
 <!-- Netlogon_BackgroundSuccessfulRefreshPeriod-OmaUri-Begin -->
@@ -767,7 +767,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th
 <!-- Netlogon_DebugFlag-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DebugFlag-Applicability-End -->
 
 <!-- Netlogon_DebugFlag-OmaUri-Begin -->
@@ -829,7 +829,7 @@ If you specify zero for this policy setting, the default behavior occurs as desc
 <!-- Netlogon_DnsAvoidRegisterRecords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsAvoidRegisterRecords-Applicability-End -->
 
 <!-- Netlogon_DnsAvoidRegisterRecords-OmaUri-Begin -->
@@ -913,7 +913,7 @@ This policy setting determines which DC Locator DNS records aren't registered by
 <!-- Netlogon_DnsRefreshInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsRefreshInterval-Applicability-End -->
 
 <!-- Netlogon_DnsRefreshInterval-OmaUri-Begin -->
@@ -976,7 +976,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_DnsSrvRecordUseLowerCaseHostNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsSrvRecordUseLowerCaseHostNames-Applicability-End -->
 
 <!-- Netlogon_DnsSrvRecordUseLowerCaseHostNames-OmaUri-Begin -->
@@ -1043,7 +1043,7 @@ More information is available at <https://aka.ms/lowercasehostnamesrvrecord>
 <!-- Netlogon_DnsTtl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsTtl-Applicability-End -->
 
 <!-- Netlogon_DnsTtl-OmaUri-Begin -->
@@ -1101,7 +1101,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_ExpectedDialupDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_ExpectedDialupDelay-Applicability-End -->
 
 <!-- Netlogon_ExpectedDialupDelay-OmaUri-Begin -->
@@ -1159,7 +1159,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
 <!-- Netlogon_ForceRediscoveryInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_ForceRediscoveryInterval-Applicability-End -->
 
 <!-- Netlogon_ForceRediscoveryInterval-OmaUri-Begin -->
@@ -1221,7 +1221,7 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do
 <!-- Netlogon_GcSiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_GcSiteCoverage-Applicability-End -->
 
 <!-- Netlogon_GcSiteCoverage-OmaUri-Begin -->
@@ -1281,7 +1281,7 @@ If you don't configure this policy setting, it isn't applied to any GCs, and GCs
 <!-- Netlogon_IgnoreIncomingMailslotMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_IgnoreIncomingMailslotMessages-Applicability-End -->
 
 <!-- Netlogon_IgnoreIncomingMailslotMessages-OmaUri-Begin -->
@@ -1345,7 +1345,7 @@ This policy setting is recommended to reduce the attack surface on a DC, and can
 <!-- Netlogon_LdapSrvPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_LdapSrvPriority-Applicability-End -->
 
 <!-- Netlogon_LdapSrvPriority-OmaUri-Begin -->
@@ -1405,7 +1405,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_LdapSrvWeight-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_LdapSrvWeight-Applicability-End -->
 
 <!-- Netlogon_LdapSrvWeight-OmaUri-Begin -->
@@ -1465,7 +1465,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_MaximumLogFileSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_MaximumLogFileSize-Applicability-End -->
 
 <!-- Netlogon_MaximumLogFileSize-OmaUri-Begin -->
@@ -1525,7 +1525,7 @@ By default, the maximum size of the log file is 20MB.
 <!-- Netlogon_NdncSiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NdncSiteCoverage-Applicability-End -->
 
 <!-- Netlogon_NdncSiteCoverage-OmaUri-Begin -->
@@ -1585,7 +1585,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_NegativeCachePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NegativeCachePeriod-Applicability-End -->
 
 <!-- Netlogon_NegativeCachePeriod-OmaUri-Begin -->
@@ -1644,7 +1644,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
 <!-- Netlogon_NetlogonShareCompatibilityMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NetlogonShareCompatibilityMode-Applicability-End -->
 
 <!-- Netlogon_NetlogonShareCompatibilityMode-OmaUri-Begin -->
@@ -1710,7 +1710,7 @@ By default, the Netlogon share will grant shared read access to files on the sha
 <!-- Netlogon_NonBackgroundSuccessfulRefreshPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NonBackgroundSuccessfulRefreshPeriod-Applicability-End -->
 
 <!-- Netlogon_NonBackgroundSuccessfulRefreshPeriod-OmaUri-Begin -->
@@ -1766,7 +1766,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
 <!-- Netlogon_PingUrgencyMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_PingUrgencyMode-Applicability-End -->
 
 <!-- Netlogon_PingUrgencyMode-OmaUri-Begin -->
@@ -1832,7 +1832,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
 <!-- Netlogon_ScavengeInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_ScavengeInterval-Applicability-End -->
 
 <!-- Netlogon_ScavengeInterval-OmaUri-Begin -->
@@ -1896,7 +1896,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
 <!-- Netlogon_SiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_SiteCoverage-Applicability-End -->
 
 <!-- Netlogon_SiteCoverage-OmaUri-Begin -->
@@ -1956,7 +1956,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_SiteName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_SiteName-Applicability-End -->
 
 <!-- Netlogon_SiteName-OmaUri-Begin -->
@@ -2016,7 +2016,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
 <!-- Netlogon_SysvolShareCompatibilityMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_SysvolShareCompatibilityMode-Applicability-End -->
 
 <!-- Netlogon_SysvolShareCompatibilityMode-OmaUri-Begin -->
@@ -2082,7 +2082,7 @@ If you enable this policy setting, domain administrators should ensure that the
 <!-- Netlogon_TryNextClosestSite-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_TryNextClosestSite-Applicability-End -->
 
 <!-- Netlogon_TryNextClosestSite-OmaUri-Begin -->
@@ -2145,7 +2145,7 @@ The DC Locator service is used by clients to find domain controllers for their A
 <!-- Netlogon_UseDynamicDns-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_UseDynamicDns-Applicability-End -->
 
 <!-- Netlogon_UseDynamicDns-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index e65aa855ba..d79ef60825 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_NetworkConnections Policy CSP
 description: Learn more about the ADMX_NetworkConnections Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- NC_AddRemoveComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_AddRemoveComponents-Applicability-End -->
 
 <!-- NC_AddRemoveComponents-OmaUri-Begin -->
@@ -93,7 +93,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec
 <!-- NC_AdvancedSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_AdvancedSettings-Applicability-End -->
 
 <!-- NC_AdvancedSettings-OmaUri-Begin -->
@@ -160,7 +160,7 @@ The Advanced Settings item lets users view and change bindings and view and chan
 <!-- NC_AllowAdvancedTCPIPConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_AllowAdvancedTCPIPConfig-Applicability-End -->
 
 <!-- NC_AllowAdvancedTCPIPConfig-OmaUri-Begin -->
@@ -234,7 +234,7 @@ Determines whether users can configure advanced TCP/IP settings.
 <!-- NC_ChangeBindState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ChangeBindState-Applicability-End -->
 
 <!-- NC_ChangeBindState-OmaUri-Begin -->
@@ -302,7 +302,7 @@ Determines whether administrators can enable and disable the components used by
 <!-- NC_DeleteAllUserConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DeleteAllUserConnection-Applicability-End -->
 
 <!-- NC_DeleteAllUserConnection-OmaUri-Begin -->
@@ -377,7 +377,7 @@ To create an all-user remote access connection, on the Connection Availability p
 <!-- NC_DeleteConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DeleteConnection-Applicability-End -->
 
 <!-- NC_DeleteConnection-OmaUri-Begin -->
@@ -448,7 +448,7 @@ Determines whether users can delete remote access connections.
 <!-- NC_DialupPrefs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DialupPrefs-Applicability-End -->
 
 <!-- NC_DialupPrefs-OmaUri-Begin -->
@@ -512,7 +512,7 @@ The Remote Access Preferences item lets users create and change connections befo
 <!-- NC_DoNotShowLocalOnlyIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DoNotShowLocalOnlyIcon-Applicability-End -->
 
 <!-- NC_DoNotShowLocalOnlyIcon-OmaUri-Begin -->
@@ -571,7 +571,7 @@ If you disable this setting or don't configure it, the "local access only" icon
 <!-- NC_EnableAdminProhibits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_EnableAdminProhibits-Applicability-End -->
 
 <!-- NC_EnableAdminProhibits-OmaUri-Begin -->
@@ -637,7 +637,7 @@ By default, Network Connections group settings in Windows XP Professional don't
 <!-- NC_ForceTunneling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ForceTunneling-Applicability-End -->
 
 <!-- NC_ForceTunneling-OmaUri-Begin -->
@@ -699,7 +699,7 @@ When a remote client computer connects to an internal network using DirectAccess
 <!-- NC_IpStateChecking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_IpStateChecking-Applicability-End -->
 
 <!-- NC_IpStateChecking-OmaUri-Begin -->
@@ -758,7 +758,7 @@ This policy setting allows you to manage whether notifications are shown to the
 <!-- NC_LanChangeProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_LanChangeProperties-Applicability-End -->
 
 <!-- NC_LanChangeProperties-OmaUri-Begin -->
@@ -836,7 +836,7 @@ The Local Area Connection Properties dialog box includes a list of the network c
 <!-- NC_LanConnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_LanConnect-Applicability-End -->
 
 <!-- NC_LanConnect-OmaUri-Begin -->
@@ -903,7 +903,7 @@ Determines whether users can enable/disable LAN connections.
 <!-- NC_LanProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_LanProperties-Applicability-End -->
 
 <!-- NC_LanProperties-OmaUri-Begin -->
@@ -975,7 +975,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 <!-- NC_NewConnectionWizard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_NewConnectionWizard-Applicability-End -->
 
 <!-- NC_NewConnectionWizard-OmaUri-Begin -->
@@ -1043,7 +1043,7 @@ Determines whether users can use the New Connection Wizard, which creates new ne
 <!-- NC_PersonalFirewallConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_PersonalFirewallConfig-Applicability-End -->
 
 <!-- NC_PersonalFirewallConfig-OmaUri-Begin -->
@@ -1112,7 +1112,7 @@ The Internet Connection Firewall is a stateful packet filter for home and small
 <!-- NC_RasAllUserProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasAllUserProperties-Applicability-End -->
 
 <!-- NC_RasAllUserProperties-OmaUri-Begin -->
@@ -1188,7 +1188,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 <!-- NC_RasChangeProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasChangeProperties-Applicability-End -->
 
 <!-- NC_RasChangeProperties-OmaUri-Begin -->
@@ -1263,7 +1263,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include
 <!-- NC_RasConnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasConnect-Applicability-End -->
 
 <!-- NC_RasConnect-OmaUri-Begin -->
@@ -1325,7 +1325,7 @@ Determines whether users can connect and disconnect remote access connections.
 <!-- NC_RasMyProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasMyProperties-Applicability-End -->
 
 <!-- NC_RasMyProperties-OmaUri-Begin -->
@@ -1399,7 +1399,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 <!-- NC_RenameAllUserRasConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameAllUserRasConnection-Applicability-End -->
 
 <!-- NC_RenameAllUserRasConnection-OmaUri-Begin -->
@@ -1471,7 +1471,7 @@ To create an all-user connection, on the Connection Availability page in the New
 <!-- NC_RenameConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameConnection-Applicability-End -->
 
 <!-- NC_RenameConnection-OmaUri-Begin -->
@@ -1541,7 +1541,7 @@ If this setting isn't configured, only Administrators and Network Configuration
 <!-- NC_RenameLanConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameLanConnection-Applicability-End -->
 
 <!-- NC_RenameLanConnection-OmaUri-Begin -->
@@ -1608,7 +1608,7 @@ Determines whether nonadministrators can rename a LAN connection.
 <!-- NC_RenameMyRasConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameMyRasConnection-Applicability-End -->
 
 <!-- NC_RenameMyRasConnection-OmaUri-Begin -->
@@ -1675,7 +1675,7 @@ Private connections are those that are available only to one user. To create a p
 <!-- NC_ShowSharedAccessUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ShowSharedAccessUI-Applicability-End -->
 
 <!-- NC_ShowSharedAccessUI-OmaUri-Begin -->
@@ -1750,7 +1750,7 @@ By default, ICS is disabled when you create a remote access connection, but admi
 <!-- NC_Statistics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_Statistics-Applicability-End -->
 
 <!-- NC_Statistics-OmaUri-Begin -->
@@ -1814,7 +1814,7 @@ Connection status is available from the connection status taskbar icon or from t
 <!-- NC_StdDomainUserSetLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_StdDomainUserSetLocation-Applicability-End -->
 
 <!-- NC_StdDomainUserSetLocation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index 3f4616f1d8..f7467145fb 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_OfflineFiles Policy CSP
 description: Learn more about the ADMX_OfflineFiles Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Pol_AlwaysPinSubFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_AlwaysPinSubFolders-Applicability-End -->
 
 <!-- Pol_AlwaysPinSubFolders-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This setting automatically extends the "make available offline" setting to all n
 <!-- Pol_AssignedOfflineFiles_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_AssignedOfflineFiles_1-Applicability-End -->
 
 <!-- Pol_AssignedOfflineFiles_1-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting lists network files and folders that are always available fo
 <!-- Pol_AssignedOfflineFiles_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_AssignedOfflineFiles_2-Applicability-End -->
 
 <!-- Pol_AssignedOfflineFiles_2-OmaUri-Begin -->
@@ -208,7 +208,7 @@ This policy setting lists network files and folders that are always available fo
 <!-- Pol_BackgroundSyncSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_BackgroundSyncSettings-Applicability-End -->
 
 <!-- Pol_BackgroundSyncSettings-OmaUri-Begin -->
@@ -269,7 +269,7 @@ You can also configure Background Sync for network shares that are in user selec
 <!-- Pol_CacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CacheSize-Applicability-End -->
 
 <!-- Pol_CacheSize-OmaUri-Begin -->
@@ -339,7 +339,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
 <!-- Pol_CustomGoOfflineActions_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CustomGoOfflineActions_1-Applicability-End -->
 
 <!-- Pol_CustomGoOfflineActions_1-OmaUri-Begin -->
@@ -400,7 +400,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_CustomGoOfflineActions_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CustomGoOfflineActions_2-Applicability-End -->
 
 <!-- Pol_CustomGoOfflineActions_2-OmaUri-Begin -->
@@ -461,7 +461,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_DefCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_DefCacheSize-Applicability-End -->
 
 <!-- Pol_DefCacheSize-OmaUri-Begin -->
@@ -530,7 +530,7 @@ This setting doesn't limit the disk space available for files that user's make a
 <!-- Pol_Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_Enabled-Applicability-End -->
 
 <!-- Pol_Enabled-OmaUri-Begin -->
@@ -594,7 +594,7 @@ This policy setting determines whether the Offline Files feature is enabled. Off
 <!-- Pol_EncryptOfflineFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EncryptOfflineFiles-Applicability-End -->
 
 <!-- Pol_EncryptOfflineFiles-OmaUri-Begin -->
@@ -662,7 +662,7 @@ This setting is applied at user logon. If this setting is changed after user log
 <!-- Pol_EventLoggingLevel_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EventLoggingLevel_1-Applicability-End -->
 
 <!-- Pol_EventLoggingLevel_1-OmaUri-Begin -->
@@ -731,7 +731,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 <!-- Pol_EventLoggingLevel_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EventLoggingLevel_2-Applicability-End -->
 
 <!-- Pol_EventLoggingLevel_2-OmaUri-Begin -->
@@ -800,7 +800,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 <!-- Pol_ExclusionListSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ExclusionListSettings-Applicability-End -->
 
 <!-- Pol_ExclusionListSettings-OmaUri-Begin -->
@@ -858,7 +858,7 @@ This policy setting enables administrators to block certain file types from bein
 <!-- Pol_ExtExclusionList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ExtExclusionList-Applicability-End -->
 
 <!-- Pol_ExtExclusionList-OmaUri-Begin -->
@@ -921,7 +921,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
 <!-- Pol_GoOfflineAction_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_GoOfflineAction_1-Applicability-End -->
 
 <!-- Pol_GoOfflineAction_1-OmaUri-Begin -->
@@ -994,7 +994,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!-- Pol_GoOfflineAction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_GoOfflineAction_2-Applicability-End -->
 
 <!-- Pol_GoOfflineAction_2-OmaUri-Begin -->
@@ -1067,7 +1067,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!-- Pol_NoCacheViewer_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoCacheViewer_1-Applicability-End -->
 
 <!-- Pol_NoCacheViewer_1-OmaUri-Begin -->
@@ -1131,7 +1131,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoCacheViewer_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoCacheViewer_2-Applicability-End -->
 
 <!-- Pol_NoCacheViewer_2-OmaUri-Begin -->
@@ -1195,7 +1195,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoConfigCache_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoConfigCache_1-Applicability-End -->
 
 <!-- Pol_NoConfigCache_1-OmaUri-Begin -->
@@ -1259,7 +1259,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoConfigCache_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoConfigCache_2-Applicability-End -->
 
 <!-- Pol_NoConfigCache_2-OmaUri-Begin -->
@@ -1323,7 +1323,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoMakeAvailableOffline_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoMakeAvailableOffline_1-Applicability-End -->
 
 <!-- Pol_NoMakeAvailableOffline_1-OmaUri-Begin -->
@@ -1387,7 +1387,7 @@ The "Make Available Offline" command is called "Always available offline" on com
 <!-- Pol_NoMakeAvailableOffline_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoMakeAvailableOffline_2-Applicability-End -->
 
 <!-- Pol_NoMakeAvailableOffline_2-OmaUri-Begin -->
@@ -1451,7 +1451,7 @@ The "Make Available Offline" command is called "Always available offline" on com
 <!-- Pol_NoPinFiles_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoPinFiles_1-Applicability-End -->
 
 <!-- Pol_NoPinFiles_1-OmaUri-Begin -->
@@ -1520,7 +1520,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this
 <!-- Pol_NoPinFiles_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoPinFiles_2-Applicability-End -->
 
 <!-- Pol_NoPinFiles_2-OmaUri-Begin -->
@@ -1589,7 +1589,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this
 <!-- Pol_NoReminders_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoReminders_1-Applicability-End -->
 
 <!-- Pol_NoReminders_1-OmaUri-Begin -->
@@ -1659,7 +1659,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoReminders_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoReminders_2-Applicability-End -->
 
 <!-- Pol_NoReminders_2-OmaUri-Begin -->
@@ -1729,7 +1729,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_OnlineCachingSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_OnlineCachingSettings-Applicability-End -->
 
 <!-- Pol_OnlineCachingSettings-OmaUri-Begin -->
@@ -1791,7 +1791,7 @@ This policy setting is triggered by the configured round trip network latency va
 <!-- Pol_PurgeAtLogoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_PurgeAtLogoff-Applicability-End -->
 
 <!-- Pol_PurgeAtLogoff-OmaUri-Begin -->
@@ -1853,7 +1853,7 @@ If you disable this setting or don't configure it, automatically and manually ca
 <!-- Pol_QuickAdimPin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_QuickAdimPin-Applicability-End -->
 
 <!-- Pol_QuickAdimPin-OmaUri-Begin -->
@@ -1912,7 +1912,7 @@ This policy setting allows you to turn on economical application of administrati
 <!-- Pol_ReminderFreq_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderFreq_1-Applicability-End -->
 
 <!-- Pol_ReminderFreq_1-OmaUri-Begin -->
@@ -1975,7 +1975,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderFreq_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderFreq_2-Applicability-End -->
 
 <!-- Pol_ReminderFreq_2-OmaUri-Begin -->
@@ -2038,7 +2038,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderInitTimeout_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderInitTimeout_1-Applicability-End -->
 
 <!-- Pol_ReminderInitTimeout_1-OmaUri-Begin -->
@@ -2096,7 +2096,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderInitTimeout_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderInitTimeout_2-Applicability-End -->
 
 <!-- Pol_ReminderInitTimeout_2-OmaUri-Begin -->
@@ -2154,7 +2154,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderTimeout_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderTimeout_1-Applicability-End -->
 
 <!-- Pol_ReminderTimeout_1-OmaUri-Begin -->
@@ -2212,7 +2212,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderTimeout_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderTimeout_2-Applicability-End -->
 
 <!-- Pol_ReminderTimeout_2-OmaUri-Begin -->
@@ -2270,7 +2270,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SlowLinkSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SlowLinkSettings-Applicability-End -->
 
 <!-- Pol_SlowLinkSettings-OmaUri-Begin -->
@@ -2339,7 +2339,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us
 <!-- Pol_SlowLinkSpeed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SlowLinkSpeed-Applicability-End -->
 
 <!-- Pol_SlowLinkSpeed-OmaUri-Begin -->
@@ -2402,7 +2402,7 @@ When a connection is considered slow, Offline Files automatically adjust its beh
 <!-- Pol_SyncAtLogoff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogoff_1-Applicability-End -->
 
 <!-- Pol_SyncAtLogoff_1-OmaUri-Begin -->
@@ -2470,7 +2470,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtLogoff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogoff_2-Applicability-End -->
 
 <!-- Pol_SyncAtLogoff_2-OmaUri-Begin -->
@@ -2538,7 +2538,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtLogon_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogon_1-Applicability-End -->
 
 <!-- Pol_SyncAtLogon_1-OmaUri-Begin -->
@@ -2606,7 +2606,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtLogon_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogon_2-Applicability-End -->
 
 <!-- Pol_SyncAtLogon_2-OmaUri-Begin -->
@@ -2674,7 +2674,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtSuspend_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtSuspend_1-Applicability-End -->
 
 <!-- Pol_SyncAtSuspend_1-OmaUri-Begin -->
@@ -2735,7 +2735,7 @@ Determines whether offline files are synchonized before a computer is suspended.
 <!-- Pol_SyncAtSuspend_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtSuspend_2-Applicability-End -->
 
 <!-- Pol_SyncAtSuspend_2-OmaUri-Begin -->
@@ -2796,7 +2796,7 @@ Determines whether offline files are synchonized before a computer is suspended.
 <!-- Pol_SyncOnCostedNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncOnCostedNetwork-Applicability-End -->
 
 <!-- Pol_SyncOnCostedNetwork-OmaUri-Begin -->
@@ -2855,7 +2855,7 @@ This policy setting determines whether offline files are synchronized in the bac
 <!-- Pol_WorkOfflineDisabled_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_WorkOfflineDisabled_1-Applicability-End -->
 
 <!-- Pol_WorkOfflineDisabled_1-OmaUri-Begin -->
@@ -2914,7 +2914,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing
 <!-- Pol_WorkOfflineDisabled_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_WorkOfflineDisabled_2-Applicability-End -->
 
 <!-- Pol_WorkOfflineDisabled_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index cf28909853..a2d2187900 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_pca Policy CSP
 description: Learn more about the ADMX_pca Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DetectBlockedDriversPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectBlockedDriversPolicy-Applicability-End -->
 
 <!-- DetectBlockedDriversPolicy-OmaUri-Begin -->
@@ -75,7 +75,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectDeprecatedCOMComponentFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectDeprecatedCOMComponentFailuresPolicy-Applicability-End -->
 
 <!-- DetectDeprecatedCOMComponentFailuresPolicy-OmaUri-Begin -->
@@ -130,7 +130,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectDeprecatedComponentFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectDeprecatedComponentFailuresPolicy-Applicability-End -->
 
 <!-- DetectDeprecatedComponentFailuresPolicy-OmaUri-Begin -->
@@ -185,7 +185,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectInstallFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectInstallFailuresPolicy-Applicability-End -->
 
 <!-- DetectInstallFailuresPolicy-OmaUri-Begin -->
@@ -239,7 +239,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectUndetectedInstallersPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectUndetectedInstallersPolicy-Applicability-End -->
 
 <!-- DetectUndetectedInstallersPolicy-OmaUri-Begin -->
@@ -294,7 +294,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectUpdateFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectUpdateFailuresPolicy-Applicability-End -->
 
 <!-- DetectUpdateFailuresPolicy-OmaUri-Begin -->
@@ -349,7 +349,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DisablePcaUIPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePcaUIPolicy-Applicability-End -->
 
 <!-- DisablePcaUIPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index 83ba39d5bd..37985a6c6e 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_PeerToPeerCaching Policy CSP
 description: Learn more about the ADMX_PeerToPeerCaching Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- EnableWindowsBranchCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache-Applicability-End -->
 
 <!-- EnableWindowsBranchCache-OmaUri-Begin -->
@@ -94,7 +94,7 @@ Select one of the following:
 <!-- EnableWindowsBranchCache_Distributed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_Distributed-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_Distributed-OmaUri-Begin -->
@@ -163,7 +163,7 @@ Select one of the following:
 <!-- EnableWindowsBranchCache_Hosted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_Hosted-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_Hosted-OmaUri-Begin -->
@@ -237,7 +237,7 @@ Hosted cache clients must trust the server certificate that's issued to the host
 <!-- EnableWindowsBranchCache_HostedCacheDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_HostedCacheDiscovery-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_HostedCacheDiscovery-OmaUri-Begin -->
@@ -316,7 +316,7 @@ Select one of the following:
 <!-- EnableWindowsBranchCache_HostedMultipleServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_HostedMultipleServers-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_HostedMultipleServers-OmaUri-Begin -->
@@ -390,7 +390,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!-- EnableWindowsBranchCache_SMB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_SMB-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_SMB-OmaUri-Begin -->
@@ -458,7 +458,7 @@ In circumstances where this policy setting is enabled, you can also select and c
 <!-- SetCachePercent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetCachePercent-Applicability-End -->
 
 <!-- SetCachePercent-OmaUri-Begin -->
@@ -532,7 +532,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!-- SetDataCacheEntryMaxAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetDataCacheEntryMaxAge-Applicability-End -->
 
 <!-- SetDataCacheEntryMaxAge-OmaUri-Begin -->
@@ -604,7 +604,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!-- SetDowngrading-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetDowngrading-Applicability-End -->
 
 <!-- SetDowngrading-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index 1f8f990c0e..44ee096673 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_PenTraining Policy CSP
 description: Learn more about the ADMX_PenTraining Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PenTrainingOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PenTrainingOff_1-Applicability-End -->
 
 <!-- PenTrainingOff_1-OmaUri-Begin -->
@@ -80,7 +80,7 @@ Turns off Tablet PC Pen Training.
 <!-- PenTrainingOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PenTrainingOff_2-Applicability-End -->
 
 <!-- PenTrainingOff_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 510a54b8fa..d8152d1814 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_PerformanceDiagnostics Policy CSP
 description: Learn more about the ADMX_PerformanceDiagnostics Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiScenarioExecutionPolicy_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_1-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_1-OmaUri-Begin -->
@@ -88,7 +88,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiScenarioExecutionPolicy_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_2-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_2-OmaUri-Begin -->
@@ -155,7 +155,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiScenarioExecutionPolicy_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_3-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_3-OmaUri-Begin -->
@@ -222,7 +222,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiScenarioExecutionPolicy_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_4-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_4-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index d329f3a34e..0ae111ff74 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Power Policy CSP
 description: Learn more about the ADMX_Power Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ACConnectivityInStandby_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ACConnectivityInStandby_2-Applicability-End -->
 
 <!-- ACConnectivityInStandby_2-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting allows you to control the network connectivity state in stan
 <!-- ACCriticalSleepTransitionsDisable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ACCriticalSleepTransitionsDisable_2-Applicability-End -->
 
 <!-- ACCriticalSleepTransitionsDisable_2-OmaUri-Begin -->
@@ -141,7 +141,7 @@ This policy setting allows you to turn on the ability for applications and servi
 <!-- ACStartMenuButtonAction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ACStartMenuButtonAction_2-Applicability-End -->
 
 <!-- ACStartMenuButtonAction_2-OmaUri-Begin -->
@@ -203,7 +203,7 @@ This policy setting specifies the action that Windows takes when a user presses
 <!-- AllowSystemPowerRequestAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemPowerRequestAC-Applicability-End -->
 
 <!-- AllowSystemPowerRequestAC-OmaUri-Begin -->
@@ -262,7 +262,7 @@ This policy setting allows applications and services to prevent automatic sleep.
 <!-- AllowSystemPowerRequestDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemPowerRequestDC-Applicability-End -->
 
 <!-- AllowSystemPowerRequestDC-OmaUri-Begin -->
@@ -321,7 +321,7 @@ This policy setting allows applications and services to prevent automatic sleep.
 <!-- AllowSystemSleepWithRemoteFilesOpenAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemSleepWithRemoteFilesOpenAC-Applicability-End -->
 
 <!-- AllowSystemSleepWithRemoteFilesOpenAC-OmaUri-Begin -->
@@ -380,7 +380,7 @@ This policy setting allows you to manage automatic sleep with open network files
 <!-- AllowSystemSleepWithRemoteFilesOpenDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemSleepWithRemoteFilesOpenDC-Applicability-End -->
 
 <!-- AllowSystemSleepWithRemoteFilesOpenDC-OmaUri-Begin -->
@@ -439,7 +439,7 @@ This policy setting allows you to manage automatic sleep with open network files
 <!-- CustomActiveSchemeOverride_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomActiveSchemeOverride_2-Applicability-End -->
 
 <!-- CustomActiveSchemeOverride_2-OmaUri-Begin -->
@@ -497,7 +497,7 @@ This policy setting specifies the active power plan from a specified power plan'
 <!-- DCBatteryDischargeAction0_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeAction0_2-Applicability-End -->
 
 <!-- DCBatteryDischargeAction0_2-OmaUri-Begin -->
@@ -560,7 +560,7 @@ This policy setting specifies the action that Windows takes when battery capacit
 <!-- DCBatteryDischargeAction1_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeAction1_2-Applicability-End -->
 
 <!-- DCBatteryDischargeAction1_2-OmaUri-Begin -->
@@ -623,7 +623,7 @@ This policy setting specifies the action that Windows takes when battery capacit
 <!-- DCBatteryDischargeLevel0_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeLevel0_2-Applicability-End -->
 
 <!-- DCBatteryDischargeLevel0_2-OmaUri-Begin -->
@@ -683,7 +683,7 @@ To set the action that's triggered, see the "Critical Battery Notification Actio
 <!-- DCBatteryDischargeLevel1_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeLevel1_2-Applicability-End -->
 
 <!-- DCBatteryDischargeLevel1_2-OmaUri-Begin -->
@@ -743,7 +743,7 @@ To set the action that's triggered, see the "Low Battery Notification Action" po
 <!-- DCBatteryDischargeLevel1UINotification_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeLevel1UINotification_2-Applicability-End -->
 
 <!-- DCBatteryDischargeLevel1UINotification_2-OmaUri-Begin -->
@@ -804,7 +804,7 @@ The notification will only be shown if the "Low Battery Notification Action" pol
 <!-- DCConnectivityInStandby_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCConnectivityInStandby_2-Applicability-End -->
 
 <!-- DCConnectivityInStandby_2-OmaUri-Begin -->
@@ -865,7 +865,7 @@ This policy setting allows you to control the network connectivity state in stan
 <!-- DCCriticalSleepTransitionsDisable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCCriticalSleepTransitionsDisable_2-Applicability-End -->
 
 <!-- DCCriticalSleepTransitionsDisable_2-OmaUri-Begin -->
@@ -924,7 +924,7 @@ This policy setting allows you to turn on the ability for applications and servi
 <!-- DCStartMenuButtonAction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCStartMenuButtonAction_2-Applicability-End -->
 
 <!-- DCStartMenuButtonAction_2-OmaUri-Begin -->
@@ -986,7 +986,7 @@ This policy setting specifies the action that Windows takes when a user presses
 <!-- DiskACPowerDownTimeOut_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DiskACPowerDownTimeOut_2-Applicability-End -->
 
 <!-- DiskACPowerDownTimeOut_2-OmaUri-Begin -->
@@ -1044,7 +1044,7 @@ This policy setting specifies the period of inactivity before Windows turns off
 <!-- DiskDCPowerDownTimeOut_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DiskDCPowerDownTimeOut_2-Applicability-End -->
 
 <!-- DiskDCPowerDownTimeOut_2-OmaUri-Begin -->
@@ -1102,7 +1102,7 @@ This policy setting specifies the period of inactivity before Windows turns off
 <!-- Dont_PowerOff_AfterShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Dont_PowerOff_AfterShutdown-Applicability-End -->
 
 <!-- Dont_PowerOff_AfterShutdown-OmaUri-Begin -->
@@ -1163,7 +1163,7 @@ This setting is only applicable when Windows shutdown is initiated by software p
 <!-- EnableDesktopSlideShowAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableDesktopSlideShowAC-Applicability-End -->
 
 <!-- EnableDesktopSlideShowAC-OmaUri-Begin -->
@@ -1224,7 +1224,7 @@ This policy setting allows you to specify if Windows should enable the desktop b
 <!-- EnableDesktopSlideShowDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableDesktopSlideShowDC-Applicability-End -->
 
 <!-- EnableDesktopSlideShowDC-OmaUri-Begin -->
@@ -1285,7 +1285,7 @@ This policy setting allows you to specify if Windows should enable the desktop b
 <!-- InboxActiveSchemeOverride_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InboxActiveSchemeOverride_2-Applicability-End -->
 
 <!-- InboxActiveSchemeOverride_2-OmaUri-Begin -->
@@ -1343,7 +1343,7 @@ This policy setting specifies the active power plan from a list of default Windo
 <!-- PowerThrottlingTurnOff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PowerThrottlingTurnOff-Applicability-End -->
 
 <!-- PowerThrottlingTurnOff-OmaUri-Begin -->
@@ -1402,7 +1402,7 @@ This policy setting allows you to turn off Power Throttling.
 <!-- PW_PromptPasswordOnResume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PW_PromptPasswordOnResume-Applicability-End -->
 
 <!-- PW_PromptPasswordOnResume-OmaUri-Begin -->
@@ -1461,7 +1461,7 @@ This policy setting allows you to configure client computers to lock and prompt
 <!-- ReserveBatteryNotificationLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ReserveBatteryNotificationLevel-Applicability-End -->
 
 <!-- ReserveBatteryNotificationLevel-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index bea468e20c..d16b9ad08c 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_PowerShellExecutionPolicy Policy CSP
 description: Learn more about the ADMX_PowerShellExecutionPolicy Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- EnableModuleLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableModuleLogging-Applicability-End -->
 
 <!-- EnableModuleLogging-OmaUri-Begin -->
@@ -91,7 +91,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ
 <!-- EnableScripts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableScripts-Applicability-End -->
 
 <!-- EnableScripts-OmaUri-Begin -->
@@ -165,7 +165,7 @@ The "Allow all scripts" policy setting allows all scripts to run.
 <!-- EnableTranscripting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableTranscripting-Applicability-End -->
 
 <!-- EnableTranscripting-OmaUri-Begin -->
@@ -233,7 +233,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared
 <!-- EnableUpdateHelpDefaultSourcePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableUpdateHelpDefaultSourcePath-Applicability-End -->
 
 <!-- EnableUpdateHelpDefaultSourcePath-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index f9552c2c37..48f1d71724 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_PreviousVersions Policy CSP
 description: Learn more about the ADMX_PreviousVersions Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableBackupRestore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBackupRestore_1-Applicability-End -->
 
 <!-- DisableBackupRestore_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableBackupRestore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBackupRestore_2-Applicability-End -->
 
 <!-- DisableBackupRestore_2-OmaUri-Begin -->
@@ -143,7 +143,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableLocalPage_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalPage_1-Applicability-End -->
 
 <!-- DisableLocalPage_1-OmaUri-Begin -->
@@ -204,7 +204,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableLocalPage_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalPage_2-Applicability-End -->
 
 <!-- DisableLocalPage_2-OmaUri-Begin -->
@@ -265,7 +265,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableLocalRestore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalRestore_1-Applicability-End -->
 
 <!-- DisableLocalRestore_1-OmaUri-Begin -->
@@ -326,7 +326,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableLocalRestore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalRestore_2-Applicability-End -->
 
 <!-- DisableLocalRestore_2-OmaUri-Begin -->
@@ -387,7 +387,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableRemotePage_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemotePage_1-Applicability-End -->
 
 <!-- DisableRemotePage_1-OmaUri-Begin -->
@@ -448,7 +448,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableRemotePage_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemotePage_2-Applicability-End -->
 
 <!-- DisableRemotePage_2-OmaUri-Begin -->
@@ -509,7 +509,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableRemoteRestore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemoteRestore_1-Applicability-End -->
 
 <!-- DisableRemoteRestore_1-OmaUri-Begin -->
@@ -570,7 +570,7 @@ This setting lets you suppress the Restore button in the previous versions prope
 <!-- DisableRemoteRestore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemoteRestore_2-Applicability-End -->
 
 <!-- DisableRemoteRestore_2-OmaUri-Begin -->
@@ -631,7 +631,7 @@ This setting lets you suppress the Restore button in the previous versions prope
 <!-- HideBackupEntries_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideBackupEntries_1-Applicability-End -->
 
 <!-- HideBackupEntries_1-OmaUri-Begin -->
@@ -692,7 +692,7 @@ This policy setting lets you hide entries in the list of previous versions of a
 <!-- HideBackupEntries_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideBackupEntries_2-Applicability-End -->
 
 <!-- HideBackupEntries_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 712df5a4c8..d610c2f9e8 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Printing Policy CSP
 description: Learn more about the ADMX_Printing Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowWebPrinting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowWebPrinting-Applicability-End -->
 
 <!-- AllowWebPrinting-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in
 <!-- ApplicationDriverIsolation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApplicationDriverIsolation-Applicability-End -->
 
 <!-- ApplicationDriverIsolation-OmaUri-Begin -->
@@ -156,7 +156,7 @@ Note:
 <!-- CustomizedSupportUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomizedSupportUrl-Applicability-End -->
 
 <!-- CustomizedSupportUrl-OmaUri-Begin -->
@@ -221,7 +221,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt
 <!-- DomainPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DomainPrinters-Applicability-End -->
 
 <!-- DomainPrinters-OmaUri-Begin -->
@@ -297,7 +297,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
 <!-- DoNotInstallCompatibleDriverFromWindowsUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotInstallCompatibleDriverFromWindowsUpdate-Applicability-End -->
 
 <!-- DoNotInstallCompatibleDriverFromWindowsUpdate-OmaUri-Begin -->
@@ -360,7 +360,7 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search
 <!-- DownlevelBrowse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DownlevelBrowse-Applicability-End -->
 
 <!-- DownlevelBrowse-OmaUri-Begin -->
@@ -422,7 +422,7 @@ Allows users to use the Add Printer Wizard to search the network for shared prin
 <!-- EMFDespooling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EMFDespooling-Applicability-End -->
 
 <!-- EMFDespooling-OmaUri-Begin -->
@@ -494,7 +494,7 @@ If you don't enable this policy setting, the behavior is the same as disabling i
 <!-- ForceSoftwareRasterization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceSoftwareRasterization-Applicability-End -->
 
 <!-- ForceSoftwareRasterization-OmaUri-Begin -->
@@ -551,7 +551,7 @@ This setting may improve the performance of the XPS Rasterization Service or the
 <!-- IntranetPrintersUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IntranetPrintersUrl-Applicability-End -->
 
 <!-- IntranetPrintersUrl-OmaUri-Begin -->
@@ -613,7 +613,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ
 <!-- KMPrintersAreBlocked-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- KMPrintersAreBlocked-Applicability-End -->
 
 <!-- KMPrintersAreBlocked-OmaUri-Begin -->
@@ -677,7 +677,7 @@ Determines whether printers using kernel-mode drivers may be installed on the lo
 <!-- LegacyDefaultPrinterMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LegacyDefaultPrinterMode-Applicability-End -->
 
 <!-- LegacyDefaultPrinterMode-OmaUri-Begin -->
@@ -738,7 +738,7 @@ This preference allows you to change default printer management.
 <!-- MXDWUseLegacyOutputFormatMSXPS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MXDWUseLegacyOutputFormatMSXPS-Applicability-End -->
 
 <!-- MXDWUseLegacyOutputFormatMSXPS-OmaUri-Begin -->
@@ -797,7 +797,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default
 <!-- NoDeletePrinter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDeletePrinter-Applicability-End -->
 
 <!-- NoDeletePrinter-OmaUri-Begin -->
@@ -859,7 +859,7 @@ This setting doesn't prevent users from running other programs to delete a print
 <!-- NonDomainPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NonDomainPrinters-Applicability-End -->
 
 <!-- NonDomainPrinters-OmaUri-Begin -->
@@ -931,7 +931,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
 <!-- PackagePointAndPrintOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintOnly-Applicability-End -->
 
 <!-- PackagePointAndPrintOnly-OmaUri-Begin -->
@@ -990,7 +990,7 @@ This policy restricts clients computers to use package point and print only.
 <!-- PackagePointAndPrintOnly_Win7-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintOnly_Win7-Applicability-End -->
 
 <!-- PackagePointAndPrintOnly_Win7-OmaUri-Begin -->
@@ -1049,7 +1049,7 @@ This policy restricts clients computers to use package point and print only.
 <!-- PackagePointAndPrintServerList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintServerList-Applicability-End -->
 
 <!-- PackagePointAndPrintServerList-OmaUri-Begin -->
@@ -1112,7 +1112,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri
 <!-- PackagePointAndPrintServerList_Win7-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintServerList_Win7-Applicability-End -->
 
 <!-- PackagePointAndPrintServerList_Win7-OmaUri-Begin -->
@@ -1175,7 +1175,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri
 <!-- PhysicalLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PhysicalLocation-Applicability-End -->
 
 <!-- PhysicalLocation-OmaUri-Begin -->
@@ -1238,7 +1238,7 @@ Type the location of the user's computer. When users search for printers, the sy
 <!-- PhysicalLocationSupport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PhysicalLocationSupport-Applicability-End -->
 
 <!-- PhysicalLocationSupport-OmaUri-Begin -->
@@ -1299,7 +1299,7 @@ Use Location Tracking to design a location scheme for your enterprise and assign
 <!-- PrintDriverIsolationExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrintDriverIsolationExecutionPolicy-Applicability-End -->
 
 <!-- PrintDriverIsolationExecutionPolicy-OmaUri-Begin -->
@@ -1366,7 +1366,7 @@ Note:
 <!-- PrintDriverIsolationOverrideCompat-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrintDriverIsolationOverrideCompat-Applicability-End -->
 
 <!-- PrintDriverIsolationOverrideCompat-OmaUri-Begin -->
@@ -1433,7 +1433,7 @@ Note:
 <!-- PrinterDirectorySearchScope-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrinterDirectorySearchScope-Applicability-End -->
 
 <!-- PrinterDirectorySearchScope-OmaUri-Begin -->
@@ -1493,7 +1493,7 @@ This setting only provides a starting point for Active Directory searches for pr
 <!-- PrinterServerThread-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrinterServerThread-Applicability-End -->
 
 <!-- PrinterServerThread-OmaUri-Begin -->
@@ -1559,7 +1559,7 @@ On domains with Active Directory, shared printer resources are available in Acti
 <!-- ShowJobTitleInEventLogs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowJobTitleInEventLogs-Applicability-End -->
 
 <!-- ShowJobTitleInEventLogs-OmaUri-Begin -->
@@ -1621,7 +1621,7 @@ This policy controls whether the print job name will be included in print event
 <!-- V4DriverDisallowPrinterExtension-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- V4DriverDisallowPrinterExtension-Applicability-End -->
 
 <!-- V4DriverDisallowPrinterExtension-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index c687d9136e..c71f46d09d 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Printing2 Policy CSP
 description: Learn more about the ADMX_Printing2 Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AutoPublishing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoPublishing-Applicability-End -->
 
 <!-- AutoPublishing-OmaUri-Begin -->
@@ -85,7 +85,7 @@ The default behavior is to automatically publish shared printers in Active Direc
 <!-- ImmortalPrintQueue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ImmortalPrintQueue-Applicability-End -->
 
 <!-- ImmortalPrintQueue-OmaUri-Begin -->
@@ -149,7 +149,7 @@ By default, the pruning service on the domain controller prunes printer objects
 <!-- PruneDownlevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruneDownlevel-Applicability-End -->
 
 <!-- PruneDownlevel-OmaUri-Begin -->
@@ -219,7 +219,7 @@ You can enable this setting to change the default behavior. To use this setting,
 <!-- PruningInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningInterval-Applicability-End -->
 
 <!-- PruningInterval-OmaUri-Begin -->
@@ -284,7 +284,7 @@ By default, the pruning service contacts computers every eight hours and allows
 <!-- PruningPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningPriority-Applicability-End -->
 
 <!-- PruningPriority-OmaUri-Begin -->
@@ -347,7 +347,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust
 <!-- PruningRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningRetries-Applicability-End -->
 
 <!-- PruningRetries-OmaUri-Begin -->
@@ -412,7 +412,7 @@ By default, the pruning service contacts computers every eight hours and allows
 <!-- PruningRetryLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningRetryLog-Applicability-End -->
 
 <!-- PruningRetryLog-OmaUri-Begin -->
@@ -479,7 +479,7 @@ The pruning service periodically contacts computers that have published printers
 <!-- RegisterSpoolerRemoteRpcEndPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RegisterSpoolerRemoteRpcEndPoint-Applicability-End -->
 
 <!-- RegisterSpoolerRemoteRpcEndPoint-OmaUri-Begin -->
@@ -540,7 +540,7 @@ The spooler must be restarted for changes to this policy to take effect.
 <!-- VerifyPublishedState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- VerifyPublishedState-Applicability-End -->
 
 <!-- VerifyPublishedState-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 5548050a9c..1c448b67f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Programs Policy CSP
 description: Learn more about the ADMX_Programs Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- NoDefaultPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDefaultPrograms-Applicability-End -->
 
 <!-- NoDefaultPrograms-OmaUri-Begin -->
@@ -84,7 +84,7 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta
 <!-- NoGetPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoGetPrograms-Applicability-End -->
 
 <!-- NoGetPrograms-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Published programs are those programs that the system administrator has explicit
 <!-- NoInstalledUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInstalledUpdates-Applicability-End -->
 
 <!-- NoInstalledUpdates-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoProgramsAndFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoProgramsAndFeatures-Applicability-End -->
 
 <!-- NoProgramsAndFeatures-OmaUri-Begin -->
@@ -270,7 +270,7 @@ This setting doesn't prevent users from using other tools and methods to view or
 <!-- NoProgramsCPL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoProgramsCPL-Applicability-End -->
 
 <!-- NoProgramsCPL-OmaUri-Begin -->
@@ -333,7 +333,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoWindowsFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsFeatures-Applicability-End -->
 
 <!-- NoWindowsFeatures-OmaUri-Begin -->
@@ -392,7 +392,7 @@ This setting doesn't prevent users from using other tools and methods to configu
 <!-- NoWindowsMarketplace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsMarketplace-Applicability-End -->
 
 <!-- NoWindowsMarketplace-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index 806d9651ce..805395134d 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_PushToInstall Policy CSP
 description: Learn more about the ADMX_PushToInstall Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisablePushToInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePushToInstall-Applicability-End -->
 
 <!-- DisablePushToInstall-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-qos.md b/windows/client-management/mdm/policy-csp-admx-qos.md
index c19234a322..00a0b30f09 100644
--- a/windows/client-management/mdm/policy-csp-admx-qos.md
+++ b/windows/client-management/mdm/policy-csp-admx-qos.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_QOS Policy CSP
 description: Learn more about the ADMX_QOS Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- QosMaxOutstandingSends-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosMaxOutstandingSends-Applicability-End -->
 
 <!-- QosMaxOutstandingSends-OmaUri-Begin -->
@@ -84,7 +84,7 @@ Specifies the maximum number of outstanding packets permitted on the system. Whe
 <!-- QosNonBestEffortLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosNonBestEffortLimit-Applicability-End -->
 
 <!-- QosNonBestEffortLimit-OmaUri-Begin -->
@@ -147,7 +147,7 @@ By default, the Packet Scheduler limits the system to 80 percent of the bandwidt
 <!-- QosServiceTypeBestEffort_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeBestEffort_C-Applicability-End -->
 
 <!-- QosServiceTypeBestEffort_C-OmaUri-Begin -->
@@ -210,7 +210,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeBestEffort_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeBestEffort_NC-Applicability-End -->
 
 <!-- QosServiceTypeBestEffort_NC-OmaUri-Begin -->
@@ -273,7 +273,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeBestEffort_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeBestEffort_PV-Applicability-End -->
 
 <!-- QosServiceTypeBestEffort_PV-OmaUri-Begin -->
@@ -334,7 +334,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeControlledLoad_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeControlledLoad_C-Applicability-End -->
 
 <!-- QosServiceTypeControlledLoad_C-OmaUri-Begin -->
@@ -397,7 +397,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeControlledLoad_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeControlledLoad_NC-Applicability-End -->
 
 <!-- QosServiceTypeControlledLoad_NC-OmaUri-Begin -->
@@ -460,7 +460,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeControlledLoad_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeControlledLoad_PV-Applicability-End -->
 
 <!-- QosServiceTypeControlledLoad_PV-OmaUri-Begin -->
@@ -521,7 +521,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeGuaranteed_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeGuaranteed_C-Applicability-End -->
 
 <!-- QosServiceTypeGuaranteed_C-OmaUri-Begin -->
@@ -584,7 +584,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeGuaranteed_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeGuaranteed_NC-Applicability-End -->
 
 <!-- QosServiceTypeGuaranteed_NC-OmaUri-Begin -->
@@ -647,7 +647,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeGuaranteed_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeGuaranteed_PV-Applicability-End -->
 
 <!-- QosServiceTypeGuaranteed_PV-OmaUri-Begin -->
@@ -708,7 +708,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeNetworkControl_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNetworkControl_C-Applicability-End -->
 
 <!-- QosServiceTypeNetworkControl_C-OmaUri-Begin -->
@@ -771,7 +771,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeNetworkControl_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNetworkControl_NC-Applicability-End -->
 
 <!-- QosServiceTypeNetworkControl_NC-OmaUri-Begin -->
@@ -834,7 +834,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeNetworkControl_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNetworkControl_PV-Applicability-End -->
 
 <!-- QosServiceTypeNetworkControl_PV-OmaUri-Begin -->
@@ -895,7 +895,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeNonConforming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNonConforming-Applicability-End -->
 
 <!-- QosServiceTypeNonConforming-OmaUri-Begin -->
@@ -956,7 +956,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets that don'
 <!-- QosServiceTypeQualitative_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeQualitative_C-Applicability-End -->
 
 <!-- QosServiceTypeQualitative_C-OmaUri-Begin -->
@@ -1019,7 +1019,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeQualitative_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeQualitative_NC-Applicability-End -->
 
 <!-- QosServiceTypeQualitative_NC-OmaUri-Begin -->
@@ -1082,7 +1082,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeQualitative_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeQualitative_PV-Applicability-End -->
 
 <!-- QosServiceTypeQualitative_PV-OmaUri-Begin -->
@@ -1143,7 +1143,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosTimerResolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosTimerResolution-Applicability-End -->
 
 <!-- QosTimerResolution-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index 2d7bb746e9..ffcba6e38e 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Radar Policy CSP
 description: Learn more about the ADMX_Radar Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 20c59c50f0..c5ac96a8e4 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Reliability Policy CSP
 description: Learn more about the ADMX_Reliability Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- EE_EnablePersistentTimeStamp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EE_EnablePersistentTimeStamp-Applicability-End -->
 
 <!-- EE_EnablePersistentTimeStamp-OmaUri-Begin -->
@@ -85,7 +85,7 @@ This policy setting allows the system to detect the time of unexpected shutdowns
 <!-- PCH_ReportShutdownEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_ReportShutdownEvents-Applicability-End -->
 
 <!-- PCH_ReportShutdownEvents-OmaUri-Begin -->
@@ -148,7 +148,7 @@ Also see the "Configure Error Reporting" policy setting.
 <!-- ShutdownEventTrackerStateFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShutdownEventTrackerStateFile-Applicability-End -->
 
 <!-- ShutdownEventTrackerStateFile-OmaUri-Begin -->
@@ -214,7 +214,7 @@ The system state data file contains information about the basic system state as
 <!-- ShutdownReason-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShutdownReason-Applicability-End -->
 
 <!-- ShutdownReason-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index d6b3127e2e..fa9cd31f9c 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_RemoteAssistance Policy CSP
 description: Learn more about the ADMX_RemoteAssistance Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- RA_EncryptedTicketOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RA_EncryptedTicketOnly-Applicability-End -->
 
 <!-- RA_EncryptedTicketOnly-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting enables Remote Assistance invitations to be generated with i
 <!-- RA_Optimize_Bandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RA_Optimize_Bandwidth-Applicability-End -->
 
 <!-- RA_Optimize_Bandwidth-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 8e706aa2c0..6010e92b08 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_RemovableStorage Policy CSP
 description: Learn more about the ADMX_RemovableStorage Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AccessRights_RebootTime_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AccessRights_RebootTime_1-Applicability-End -->
 
 <!-- AccessRights_RebootTime_1-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
 <!-- AccessRights_RebootTime_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AccessRights_RebootTime_2-Applicability-End -->
 
 <!-- AccessRights_RebootTime_2-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
 <!-- CDandDVD_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyExecute_Access_2-Applicability-End -->
 
 <!-- CDandDVD_DenyExecute_Access_2-OmaUri-Begin -->
@@ -204,7 +204,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl
 <!-- CDandDVD_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyRead_Access_1-Applicability-End -->
 
 <!-- CDandDVD_DenyRead_Access_1-OmaUri-Begin -->
@@ -263,7 +263,7 @@ This policy setting denies read access to the CD and DVD removable storage class
 <!-- CDandDVD_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyRead_Access_2-Applicability-End -->
 
 <!-- CDandDVD_DenyRead_Access_2-OmaUri-Begin -->
@@ -322,7 +322,7 @@ This policy setting denies read access to the CD and DVD removable storage class
 <!-- CDandDVD_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyWrite_Access_1-Applicability-End -->
 
 <!-- CDandDVD_DenyWrite_Access_1-OmaUri-Begin -->
@@ -381,7 +381,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
 <!-- CDandDVD_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyWrite_Access_2-Applicability-End -->
 
 <!-- CDandDVD_DenyWrite_Access_2-OmaUri-Begin -->
@@ -440,7 +440,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
 <!-- CustomClasses_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyRead_Access_1-Applicability-End -->
 
 <!-- CustomClasses_DenyRead_Access_1-OmaUri-Begin -->
@@ -499,7 +499,7 @@ This policy setting denies read access to custom removable storage classes.
 <!-- CustomClasses_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyRead_Access_2-Applicability-End -->
 
 <!-- CustomClasses_DenyRead_Access_2-OmaUri-Begin -->
@@ -558,7 +558,7 @@ This policy setting denies read access to custom removable storage classes.
 <!-- CustomClasses_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyWrite_Access_1-Applicability-End -->
 
 <!-- CustomClasses_DenyWrite_Access_1-OmaUri-Begin -->
@@ -617,7 +617,7 @@ This policy setting denies write access to custom removable storage classes.
 <!-- CustomClasses_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyWrite_Access_2-Applicability-End -->
 
 <!-- CustomClasses_DenyWrite_Access_2-OmaUri-Begin -->
@@ -676,7 +676,7 @@ This policy setting denies write access to custom removable storage classes.
 <!-- FloppyDrives_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyExecute_Access_2-Applicability-End -->
 
 <!-- FloppyDrives_DenyExecute_Access_2-OmaUri-Begin -->
@@ -735,7 +735,7 @@ This policy setting denies execute access to the Floppy Drives removable storage
 <!-- FloppyDrives_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyRead_Access_1-Applicability-End -->
 
 <!-- FloppyDrives_DenyRead_Access_1-OmaUri-Begin -->
@@ -794,7 +794,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
 <!-- FloppyDrives_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyRead_Access_2-Applicability-End -->
 
 <!-- FloppyDrives_DenyRead_Access_2-OmaUri-Begin -->
@@ -853,7 +853,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
 <!-- FloppyDrives_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyWrite_Access_1-Applicability-End -->
 
 <!-- FloppyDrives_DenyWrite_Access_1-OmaUri-Begin -->
@@ -912,7 +912,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
 <!-- FloppyDrives_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyWrite_Access_2-Applicability-End -->
 
 <!-- FloppyDrives_DenyWrite_Access_2-OmaUri-Begin -->
@@ -971,7 +971,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
 <!-- Removable_Remote_Allow_Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Removable_Remote_Allow_Access-Applicability-End -->
 
 <!-- Removable_Remote_Allow_Access-OmaUri-Begin -->
@@ -1030,7 +1030,7 @@ This policy setting grants normal users direct access to removable storage devic
 <!-- RemovableDisks_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyExecute_Access_2-Applicability-End -->
 
 <!-- RemovableDisks_DenyExecute_Access_2-OmaUri-Begin -->
@@ -1089,7 +1089,7 @@ This policy setting denies execute access to removable disks.
 <!-- RemovableDisks_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyRead_Access_1-Applicability-End -->
 
 <!-- RemovableDisks_DenyRead_Access_1-OmaUri-Begin -->
@@ -1148,7 +1148,7 @@ This policy setting denies read access to removable disks.
 <!-- RemovableDisks_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyRead_Access_2-Applicability-End -->
 
 <!-- RemovableDisks_DenyRead_Access_2-OmaUri-Begin -->
@@ -1207,7 +1207,7 @@ This policy setting denies read access to removable disks.
 <!-- RemovableDisks_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyWrite_Access_1-Applicability-End -->
 
 <!-- RemovableDisks_DenyWrite_Access_1-OmaUri-Begin -->
@@ -1269,7 +1269,7 @@ This policy setting denies write access to removable disks.
 <!-- RemovableStorageClasses_DenyAll_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableStorageClasses_DenyAll_Access_1-Applicability-End -->
 
 <!-- RemovableStorageClasses_DenyAll_Access_1-OmaUri-Begin -->
@@ -1330,7 +1330,7 @@ This policy setting takes precedence over any individual removable storage polic
 <!-- RemovableStorageClasses_DenyAll_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableStorageClasses_DenyAll_Access_2-Applicability-End -->
 
 <!-- RemovableStorageClasses_DenyAll_Access_2-OmaUri-Begin -->
@@ -1391,7 +1391,7 @@ This policy setting takes precedence over any individual removable storage polic
 <!-- TapeDrives_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyExecute_Access_2-Applicability-End -->
 
 <!-- TapeDrives_DenyExecute_Access_2-OmaUri-Begin -->
@@ -1450,7 +1450,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl
 <!-- TapeDrives_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyRead_Access_1-Applicability-End -->
 
 <!-- TapeDrives_DenyRead_Access_1-OmaUri-Begin -->
@@ -1509,7 +1509,7 @@ This policy setting denies read access to the Tape Drive removable storage class
 <!-- TapeDrives_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyRead_Access_2-Applicability-End -->
 
 <!-- TapeDrives_DenyRead_Access_2-OmaUri-Begin -->
@@ -1568,7 +1568,7 @@ This policy setting denies read access to the Tape Drive removable storage class
 <!-- TapeDrives_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyWrite_Access_1-Applicability-End -->
 
 <!-- TapeDrives_DenyWrite_Access_1-OmaUri-Begin -->
@@ -1627,7 +1627,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
 <!-- TapeDrives_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyWrite_Access_2-Applicability-End -->
 
 <!-- TapeDrives_DenyWrite_Access_2-OmaUri-Begin -->
@@ -1686,7 +1686,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
 <!-- WPDDevices_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyRead_Access_1-Applicability-End -->
 
 <!-- WPDDevices_DenyRead_Access_1-OmaUri-Begin -->
@@ -1745,7 +1745,7 @@ This policy setting denies read access to removable disks, which may include med
 <!-- WPDDevices_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyRead_Access_2-Applicability-End -->
 
 <!-- WPDDevices_DenyRead_Access_2-OmaUri-Begin -->
@@ -1804,7 +1804,7 @@ This policy setting denies read access to removable disks, which may include med
 <!-- WPDDevices_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyWrite_Access_1-Applicability-End -->
 
 <!-- WPDDevices_DenyWrite_Access_1-OmaUri-Begin -->
@@ -1863,7 +1863,7 @@ This policy setting denies write access to removable disks, which may include me
 <!-- WPDDevices_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyWrite_Access_2-Applicability-End -->
 
 <!-- WPDDevices_DenyWrite_Access_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 613e1bb668..c39da81dc2 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_RPC Policy CSP
 description: Learn more about the ADMX_RPC Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- RpcExtendedErrorInformation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcExtendedErrorInformation-Applicability-End -->
 
 <!-- RpcExtendedErrorInformation-OmaUri-Begin -->
@@ -103,7 +103,7 @@ Extended error information includes the local time that the error occurred, the
 <!-- RpcIgnoreDelegationFailure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcIgnoreDelegationFailure-Applicability-End -->
 
 <!-- RpcIgnoreDelegationFailure-OmaUri-Begin -->
@@ -172,7 +172,7 @@ The constrained delegation model, introduced in Windows Server 2003, doesn't rep
 <!-- RpcMinimumHttpConnectionTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcMinimumHttpConnectionTimeout-Applicability-End -->
 
 <!-- RpcMinimumHttpConnectionTimeout-OmaUri-Begin -->
@@ -241,7 +241,7 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is
 <!-- RpcStateInformation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcStateInformation-Applicability-End -->
 
 <!-- RpcStateInformation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sam.md b/windows/client-management/mdm/policy-csp-admx-sam.md
index 1427a02daf..8e30372654 100644
--- a/windows/client-management/mdm/policy-csp-admx-sam.md
+++ b/windows/client-management/mdm/policy-csp-admx-sam.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_sam Policy CSP
 description: Learn more about the ADMX_sam Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- SamNGCKeyROCAValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SamNGCKeyROCAValidation-Applicability-End -->
 
 <!-- SamNGCKeyROCAValidation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index a507a7dc14..e4f196f9c1 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Scripts Policy CSP
 description: Learn more about the ADMX_Scripts Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Allow_Logon_Script_NetbiosDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Allow_Logon_Script_NetbiosDisabled-Applicability-End -->
 
 <!-- Allow_Logon_Script_NetbiosDisabled-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting allows user logon scripts to run when the logon cross-forest
 <!-- MaxGPOScriptWaitPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MaxGPOScriptWaitPolicy-Applicability-End -->
 
 <!-- MaxGPOScriptWaitPolicy-OmaUri-Begin -->
@@ -144,7 +144,7 @@ An excessively long interval can delay the system and inconvenience users. Howev
 <!-- Run_Computer_PS_Scripts_First-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Computer_PS_Scripts_First-Applicability-End -->
 
 <!-- Run_Computer_PS_Scripts_First-OmaUri-Begin -->
@@ -222,7 +222,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script
 <!-- Run_Legacy_Logon_Script_Hidden-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Legacy_Logon_Script_Hidden-Applicability-End -->
 
 <!-- Run_Legacy_Logon_Script_Hidden-OmaUri-Begin -->
@@ -285,7 +285,7 @@ Also, see the "Run Logon Scripts Visible" setting.
 <!-- Run_Logoff_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logoff_Script_Visible-Applicability-End -->
 
 <!-- Run_Logoff_Script_Visible-OmaUri-Begin -->
@@ -346,7 +346,7 @@ Logoff scripts are batch files of instructions that run when the user logs off.
 <!-- Run_Logon_Script_Sync_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logon_Script_Sync_1-Applicability-End -->
 
 <!-- Run_Logon_Script_Sync_1-OmaUri-Begin -->
@@ -407,7 +407,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- Run_Logon_Script_Sync_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logon_Script_Sync_2-Applicability-End -->
 
 <!-- Run_Logon_Script_Sync_2-OmaUri-Begin -->
@@ -468,7 +468,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- Run_Logon_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logon_Script_Visible-Applicability-End -->
 
 <!-- Run_Logon_Script_Visible-OmaUri-Begin -->
@@ -529,7 +529,7 @@ Logon scripts are batch files of instructions that run when the user logs on. By
 <!-- Run_Shutdown_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Shutdown_Script_Visible-Applicability-End -->
 
 <!-- Run_Shutdown_Script_Visible-OmaUri-Begin -->
@@ -590,7 +590,7 @@ Shutdown scripts are batch files of instructions that run when the user restarts
 <!-- Run_Startup_Script_Sync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Startup_Script_Sync-Applicability-End -->
 
 <!-- Run_Startup_Script_Sync-OmaUri-Begin -->
@@ -654,7 +654,7 @@ Startup scripts are batch files that run before the user is invited to log on. B
 <!-- Run_Startup_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Startup_Script_Visible-Applicability-End -->
 
 <!-- Run_Startup_Script_Visible-OmaUri-Begin -->
@@ -718,7 +718,7 @@ Startup scripts are batch files of instructions that run before the user is invi
 <!-- Run_User_PS_Scripts_First-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_User_PS_Scripts_First-Applicability-End -->
 
 <!-- Run_User_PS_Scripts_First-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index c23bf10950..f1a0bd29ec 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_sdiageng Policy CSP
 description: Learn more about the ADMX_sdiageng Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- BetterWhenConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BetterWhenConnected-Applicability-End -->
 
 <!-- BetterWhenConnected-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting allows users who are connected to the Internet to access and
 <!-- ScriptedDiagnosticsExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScriptedDiagnosticsExecutionPolicy-Applicability-End -->
 
 <!-- ScriptedDiagnosticsExecutionPolicy-OmaUri-Begin -->
@@ -141,7 +141,7 @@ Note that this setting also controls a user's ability to launch standalone troub
 <!-- ScriptedDiagnosticsSecurityPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScriptedDiagnosticsSecurityPolicy-Applicability-End -->
 
 <!-- ScriptedDiagnosticsSecurityPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index a221dc34b5..449d3b0270 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_sdiagschd Policy CSP
 description: Learn more about the ADMX_sdiagschd Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ScheduledDiagnosticsExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScheduledDiagnosticsExecutionPolicy-Applicability-End -->
 
 <!-- ScheduledDiagnosticsExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index fd54e1f891..5d85d32ab3 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Securitycenter Policy CSP
 description: Learn more about the ADMX_Securitycenter Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- SecurityCenter_SecurityCenterInDomain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SecurityCenter_SecurityCenterInDomain-Applicability-End -->
 
 <!-- SecurityCenter_SecurityCenterInDomain-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 6c890631d8..3702686690 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Sensors Policy CSP
 description: Learn more about the ADMX_Sensors Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableLocation_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocation_1-Applicability-End -->
 
 <!-- DisableLocation_1-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting turns off the location feature for this computer.
 <!-- DisableLocationScripting_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocationScripting_1-Applicability-End -->
 
 <!-- DisableLocationScripting_1-OmaUri-Begin -->
@@ -139,7 +139,7 @@ This policy setting turns off scripting for the location feature.
 <!-- DisableLocationScripting_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocationScripting_2-Applicability-End -->
 
 <!-- DisableLocationScripting_2-OmaUri-Begin -->
@@ -198,7 +198,7 @@ This policy setting turns off scripting for the location feature.
 <!-- DisableSensors_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSensors_1-Applicability-End -->
 
 <!-- DisableSensors_1-OmaUri-Begin -->
@@ -257,7 +257,7 @@ This policy setting turns off the sensor feature for this computer.
 <!-- DisableSensors_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSensors_2-Applicability-End -->
 
 <!-- DisableSensors_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index 0af31e3dda..c61b343f81 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ServerManager Policy CSP
 description: Learn more about the ADMX_ServerManager Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Do_not_display_Manage_Your_Server_page-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Do_not_display_Manage_Your_Server_page-Applicability-End -->
 
 <!-- Do_not_display_Manage_Your_Server_page-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting allows you to turn off the automatic display of the Manage Y
 <!-- DoNotLaunchInitialConfigurationTasks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotLaunchInitialConfigurationTasks-Applicability-End -->
 
 <!-- DoNotLaunchInitialConfigurationTasks-OmaUri-Begin -->
@@ -143,7 +143,7 @@ This policy setting allows you to turn off the automatic display of the Initial
 <!-- DoNotLaunchServerManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotLaunchServerManager-Applicability-End -->
 
 <!-- DoNotLaunchServerManager-OmaUri-Begin -->
@@ -207,7 +207,7 @@ This policy setting allows you to turn off the automatic display of Server Manag
 <!-- ServerManagerAutoRefreshRate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ServerManagerAutoRefreshRate-Applicability-End -->
 
 <!-- ServerManagerAutoRefreshRate-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index a31799041a..b7608a80f3 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Servicing Policy CSP
 description: Learn more about the ADMX_Servicing Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Servicing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Servicing-Applicability-End -->
 
 <!-- Servicing-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index 5b949ace6f..28649a54bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_SettingSync Policy CSP
 description: Learn more about the ADMX_SettingSync Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableApplicationSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableApplicationSettingSync-Applicability-End -->
 
 <!-- DisableApplicationSettingSync-OmaUri-Begin -->
@@ -82,7 +82,7 @@ If you don't set or disable this setting, syncing of the "app settings" group is
 <!-- DisableAppSyncSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAppSyncSettingSync-Applicability-End -->
 
 <!-- DisableAppSyncSettingSync-OmaUri-Begin -->
@@ -143,7 +143,7 @@ If you don't set or disable this setting, syncing of the "AppSync" group is on b
 <!-- DisableCredentialsSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCredentialsSettingSync-Applicability-End -->
 
 <!-- DisableCredentialsSettingSync-OmaUri-Begin -->
@@ -204,7 +204,7 @@ If you don't set or disable this setting, syncing of the "passwords" group is on
 <!-- DisableDesktopThemeSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableDesktopThemeSettingSync-Applicability-End -->
 
 <!-- DisableDesktopThemeSettingSync-OmaUri-Begin -->
@@ -265,7 +265,7 @@ If you don't set or disable this setting, syncing of the "desktop personalizatio
 <!-- DisablePersonalizationSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePersonalizationSettingSync-Applicability-End -->
 
 <!-- DisablePersonalizationSettingSync-OmaUri-Begin -->
@@ -326,7 +326,7 @@ If you don't set or disable this setting, syncing of the "personalize" group is
 <!-- DisableSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSettingSync-Applicability-End -->
 
 <!-- DisableSettingSync-OmaUri-Begin -->
@@ -387,7 +387,7 @@ If you don't set or disable this setting, "sync your settings" is on by default
 <!-- DisableStartLayoutSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableStartLayoutSettingSync-Applicability-End -->
 
 <!-- DisableStartLayoutSettingSync-OmaUri-Begin -->
@@ -448,7 +448,7 @@ If you don't set or disable this setting, syncing of the "Start layout" group is
 <!-- DisableSyncOnPaidNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSyncOnPaidNetwork-Applicability-End -->
 
 <!-- DisableSyncOnPaidNetwork-OmaUri-Begin -->
@@ -507,7 +507,7 @@ If you don't set or disable this setting, syncing on metered connections is conf
 <!-- DisableWindowsSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWindowsSettingSync-Applicability-End -->
 
 <!-- DisableWindowsSettingSync-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index 486085f08a..dc791f72b5 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_SharedFolders Policy CSP
 description: Learn more about the ADMX_SharedFolders Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PublishDfsRoots-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PublishDfsRoots-Applicability-End -->
 
 <!-- PublishDfsRoots-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting determines whether the user can publish DFS roots in Active
 <!-- PublishSharedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PublishSharedFolders-Applicability-End -->
 
 <!-- PublishSharedFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index a83e821101..fb685b026e 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Sharing Policy CSP
 description: Learn more about the ADMX_Sharing Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableHomeGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableHomeGroup-Applicability-End -->
 
 <!-- DisableHomeGroup-OmaUri-Begin -->
@@ -84,7 +84,7 @@ You must restart the computer for this policy setting to take effect.
 <!-- NoInplaceSharing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInplaceSharing-Applicability-End -->
 
 <!-- NoInplaceSharing-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index 228d08b694..87242a5c8d 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_ShellCommandPromptRegEditTools Policy CSP
 description: Learn more about the ADMX_ShellCommandPromptRegEditTools Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableCMD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCMD-Applicability-End -->
 
 <!-- DisableCMD-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting prevents users from running the interactive command prompt,
 <!-- DisableRegedit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRegedit-Applicability-End -->
 
 <!-- DisableRegedit-OmaUri-Begin -->
@@ -142,7 +142,7 @@ To prevent users from using other administrative tools, use the "Run only specif
 <!-- DisallowApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowApps-Applicability-End -->
 
 <!-- DisallowApps-OmaUri-Begin -->
@@ -209,7 +209,7 @@ This policy setting only prevents users from running programs that are started b
 <!-- RestrictApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictApps-Applicability-End -->
 
 <!-- RestrictApps-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 22338b85ad..f7b65e39b9 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Smartcard Policy CSP
 description: Learn more about the ADMX_Smartcard Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowCertificatesWithNoEKU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowCertificatesWithNoEKU-Applicability-End -->
 
 <!-- AllowCertificatesWithNoEKU-OmaUri-Begin -->
@@ -86,7 +86,7 @@ In versions of Windows prior to Windows Vista, smart card certificates that are
 <!-- AllowIntegratedUnblock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowIntegratedUnblock-Applicability-End -->
 
 <!-- AllowIntegratedUnblock-OmaUri-Begin -->
@@ -147,7 +147,7 @@ In order to use the integrated unblock feature your smart card must support this
 <!-- AllowSignatureOnlyKeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSignatureOnlyKeys-Applicability-End -->
 
 <!-- AllowSignatureOnlyKeys-OmaUri-Begin -->
@@ -206,7 +206,7 @@ This policy setting lets you allow signature key-based certificates to be enumer
 <!-- AllowTimeInvalidCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowTimeInvalidCertificates-Applicability-End -->
 
 <!-- AllowTimeInvalidCertificates-OmaUri-Begin -->
@@ -267,7 +267,7 @@ Under previous versions of Microsoft Windows, certificates were required to cont
 <!-- CertPropEnabledString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertPropEnabledString-Applicability-End -->
 
 <!-- CertPropEnabledString-OmaUri-Begin -->
@@ -326,7 +326,7 @@ This policy setting allows you to manage the certificate propagation that occurs
 <!-- CertPropRootCleanupString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertPropRootCleanupString-Applicability-End -->
 
 <!-- CertPropRootCleanupString-OmaUri-Begin -->
@@ -384,7 +384,7 @@ This policy setting allows you to manage the clean up behavior of root certifica
 <!-- CertPropRootEnabledString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertPropRootEnabledString-Applicability-End -->
 
 <!-- CertPropRootEnabledString-OmaUri-Begin -->
@@ -446,7 +446,7 @@ This policy setting allows you to manage the root certificate propagation that o
 <!-- DisallowPlaintextPin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowPlaintextPin-Applicability-End -->
 
 <!-- DisallowPlaintextPin-OmaUri-Begin -->
@@ -508,7 +508,7 @@ This policy setting prevents plaintext PINs from being returned by Credential Ma
 <!-- EnumerateECCCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnumerateECCCerts-Applicability-End -->
 
 <!-- EnumerateECCCerts-OmaUri-Begin -->
@@ -573,7 +573,7 @@ This policy setting allows you to control whether elliptic curve cryptography (E
 <!-- FilterDuplicateCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FilterDuplicateCerts-Applicability-End -->
 
 <!-- FilterDuplicateCerts-OmaUri-Begin -->
@@ -639,7 +639,7 @@ If there are two or more of the "same" certificate on a smart card and this poli
 <!-- ForceReadingAllCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceReadingAllCertificates-Applicability-End -->
 
 <!-- ForceReadingAllCertificates-OmaUri-Begin -->
@@ -700,7 +700,7 @@ During logon Windows will by default only read the default certificate from the
 <!-- IntegratedUnblockPromptString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IntegratedUnblockPromptString-Applicability-End -->
 
 <!-- IntegratedUnblockPromptString-OmaUri-Begin -->
@@ -761,7 +761,7 @@ This policy setting allows you to manage the displayed message when a smart card
 <!-- ReverseSubject-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ReverseSubject-Applicability-End -->
 
 <!-- ReverseSubject-OmaUri-Begin -->
@@ -822,7 +822,7 @@ If you disable , the subject name will be displayed as it appears in the certifi
 <!-- SCPnPEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SCPnPEnabled-Applicability-End -->
 
 <!-- SCPnPEnabled-OmaUri-Begin -->
@@ -884,7 +884,7 @@ This policy setting allows you to control whether Smart Card Plug and Play is en
 <!-- SCPnPNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SCPnPNotification-Applicability-End -->
 
 <!-- SCPnPNotification-OmaUri-Begin -->
@@ -946,7 +946,7 @@ This policy setting allows you to control whether a confirmation message is disp
 <!-- X509HintsNeeded-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- X509HintsNeeded-Applicability-End -->
 
 <!-- X509HintsNeeded-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 0d2382bb64..36fe79b61d 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Snmp Policy CSP
 description: Learn more about the ADMX_Snmp Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- SNMP_Communities-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SNMP_Communities-Applicability-End -->
 
 <!-- SNMP_Communities-OmaUri-Begin -->
@@ -93,7 +93,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify
 <!-- SNMP_PermittedManagers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SNMP_PermittedManagers-Applicability-End -->
 
 <!-- SNMP_PermittedManagers-OmaUri-Begin -->
@@ -162,7 +162,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and "
 <!-- SNMP_Traps_Public-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SNMP_Traps_Public-Applicability-End -->
 
 <!-- SNMP_Traps_Public-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index 41cf4a6ccc..de2a3b6bf9 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_SoundRec Policy CSP
 description: Learn more about the ADMX_SoundRec Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Soundrec_DiableApplication_TitleText_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Soundrec_DiableApplication_TitleText_1-Applicability-End -->
 
 <!-- Soundrec_DiableApplication_TitleText_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor
 <!-- Soundrec_DiableApplication_TitleText_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Soundrec_DiableApplication_TitleText_2-Applicability-End -->
 
 <!-- Soundrec_DiableApplication_TitleText_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index 7fc90a1ff0..9f738881cb 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_srmfci Policy CSP
 description: Learn more about the ADMX_srmfci Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AccessDeniedConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AccessDeniedConfiguration-Applicability-End -->
 
 <!-- AccessDeniedConfiguration-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting specifies the message that users see when they're denied acc
 <!-- CentralClassificationList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CentralClassificationList-Applicability-End -->
 
 <!-- CentralClassificationList-OmaUri-Begin -->
@@ -142,7 +142,7 @@ Administrators can define the properties for the organization by using Active Di
 <!-- EnableManualUX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableManualUX-Applicability-End -->
 
 <!-- EnableManualUX-OmaUri-Begin -->
@@ -203,7 +203,7 @@ The Classification tab enables users to manually classify files by selecting pro
 <!-- EnableShellAccessCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableShellAccessCheck-Applicability-End -->
 
 <!-- EnableShellAccessCheck-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index 387bcff31c..e43437afce 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_StartMenu Policy CSP
 description: Learn more about the ADMX_StartMenu Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 04/10/2024
 <!-- AddSearchInternetLinkInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AddSearchInternetLinkInStartMenu-Applicability-End -->
 
 <!-- AddSearchInternetLinkInStartMenu-OmaUri-Begin -->
@@ -81,7 +81,7 @@ ms.date: 04/10/2024
 <!-- ClearRecentDocsOnExit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearRecentDocsOnExit-Applicability-End -->
 
 <!-- ClearRecentDocsOnExit-OmaUri-Begin -->
@@ -151,7 +151,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L
 <!-- ClearRecentProgForNewUserInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearRecentProgForNewUserInStartMenu-Applicability-End -->
 
 <!-- ClearRecentProgForNewUserInStartMenu-OmaUri-Begin -->
@@ -209,7 +209,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L
 <!-- ClearTilesOnExit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearTilesOnExit-Applicability-End -->
 
 <!-- ClearTilesOnExit-OmaUri-Begin -->
@@ -269,7 +269,7 @@ This setting doesn't prevent new notifications from appearing. See the "Turn off
 <!-- DesktopAppsFirstInAppsView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DesktopAppsFirstInAppsView-Applicability-End -->
 
 <!-- DesktopAppsFirstInAppsView-OmaUri-Begin -->
@@ -328,7 +328,7 @@ This policy setting allows desktop apps to be listed first in the Apps view in S
 <!-- DisableGlobalSearchOnAppsView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableGlobalSearchOnAppsView-Applicability-End -->
 
 <!-- DisableGlobalSearchOnAppsView-OmaUri-Begin -->
@@ -389,7 +389,7 @@ This policy setting is only applied when the Apps view is set as the default vie
 <!-- ForceStartMenuLogOff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceStartMenuLogOff-Applicability-End -->
 
 <!-- ForceStartMenuLogOff-OmaUri-Begin -->
@@ -457,7 +457,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\
 <!-- GoToDesktopOnSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GoToDesktopOnSignIn-Applicability-End -->
 
 <!-- GoToDesktopOnSignIn-OmaUri-Begin -->
@@ -518,7 +518,7 @@ This policy setting allows users to go to the desktop instead of the Start scree
 <!-- GreyMSIAds-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GreyMSIAds-Applicability-End -->
 
 <!-- GreyMSIAds-OmaUri-Begin -->
@@ -582,7 +582,7 @@ If you disable this setting or don't configure it, all Start menu shortcuts appe
 <!-- HidePowerOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HidePowerOptions-Applicability-End -->
 
 <!-- HidePowerOptions-OmaUri-Begin -->
@@ -641,7 +641,7 @@ This policy setting prevents users from performing the following commands from t
 <!-- Intellimenus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Intellimenus-Applicability-End -->
 
 <!-- Intellimenus-OmaUri-Begin -->
@@ -706,7 +706,7 @@ If you enable this setting, the system doesn't personalize menus. All menu items
 <!-- LockTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockTaskbar-Applicability-End -->
 
 <!-- LockTaskbar-OmaUri-Begin -->
@@ -770,7 +770,7 @@ The taskbar includes the Start button, list of currently running tasks, and the
 <!-- MemCheckBoxInRunDlg-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MemCheckBoxInRunDlg-Applicability-End -->
 
 <!-- MemCheckBoxInRunDlg-OmaUri-Begin -->
@@ -829,7 +829,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o
 <!-- NoAutoTrayNotify-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAutoTrayNotify-Applicability-End -->
 
 <!-- NoAutoTrayNotify-OmaUri-Begin -->
@@ -892,7 +892,7 @@ The notification area is located in the task bar, generally at the bottom of the
 <!-- NoBalloonTip-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoBalloonTip-Applicability-End -->
 
 <!-- NoBalloonTip-OmaUri-Begin -->
@@ -953,7 +953,7 @@ When you hold the cursor over an item on the Start menu or in the notification a
 <!-- NoChangeStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChangeStartMenu-Applicability-End -->
 
 <!-- NoChangeStartMenu-OmaUri-Begin -->
@@ -1016,7 +1016,7 @@ This policy setting allows you to prevent users from changing their Start screen
 <!-- NoClose-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoClose-Applicability-End -->
 
 <!-- NoClose-OmaUri-Begin -->
@@ -1078,7 +1078,7 @@ This policy setting prevents users from performing the following commands from t
 <!-- NoCommonGroups-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCommonGroups-Applicability-End -->
 
 <!-- NoCommonGroups-OmaUri-Begin -->
@@ -1138,7 +1138,7 @@ By default, the Programs menu contains items from the All Users profile and item
 <!-- NoFavoritesMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFavoritesMenu-Applicability-End -->
 
 <!-- NoFavoritesMenu-OmaUri-Begin -->
@@ -1206,7 +1206,7 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start
 <!-- NoFind-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFind-Applicability-End -->
 
 <!-- NoFind-OmaUri-Begin -->
@@ -1272,7 +1272,7 @@ This policy setting affects the specified user interface elements only. It doesn
 <!-- NoGamesFolderOnStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoGamesFolderOnStartMenu-Applicability-End -->
 
 <!-- NoGamesFolderOnStartMenu-OmaUri-Begin -->
@@ -1330,7 +1330,7 @@ This policy setting affects the specified user interface elements only. It doesn
 <!-- NoHelp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoHelp-Applicability-End -->
 
 <!-- NoHelp-OmaUri-Begin -->
@@ -1391,7 +1391,7 @@ This policy setting only affects the Start menu. It doesn't remove the Help menu
 <!-- NoInstrumentation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInstrumentation-Applicability-End -->
 
 <!-- NoInstrumentation-OmaUri-Begin -->
@@ -1454,7 +1454,7 @@ This policy setting doesn't prevent users from pinning programs to the Start Men
 <!-- NoMoreProgramsList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMoreProgramsList-Applicability-End -->
 
 <!-- NoMoreProgramsList-OmaUri-Begin -->
@@ -1521,7 +1521,7 @@ Selecting "Remove and disable setting" will remove the all apps list from Start
 <!-- NoNetAndDialupConnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNetAndDialupConnect-Applicability-End -->
 
 <!-- NoNetAndDialupConnect-OmaUri-Begin -->
@@ -1586,7 +1586,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po
 <!-- NoPinnedPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinnedPrograms-Applicability-End -->
 
 <!-- NoPinnedPrograms-OmaUri-Begin -->
@@ -1646,7 +1646,7 @@ In Windows XP and Windows Vista, the Internet and email checkboxes are removed f
 <!-- NoRecentDocsMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecentDocsMenu-Applicability-End -->
 
 <!-- NoRecentDocsMenu-OmaUri-Begin -->
@@ -1716,7 +1716,7 @@ This setting also doesn't hide document shortcuts displayed in the Open dialog b
 <!-- NoResolveSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoResolveSearch-Applicability-End -->
 
 <!-- NoResolveSearch-OmaUri-Begin -->
@@ -1780,7 +1780,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
 <!-- NoResolveTrack-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoResolveTrack-Applicability-End -->
 
 <!-- NoResolveTrack-OmaUri-Begin -->
@@ -1844,7 +1844,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
 <!-- NoRun-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRun-Applicability-End -->
 
 <!-- NoRun-OmaUri-Begin -->
@@ -1927,7 +1927,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchCommInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchCommInStartMenu-Applicability-End -->
 
 <!-- NoSearchCommInStartMenu-OmaUri-Begin -->
@@ -1985,7 +1985,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchComputerLinkInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchComputerLinkInStartMenu-Applicability-End -->
 
 <!-- NoSearchComputerLinkInStartMenu-OmaUri-Begin -->
@@ -2043,7 +2043,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchEverywhereLinkInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchEverywhereLinkInStartMenu-Applicability-End -->
 
 <!-- NoSearchEverywhereLinkInStartMenu-OmaUri-Begin -->
@@ -2101,7 +2101,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchFilesInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchFilesInStartMenu-Applicability-End -->
 
 <!-- NoSearchFilesInStartMenu-OmaUri-Begin -->
@@ -2161,7 +2161,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchInternetInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchInternetInStartMenu-Applicability-End -->
 
 <!-- NoSearchInternetInStartMenu-OmaUri-Begin -->
@@ -2219,7 +2219,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchProgramsInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchProgramsInStartMenu-Applicability-End -->
 
 <!-- NoSearchProgramsInStartMenu-OmaUri-Begin -->
@@ -2277,7 +2277,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSetFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSetFolders-Applicability-End -->
 
 <!-- NoSetFolders-OmaUri-Begin -->
@@ -2340,7 +2340,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "
 <!-- NoSetTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSetTaskbar-Applicability-End -->
 
 <!-- NoSetTaskbar-OmaUri-Begin -->
@@ -2405,7 +2405,7 @@ If the user right-clicks the taskbar and then clicks Properties, a message appea
 <!-- NoSMConfigurePrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMConfigurePrograms-Applicability-End -->
 
 <!-- NoSMConfigurePrograms-OmaUri-Begin -->
@@ -2469,7 +2469,7 @@ Clicking the Default Programs link from the Start menu opens the Default Program
 <!-- NoSMMyDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyDocuments-Applicability-End -->
 
 <!-- NoSMMyDocuments-OmaUri-Begin -->
@@ -2533,7 +2533,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting.
 <!-- NoSMMyMusic-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyMusic-Applicability-End -->
 
 <!-- NoSMMyMusic-OmaUri-Begin -->
@@ -2592,7 +2592,7 @@ This policy setting allows you to remove the Music icon from Start Menu.
 <!-- NoSMMyNetworkPlaces-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyNetworkPlaces-Applicability-End -->
 
 <!-- NoSMMyNetworkPlaces-OmaUri-Begin -->
@@ -2651,7 +2651,7 @@ This policy setting allows you to remove the Network icon from Start Menu.
 <!-- NoSMMyPictures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyPictures-Applicability-End -->
 
 <!-- NoSMMyPictures-OmaUri-Begin -->
@@ -2710,7 +2710,7 @@ This policy setting allows you to remove the Pictures icon from Start Menu.
 <!-- NoStartMenuDownload-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuDownload-Applicability-End -->
 
 <!-- NoStartMenuDownload-OmaUri-Begin -->
@@ -2769,7 +2769,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu.
 <!-- NoStartMenuHomegroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuHomegroup-Applicability-End -->
 
 <!-- NoStartMenuHomegroup-OmaUri-Begin -->
@@ -2827,7 +2827,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu.
 <!-- NoStartMenuRecordedTV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuRecordedTV-Applicability-End -->
 
 <!-- NoStartMenuRecordedTV-OmaUri-Begin -->
@@ -2886,7 +2886,7 @@ This policy setting allows you to remove the Recorded TV link from the Start Men
 <!-- NoStartMenuSubFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuSubFolders-Applicability-End -->
 
 <!-- NoStartMenuSubFolders-OmaUri-Begin -->
@@ -2949,7 +2949,7 @@ Note that this setting hides all user-specific folders, not just those associate
 <!-- NoStartMenuVideos-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuVideos-Applicability-End -->
 
 <!-- NoStartMenuVideos-OmaUri-Begin -->
@@ -3008,7 +3008,7 @@ This policy setting allows you to remove the Videos link from the Start Menu.
 <!-- NoStartPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartPage-Applicability-End -->
 
 <!-- NoStartPage-OmaUri-Begin -->
@@ -3071,7 +3071,7 @@ The classic Start menu in Windows 2000 Professional allows users to begin common
 <!-- NoTaskBarClock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTaskBarClock-Applicability-End -->
 
 <!-- NoTaskBarClock-OmaUri-Begin -->
@@ -3130,7 +3130,7 @@ Prevents the clock in the system notification area from being displayed.
 <!-- NoTaskGrouping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTaskGrouping-Applicability-End -->
 
 <!-- NoTaskGrouping-OmaUri-Begin -->
@@ -3191,7 +3191,7 @@ Taskbar grouping consolidates similar applications when there is no room on the
 <!-- NoToolbarsOnTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoToolbarsOnTaskbar-Applicability-End -->
 
 <!-- NoToolbarsOnTaskbar-OmaUri-Begin -->
@@ -3252,7 +3252,7 @@ The taskbar includes the Start button, buttons for currently running tasks, cust
 <!-- NoTrayContextMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTrayContextMenu-Applicability-End -->
 
 <!-- NoTrayContextMenu-OmaUri-Begin -->
@@ -3317,7 +3317,7 @@ This policy setting doesn't prevent users from using other methods to issue the
 <!-- NoTrayItemsDisplay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTrayItemsDisplay-Applicability-End -->
 
 <!-- NoTrayItemsDisplay-OmaUri-Begin -->
@@ -3381,7 +3381,7 @@ Description: The notification area is located at the far right end of the task b
 <!-- NoUninstallFromStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoUninstallFromStart-Applicability-End -->
 
 <!-- NoUninstallFromStart-OmaUri-Begin -->
@@ -3443,7 +3443,7 @@ Description: The notification area is located at the far right end of the task b
 <!-- NoUserFolderOnStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoUserFolderOnStartMenu-Applicability-End -->
 
 <!-- NoUserFolderOnStartMenu-OmaUri-Begin -->
@@ -3501,7 +3501,7 @@ Description: The notification area is located at the far right end of the task b
 <!-- NoUserNameOnStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoUserNameOnStartMenu-Applicability-End -->
 
 <!-- NoUserNameOnStartMenu-OmaUri-Begin -->
@@ -3562,7 +3562,7 @@ To remove the user name folder on Windows Vista, set the "Remove user folder lin
 <!-- NoWindowsUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsUpdate-Applicability-End -->
 
 <!-- NoWindowsUpdate-OmaUri-Begin -->
@@ -3627,7 +3627,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
 <!-- PowerButtonAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PowerButtonAction-Applicability-End -->
 
 <!-- PowerButtonAction-OmaUri-Begin -->
@@ -3687,7 +3687,7 @@ If you set the button to either Sleep or Hibernate, and that state isn't support
 <!-- QuickLaunchEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QuickLaunchEnabled-Applicability-End -->
 
 <!-- QuickLaunchEnabled-OmaUri-Begin -->
@@ -3748,7 +3748,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas
 <!-- RemoveUnDockPCButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveUnDockPCButton-Applicability-End -->
 
 <!-- RemoveUnDockPCButton-OmaUri-Begin -->
@@ -3806,7 +3806,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas
 <!-- ShowAppsViewOnStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowAppsViewOnStart-Applicability-End -->
 
 <!-- ShowAppsViewOnStart-OmaUri-Begin -->
@@ -3865,7 +3865,7 @@ This policy setting allows the Apps view to be opened by default when the user g
 <!-- ShowRunAsDifferentUserInStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowRunAsDifferentUserInStart-Applicability-End -->
 
 <!-- ShowRunAsDifferentUserInStart-OmaUri-Begin -->
@@ -3927,7 +3927,7 @@ This policy setting shows or hides the "Run as different user" command on the St
 <!-- ShowRunInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowRunInStartMenu-Applicability-End -->
 
 <!-- ShowRunInStartMenu-OmaUri-Begin -->
@@ -3985,7 +3985,7 @@ This policy setting shows or hides the "Run as different user" command on the St
 <!-- ShowStartOnDisplayWithForegroundOnWinKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowStartOnDisplayWithForegroundOnWinKey-Applicability-End -->
 
 <!-- ShowStartOnDisplayWithForegroundOnWinKey-OmaUri-Begin -->
@@ -4044,7 +4044,7 @@ This policy setting allows the Start screen to appear on the display the user is
 <!-- StartMenuLogOff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StartMenuLogOff-Applicability-End -->
 
 <!-- StartMenuLogOff-OmaUri-Begin -->
@@ -4110,7 +4110,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te
 <!-- StartPinAppsWhenInstalled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StartPinAppsWhenInstalled-Applicability-End -->
 
 <!-- StartPinAppsWhenInstalled-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index 2e1c03774b..5cabd1d034 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_SystemRestore Policy CSP
 description: Learn more about the ADMX_SystemRestore Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- SR_DisableConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SR_DisableConfig-Applicability-End -->
 
 <!-- SR_DisableConfig-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
index e7b2fb7d4a..53afd9ca6d 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_TabletPCInputPanel Policy CSP
 description: Learn more about the ADMX_TabletPCInputPanel Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AutoComplete_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoComplete_1-Applicability-End -->
 
 <!-- AutoComplete_1-OmaUri-Begin -->
@@ -84,7 +84,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- AutoComplete_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoComplete_2-Applicability-End -->
 
 <!-- AutoComplete_2-OmaUri-Begin -->
@@ -147,7 +147,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- EdgeTarget_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EdgeTarget_1-Applicability-End -->
 
 <!-- EdgeTarget_1-OmaUri-Begin -->
@@ -213,7 +213,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- EdgeTarget_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EdgeTarget_2-Applicability-End -->
 
 <!-- EdgeTarget_2-OmaUri-Begin -->
@@ -279,7 +279,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTarget_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTarget_1-Applicability-End -->
 
 <!-- IPTIPTarget_1-OmaUri-Begin -->
@@ -345,7 +345,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTarget_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTarget_2-Applicability-End -->
 
 <!-- IPTIPTarget_2-OmaUri-Begin -->
@@ -411,7 +411,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTouchTarget_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTouchTarget_1-Applicability-End -->
 
 <!-- IPTIPTouchTarget_1-OmaUri-Begin -->
@@ -474,7 +474,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTouchTarget_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTouchTarget_2-Applicability-End -->
 
 <!-- IPTIPTouchTarget_2-OmaUri-Begin -->
@@ -537,7 +537,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- PasswordSecurity_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PasswordSecurity_1-Applicability-End -->
 
 <!-- PasswordSecurity_1-OmaUri-Begin -->
@@ -611,7 +611,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- PasswordSecurity_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PasswordSecurity_2-Applicability-End -->
 
 <!-- PasswordSecurity_2-OmaUri-Begin -->
@@ -685,7 +685,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- Prediction_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Prediction_1-Applicability-End -->
 
 <!-- Prediction_1-OmaUri-Begin -->
@@ -748,7 +748,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- Prediction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Prediction_2-Applicability-End -->
 
 <!-- Prediction_2-OmaUri-Begin -->
@@ -811,7 +811,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- RareChar_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RareChar_1-Applicability-End -->
 
 <!-- RareChar_1-OmaUri-Begin -->
@@ -874,7 +874,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7
 <!-- RareChar_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RareChar_2-Applicability-End -->
 
 <!-- RareChar_2-OmaUri-Begin -->
@@ -937,7 +937,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7
 <!-- ScratchOut_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScratchOut_1-Applicability-End -->
 
 <!-- ScratchOut_1-OmaUri-Begin -->
@@ -1006,7 +1006,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- ScratchOut_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScratchOut_2-Applicability-End -->
 
 <!-- ScratchOut_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index 7ee90e1830..54cd7e2993 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_TabletShell Policy CSP
 description: Learn more about the ADMX_TabletShell Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableInkball_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableInkball_1-Applicability-End -->
 
 <!-- DisableInkball_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Prevents start of InkBall game.
 <!-- DisableInkball_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableInkball_2-Applicability-End -->
 
 <!-- DisableInkball_2-OmaUri-Begin -->
@@ -143,7 +143,7 @@ Prevents start of InkBall game.
 <!-- DisableJournal_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableJournal_1-Applicability-End -->
 
 <!-- DisableJournal_1-OmaUri-Begin -->
@@ -204,7 +204,7 @@ Prevents start of Windows Journal.
 <!-- DisableJournal_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableJournal_2-Applicability-End -->
 
 <!-- DisableJournal_2-OmaUri-Begin -->
@@ -265,7 +265,7 @@ Prevents start of Windows Journal.
 <!-- DisableNoteWriterPrinting_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNoteWriterPrinting_1-Applicability-End -->
 
 <!-- DisableNoteWriterPrinting_1-OmaUri-Begin -->
@@ -326,7 +326,7 @@ Prevents printing to Journal Note Writer.
 <!-- DisableNoteWriterPrinting_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNoteWriterPrinting_2-Applicability-End -->
 
 <!-- DisableNoteWriterPrinting_2-OmaUri-Begin -->
@@ -387,7 +387,7 @@ Prevents printing to Journal Note Writer.
 <!-- DisableSnippingTool_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSnippingTool_1-Applicability-End -->
 
 <!-- DisableSnippingTool_1-OmaUri-Begin -->
@@ -448,7 +448,7 @@ Prevents the snipping tool from running.
 <!-- DisableSnippingTool_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSnippingTool_2-Applicability-End -->
 
 <!-- DisableSnippingTool_2-OmaUri-Begin -->
@@ -509,7 +509,7 @@ Prevents the snipping tool from running.
 <!-- PreventBackEscMapping_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventBackEscMapping_1-Applicability-End -->
 
 <!-- PreventBackEscMapping_1-OmaUri-Begin -->
@@ -570,7 +570,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f
 <!-- PreventBackEscMapping_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventBackEscMapping_2-Applicability-End -->
 
 <!-- PreventBackEscMapping_2-OmaUri-Begin -->
@@ -631,7 +631,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f
 <!-- PreventFlicks_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicks_1-Applicability-End -->
 
 <!-- PreventFlicks_1-OmaUri-Begin -->
@@ -690,7 +690,7 @@ Makes pen flicks and all related features unavailable.
 <!-- PreventFlicks_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicks_2-Applicability-End -->
 
 <!-- PreventFlicks_2-OmaUri-Begin -->
@@ -749,7 +749,7 @@ Makes pen flicks and all related features unavailable.
 <!-- PreventFlicksLearningMode_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicksLearningMode_1-Applicability-End -->
 
 <!-- PreventFlicksLearningMode_1-OmaUri-Begin -->
@@ -808,7 +808,7 @@ Makes pen flicks learning mode unavailable.
 <!-- PreventFlicksLearningMode_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicksLearningMode_2-Applicability-End -->
 
 <!-- PreventFlicksLearningMode_2-OmaUri-Begin -->
@@ -867,7 +867,7 @@ Makes pen flicks learning mode unavailable.
 <!-- PreventLaunchApp_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventLaunchApp_1-Applicability-End -->
 
 <!-- PreventLaunchApp_1-OmaUri-Begin -->
@@ -928,7 +928,7 @@ Prevents the user from launching an application from a Tablet PC hardware button
 <!-- PreventLaunchApp_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventLaunchApp_2-Applicability-End -->
 
 <!-- PreventLaunchApp_2-OmaUri-Begin -->
@@ -989,7 +989,7 @@ Prevents the user from launching an application from a Tablet PC hardware button
 <!-- PreventPressAndHold_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventPressAndHold_1-Applicability-End -->
 
 <!-- PreventPressAndHold_1-OmaUri-Begin -->
@@ -1050,7 +1050,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is
 <!-- PreventPressAndHold_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventPressAndHold_2-Applicability-End -->
 
 <!-- PreventPressAndHold_2-OmaUri-Begin -->
@@ -1111,7 +1111,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is
 <!-- TurnOffButtons_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffButtons_1-Applicability-End -->
 
 <!-- TurnOffButtons_1-OmaUri-Begin -->
@@ -1172,7 +1172,7 @@ Turns off Tablet PC hardware buttons.
 <!-- TurnOffButtons_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffButtons_2-Applicability-End -->
 
 <!-- TurnOffButtons_2-OmaUri-Begin -->
@@ -1233,7 +1233,7 @@ Turns off Tablet PC hardware buttons.
 <!-- TurnOffFeedback_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffFeedback_1-Applicability-End -->
 
 <!-- TurnOffFeedback_1-OmaUri-Begin -->
@@ -1292,7 +1292,7 @@ Disables visual pen action feedback, except for press and hold feedback.
 <!-- TurnOffFeedback_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffFeedback_2-Applicability-End -->
 
 <!-- TurnOffFeedback_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 176660f30b..15a624d898 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Taskbar Policy CSP
 description: Learn more about the ADMX_Taskbar Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableNotificationCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNotificationCenter-Applicability-End -->
 
 <!-- DisableNotificationCenter-OmaUri-Begin -->
@@ -88,7 +88,7 @@ A reboot is required for this policy setting to take effect.
 <!-- EnableLegacyBalloonNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableLegacyBalloonNotifications-Applicability-End -->
 
 <!-- EnableLegacyBalloonNotifications-OmaUri-Begin -->
@@ -142,7 +142,7 @@ A reboot is required for this policy setting to take effect.
 <!-- HideSCAHealth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCAHealth-Applicability-End -->
 
 <!-- HideSCAHealth-OmaUri-Begin -->
@@ -201,7 +201,7 @@ This policy setting allows you to remove Security and Maintenance from the syste
 <!-- HideSCANetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCANetwork-Applicability-End -->
 
 <!-- HideSCANetwork-OmaUri-Begin -->
@@ -260,7 +260,7 @@ This policy setting allows you to remove the networking icon from the system con
 <!-- HideSCAPower-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCAPower-Applicability-End -->
 
 <!-- HideSCAPower-OmaUri-Begin -->
@@ -319,7 +319,7 @@ This policy setting allows you to remove the battery meter from the system contr
 <!-- HideSCAVolume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCAVolume-Applicability-End -->
 
 <!-- HideSCAVolume-OmaUri-Begin -->
@@ -378,7 +378,7 @@ This policy setting allows you to remove the volume control icon from the system
 <!-- NoBalloonFeatureAdvertisements-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoBalloonFeatureAdvertisements-Applicability-End -->
 
 <!-- NoBalloonFeatureAdvertisements-OmaUri-Begin -->
@@ -437,7 +437,7 @@ If you disable don't configure this policy setting, feature advertisement balloo
 <!-- NoPinningStoreToTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinningStoreToTaskbar-Applicability-End -->
 
 <!-- NoPinningStoreToTaskbar-OmaUri-Begin -->
@@ -496,7 +496,7 @@ This policy setting allows you to control pinning the Store app to the Taskbar.
 <!-- NoPinningToDestinations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinningToDestinations-Applicability-End -->
 
 <!-- NoPinningToDestinations-OmaUri-Begin -->
@@ -555,7 +555,7 @@ This policy setting allows you to control pinning items in Jump Lists.
 <!-- NoPinningToTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinningToTaskbar-Applicability-End -->
 
 <!-- NoPinningToTaskbar-OmaUri-Begin -->
@@ -614,7 +614,7 @@ This policy setting allows you to control pinning programs to the Taskbar.
 <!-- NoRemoteDestinations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRemoteDestinations-Applicability-End -->
 
 <!-- NoRemoteDestinations-OmaUri-Begin -->
@@ -678,7 +678,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu
 <!-- NoSystraySystemPromotion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSystraySystemPromotion-Applicability-End -->
 
 <!-- NoSystraySystemPromotion-OmaUri-Begin -->
@@ -737,7 +737,7 @@ This policy setting allows you to turn off automatic promotion of notification i
 <!-- ShowWindowsStoreAppsOnTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowWindowsStoreAppsOnTaskbar-Applicability-End -->
 
 <!-- ShowWindowsStoreAppsOnTaskbar-OmaUri-Begin -->
@@ -798,7 +798,7 @@ This policy setting allows users to see Windows Store apps on the taskbar.
 <!-- TaskbarLockAll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarLockAll-Applicability-End -->
 
 <!-- TaskbarLockAll-OmaUri-Begin -->
@@ -857,7 +857,7 @@ This policy setting allows you to lock all taskbar settings.
 <!-- TaskbarNoAddRemoveToolbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoAddRemoveToolbar-Applicability-End -->
 
 <!-- TaskbarNoAddRemoveToolbar-OmaUri-Begin -->
@@ -916,7 +916,7 @@ This policy setting allows you to prevent users from adding or removing toolbars
 <!-- TaskbarNoDragToolbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoDragToolbar-Applicability-End -->
 
 <!-- TaskbarNoDragToolbar-OmaUri-Begin -->
@@ -975,7 +975,7 @@ This policy setting allows you to prevent users from rearranging toolbars.
 <!-- TaskbarNoMultimon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoMultimon-Applicability-End -->
 
 <!-- TaskbarNoMultimon-OmaUri-Begin -->
@@ -1034,7 +1034,7 @@ This policy setting allows you to prevent taskbars from being displayed on more
 <!-- TaskbarNoNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoNotification-Applicability-End -->
 
 <!-- TaskbarNoNotification-OmaUri-Begin -->
@@ -1093,7 +1093,7 @@ This policy setting allows you to turn off all notification balloons.
 <!-- TaskbarNoPinnedList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoPinnedList-Applicability-End -->
 
 <!-- TaskbarNoPinnedList-OmaUri-Begin -->
@@ -1156,7 +1156,7 @@ This policy setting allows you to remove pinned programs from the taskbar.
 <!-- TaskbarNoRedock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoRedock-Applicability-End -->
 
 <!-- TaskbarNoRedock-OmaUri-Begin -->
@@ -1215,7 +1215,7 @@ This policy setting allows you to prevent users from moving taskbar to another s
 <!-- TaskbarNoResize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoResize-Applicability-End -->
 
 <!-- TaskbarNoResize-OmaUri-Begin -->
@@ -1274,7 +1274,7 @@ This policy setting allows you to prevent users from resizing the taskbar.
 <!-- TaskbarNoThumbnail-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoThumbnail-Applicability-End -->
 
 <!-- TaskbarNoThumbnail-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index a394a7a264..2cf61bd6b9 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_tcpip Policy CSP
 description: Learn more about the ADMX_tcpip Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- 6to4_Router_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- 6to4_Router_Name-Applicability-End -->
 
 <!-- 6to4_Router_Name-OmaUri-Begin -->
@@ -79,7 +79,7 @@ This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6
 <!-- 6to4_Router_Name_Resolution_Interval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- 6to4_Router_Name_Resolution_Interval-Applicability-End -->
 
 <!-- 6to4_Router_Name_Resolution_Interval-OmaUri-Begin -->
@@ -137,7 +137,7 @@ This policy setting allows you to specify the interval at which the relay name i
 <!-- 6to4_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- 6to4_State-Applicability-End -->
 
 <!-- 6to4_State-OmaUri-Begin -->
@@ -201,7 +201,7 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 won't be av
 <!-- IP_Stateless_Autoconfiguration_Limits_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IP_Stateless_Autoconfiguration_Limits_State-Applicability-End -->
 
 <!-- IP_Stateless_Autoconfiguration_Limits_State-OmaUri-Begin -->
@@ -260,7 +260,7 @@ This policy setting allows you to configure IP Stateless Autoconfiguration Limit
 <!-- IPHTTPS_ClientState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPHTTPS_ClientState-Applicability-End -->
 
 <!-- IPHTTPS_ClientState-OmaUri-Begin -->
@@ -324,7 +324,7 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host.
 <!-- ISATAP_Router_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ISATAP_Router_Name-Applicability-End -->
 
 <!-- ISATAP_Router_Name-OmaUri-Begin -->
@@ -382,7 +382,7 @@ This policy setting allows you to specify a router name or Internet Protocol ver
 <!-- ISATAP_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ISATAP_State-Applicability-End -->
 
 <!-- ISATAP_State-OmaUri-Begin -->
@@ -446,7 +446,7 @@ Policy Disabled State: No ISATAP interfaces are present on the host.
 <!-- Teredo_Client_Port-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Client_Port-Applicability-End -->
 
 <!-- Teredo_Client_Port-OmaUri-Begin -->
@@ -504,7 +504,7 @@ This policy setting allows you to select the UDP port the Teredo client will use
 <!-- Teredo_Default_Qualified-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Default_Qualified-Applicability-End -->
 
 <!-- Teredo_Default_Qualified-OmaUri-Begin -->
@@ -564,7 +564,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali
 <!-- Teredo_Refresh_Rate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Refresh_Rate-Applicability-End -->
 
 <!-- Teredo_Refresh_Rate-OmaUri-Begin -->
@@ -625,7 +625,7 @@ This policy setting allows you to configure the Teredo refresh rate.
 <!-- Teredo_Server_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Server_Name-Applicability-End -->
 
 <!-- Teredo_Server_Name-OmaUri-Begin -->
@@ -683,7 +683,7 @@ This policy setting allows you to specify the name of the Teredo server. This se
 <!-- Teredo_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_State-Applicability-End -->
 
 <!-- Teredo_State-OmaUri-Begin -->
@@ -749,7 +749,7 @@ Enterprise Client: The Teredo interface is always present, even if the host is o
 <!-- Windows_Scaling_Heuristics_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Windows_Scaling_Heuristics_State-Applicability-End -->
 
 <!-- Windows_Scaling_Heuristics_State-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 9209e4e647..c4f588506a 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_TerminalServer Policy CSP
 description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
-ms.date: 06/19/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 06/19/2024
 <!-- TS_AUTO_RECONNECT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_AUTO_RECONNECT-Applicability-End -->
 
 <!-- TS_AUTO_RECONNECT-OmaUri-Begin -->
@@ -82,7 +82,7 @@ If the status is set to Not Configured, automatic reconnection isn't specified a
 <!-- TS_CAMERA_REDIRECTION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CAMERA_REDIRECTION-Applicability-End -->
 
 <!-- TS_CAMERA_REDIRECTION-OmaUri-Begin -->
@@ -143,7 +143,7 @@ By default, Remote Desktop Services allows redirection of video capture devices.
 <!-- TS_CERTIFICATE_TEMPLATE_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CERTIFICATE_TEMPLATE_POLICY-Applicability-End -->
 
 <!-- TS_CERTIFICATE_TEMPLATE_POLICY-OmaUri-Begin -->
@@ -208,7 +208,7 @@ If no certificate can be found that was created with the specified certificate t
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_1-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_1-OmaUri-Begin -->
@@ -272,7 +272,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_2-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_2-OmaUri-Begin -->
@@ -336,7 +336,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_1-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_1-OmaUri-Begin -->
@@ -395,7 +395,7 @@ This policy setting allows you to specify whether users can run unsigned Remote
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_2-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_2-OmaUri-Begin -->
@@ -454,7 +454,7 @@ This policy setting allows you to specify whether users can run unsigned Remote
 <!-- TS_CLIENT_AUDIO-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_AUDIO-Applicability-End -->
 
 <!-- TS_CLIENT_AUDIO-OmaUri-Begin -->
@@ -519,7 +519,7 @@ By default, audio and video playback redirection isn't allowed when connecting t
 <!-- TS_CLIENT_AUDIO_CAPTURE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_AUDIO_CAPTURE-Applicability-End -->
 
 <!-- TS_CLIENT_AUDIO_CAPTURE-OmaUri-Begin -->
@@ -584,7 +584,7 @@ By default, audio recording redirection isn't allowed when connecting to a compu
 <!-- TS_CLIENT_AUDIO_QUALITY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_AUDIO_QUALITY-Applicability-End -->
 
 <!-- TS_CLIENT_AUDIO_QUALITY-OmaUri-Begin -->
@@ -646,7 +646,7 @@ Audio playback quality can be configured on the client computer by using the aud
 <!-- TS_CLIENT_CLIPBOARD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_CLIPBOARD-Applicability-End -->
 
 <!-- TS_CLIENT_CLIPBOARD-OmaUri-Begin -->
@@ -709,7 +709,7 @@ You can use this setting to prevent users from redirecting Clipboard data to and
 <!-- TS_CLIENT_COM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_COM-Applicability-End -->
 
 <!-- TS_CLIENT_COM-OmaUri-Begin -->
@@ -772,7 +772,7 @@ You can use this setting to prevent users from redirecting data to COM port peri
 <!-- TS_CLIENT_DEFAULT_M-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_DEFAULT_M-Applicability-End -->
 
 <!-- TS_CLIENT_DEFAULT_M-OmaUri-Begin -->
@@ -835,7 +835,7 @@ By default, Remote Desktop Services automatically designates the client default
 <!-- TS_CLIENT_DISABLE_HARDWARE_MODE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_DISABLE_HARDWARE_MODE-Applicability-End -->
 
 <!-- TS_CLIENT_DISABLE_HARDWARE_MODE-OmaUri-Begin -->
@@ -890,7 +890,7 @@ This policy setting specifies whether the Remote Desktop Connection can use hard
 <!-- TS_CLIENT_DISABLE_PASSWORD_SAVING_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_DISABLE_PASSWORD_SAVING_1-Applicability-End -->
 
 <!-- TS_CLIENT_DISABLE_PASSWORD_SAVING_1-OmaUri-Begin -->
@@ -949,7 +949,7 @@ Controls whether a user can save passwords using Remote Desktop Connection.
 <!-- TS_CLIENT_LPT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_LPT-Applicability-End -->
 
 <!-- TS_CLIENT_LPT-OmaUri-Begin -->
@@ -1012,7 +1012,7 @@ You can use this setting to prevent users from mapping local LPT ports and redir
 <!-- TS_CLIENT_PNP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_PNP-Applicability-End -->
 
 <!-- TS_CLIENT_PNP-OmaUri-Begin -->
@@ -1078,7 +1078,7 @@ By default, Remote Desktop Services doesn't allow redirection of supported Plug
 <!-- TS_CLIENT_PRINTER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_PRINTER-Applicability-End -->
 
 <!-- TS_CLIENT_PRINTER-OmaUri-Begin -->
@@ -1141,7 +1141,7 @@ You can use this policy setting to prevent users from redirecting print jobs fro
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1-Applicability-End -->
 
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1-OmaUri-Begin -->
@@ -1208,7 +1208,7 @@ If the list contains a string that isn't a certificate thumbprint, it's ignored.
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2-Applicability-End -->
 
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2-OmaUri-Begin -->
@@ -1275,7 +1275,7 @@ If the list contains a string that isn't a certificate thumbprint, it's ignored.
 <!-- TS_CLIENT_TURN_OFF_UDP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_TURN_OFF_UDP-Applicability-End -->
 
 <!-- TS_CLIENT_TURN_OFF_UDP-OmaUri-Begin -->
@@ -1334,7 +1334,7 @@ This policy setting specifies whether the UDP protocol will be used to access se
 <!-- TS_COLORDEPTH-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_COLORDEPTH-Applicability-End -->
 
 <!-- TS_COLORDEPTH-OmaUri-Begin -->
@@ -1406,7 +1406,7 @@ If the client doesn't support at least 16 bits, the connection is terminated.
 <!-- TS_DELETE_ROAMING_USER_PROFILES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_DELETE_ROAMING_USER_PROFILES-Applicability-End -->
 
 <!-- TS_DELETE_ROAMING_USER_PROFILES-OmaUri-Begin -->
@@ -1471,7 +1471,7 @@ This policy setting allows you to limit the size of the entire roaming user prof
 <!-- TS_DISABLE_REMOTE_DESKTOP_WALLPAPER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_DISABLE_REMOTE_DESKTOP_WALLPAPER-Applicability-End -->
 
 <!-- TS_DISABLE_REMOTE_DESKTOP_WALLPAPER-OmaUri-Begin -->
@@ -1534,7 +1534,7 @@ If the status is set to Not Configured, the default behavior applies.
 <!-- TS_DX_USE_FULL_HWGPU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_DX_USE_FULL_HWGPU-Applicability-End -->
 
 <!-- TS_DX_USE_FULL_HWGPU-OmaUri-Begin -->
@@ -1598,7 +1598,7 @@ This policy setting enables system administrators to change the graphics renderi
 <!-- TS_EASY_PRINT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_EASY_PRINT-Applicability-End -->
 
 <!-- TS_EASY_PRINT-OmaUri-Begin -->
@@ -1660,7 +1660,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print
 <!-- TS_EASY_PRINT_User-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_EASY_PRINT_User-Applicability-End -->
 
 <!-- TS_EASY_PRINT_User-OmaUri-Begin -->
@@ -1722,7 +1722,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print
 <!-- TS_EnableVirtualGraphics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_EnableVirtualGraphics-Applicability-End -->
 
 <!-- TS_EnableVirtualGraphics-OmaUri-Begin -->
@@ -1787,7 +1787,7 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi
 <!-- TS_FALLBACKPRINTDRIVERTYPE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_FALLBACKPRINTDRIVERTYPE-Applicability-End -->
 
 <!-- TS_FALLBACKPRINTDRIVERTYPE-OmaUri-Begin -->
@@ -1861,7 +1861,7 @@ By default, the RD Session Host server fallback printer driver is disabled. If t
 <!-- TS_FORCIBLE_LOGOFF-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_FORCIBLE_LOGOFF-Applicability-End -->
 
 <!-- TS_FORCIBLE_LOGOFF-OmaUri-Begin -->
@@ -1925,7 +1925,7 @@ This policy is useful when the currently connected administrator doesn't want to
 <!-- TS_GATEWAY_POLICY_AUTH_METHOD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_GATEWAY_POLICY_AUTH_METHOD-Applicability-End -->
 
 <!-- TS_GATEWAY_POLICY_AUTH_METHOD-OmaUri-Begin -->
@@ -1983,7 +1983,7 @@ If you disable or don't configure this policy setting, the authentication method
 <!-- TS_GATEWAY_POLICY_ENABLE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_GATEWAY_POLICY_ENABLE-Applicability-End -->
 
 <!-- TS_GATEWAY_POLICY_ENABLE-OmaUri-Begin -->
@@ -2048,7 +2048,7 @@ To allow users to overwrite this policy setting, select the "Allow users to chan
 <!-- TS_GATEWAY_POLICY_SERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_GATEWAY_POLICY_SERVER-Applicability-End -->
 
 <!-- TS_GATEWAY_POLICY_SERVER-OmaUri-Begin -->
@@ -2110,7 +2110,7 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a
 <!-- TS_JOIN_SESSION_DIRECTORY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_JOIN_SESSION_DIRECTORY-Applicability-End -->
 
 <!-- TS_JOIN_SESSION_DIRECTORY-OmaUri-Begin -->
@@ -2179,7 +2179,7 @@ Note:
 <!-- TS_KEEP_ALIVE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_KEEP_ALIVE-Applicability-End -->
 
 <!-- TS_KEEP_ALIVE-OmaUri-Begin -->
@@ -2240,7 +2240,7 @@ After an RD Session Host server client loses the connection to an RD Session Hos
 <!-- TS_LICENSE_SECGROUP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSE_SECGROUP-Applicability-End -->
 
 <!-- TS_LICENSE_SECGROUP-OmaUri-Begin -->
@@ -2306,7 +2306,7 @@ By default, the RDS Endpoint Servers group is empty.
 <!-- TS_LICENSE_SERVERS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSE_SERVERS-Applicability-End -->
 
 <!-- TS_LICENSE_SERVERS-OmaUri-Begin -->
@@ -2368,7 +2368,7 @@ This policy setting allows you to specify the order in which an RD Session Host
 <!-- TS_LICENSE_TOOLTIP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSE_TOOLTIP-Applicability-End -->
 
 <!-- TS_LICENSE_TOOLTIP-OmaUri-Begin -->
@@ -2428,7 +2428,7 @@ By default, notifications are displayed on an RD Session Host server after you l
 <!-- TS_LICENSING_MODE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSING_MODE-Applicability-End -->
 
 <!-- TS_LICENSING_MODE-OmaUri-Begin -->
@@ -2495,7 +2495,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
 <!-- TS_MAX_CON_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_MAX_CON_POLICY-Applicability-End -->
 
 <!-- TS_MAX_CON_POLICY-OmaUri-Begin -->
@@ -2560,7 +2560,7 @@ If the status is set to Disabled or Not Configured, limits to the number of conn
 <!-- TS_MAXDISPLAYRES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_MAXDISPLAYRES-Applicability-End -->
 
 <!-- TS_MAXDISPLAYRES-OmaUri-Begin -->
@@ -2618,7 +2618,7 @@ This policy setting allows you to specify the maximum display resolution that ca
 <!-- TS_MAXMONITOR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_MAXMONITOR-Applicability-End -->
 
 <!-- TS_MAXMONITOR-OmaUri-Begin -->
@@ -2676,7 +2676,7 @@ This policy setting allows you to limit the number of monitors that a user can u
 <!-- TS_NoDisconnectMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_NoDisconnectMenu-Applicability-End -->
 
 <!-- TS_NoDisconnectMenu-OmaUri-Begin -->
@@ -2740,7 +2740,7 @@ You can use this policy setting to prevent users from using this familiar method
 <!-- TS_NoSecurityMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_NoSecurityMenu-Applicability-End -->
 
 <!-- TS_NoSecurityMenu-OmaUri-Begin -->
@@ -2799,7 +2799,7 @@ If the status is set to Disabled or Not Configured, Windows Security remains in
 <!-- TS_PreventLicenseUpgrade-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_PreventLicenseUpgrade-Applicability-End -->
 
 <!-- TS_PreventLicenseUpgrade-OmaUri-Begin -->
@@ -2865,7 +2865,7 @@ By default, if the most appropriate RDS CAL isn't available for a connection, a
 <!-- TS_PROMT_CREDS_CLIENT_COMP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_PROMT_CREDS_CLIENT_COMP-Applicability-End -->
 
 <!-- TS_PROMT_CREDS_CLIENT_COMP-OmaUri-Begin -->
@@ -2927,7 +2927,7 @@ This policy setting determines whether a user will be prompted on the client com
 <!-- TS_RADC_DefaultConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RADC_DefaultConnection-Applicability-End -->
 
 <!-- TS_RADC_DefaultConnection-OmaUri-Begin -->
@@ -2990,7 +2990,7 @@ The default connection URL must be configured in the form of< https://contoso.co
 <!-- TS_RDSAppX_WaitForRegistration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RDSAppX_WaitForRegistration-Applicability-End -->
 
 <!-- TS_RDSAppX_WaitForRegistration-OmaUri-Begin -->
@@ -3051,7 +3051,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an
 <!-- TS_RemoteControl_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RemoteControl_1-Applicability-End -->
 
 <!-- TS_RemoteControl_1-OmaUri-Begin -->
@@ -3118,7 +3118,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an
 <!-- TS_RemoteControl_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RemoteControl_2-Applicability-End -->
 
 <!-- TS_RemoteControl_2-OmaUri-Begin -->
@@ -3185,7 +3185,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an
 <!-- TS_RemoteDesktopVirtualGraphics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RemoteDesktopVirtualGraphics-Applicability-End -->
 
 <!-- TS_RemoteDesktopVirtualGraphics-OmaUri-Begin -->
@@ -3245,7 +3245,7 @@ By default, Remote Desktop Connection sessions that use RemoteFX are optimized f
 <!-- TS_SD_ClustName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SD_ClustName-Applicability-End -->
 
 <!-- TS_SD_ClustName-OmaUri-Begin -->
@@ -3311,7 +3311,7 @@ Note:
 <!-- TS_SD_EXPOSE_ADDRESS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SD_EXPOSE_ADDRESS-Applicability-End -->
 
 <!-- TS_SD_EXPOSE_ADDRESS-OmaUri-Begin -->
@@ -3376,7 +3376,7 @@ Note:
 <!-- TS_SD_Loc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SD_Loc-Applicability-End -->
 
 <!-- TS_SD_Loc-OmaUri-Begin -->
@@ -3442,7 +3442,7 @@ Note:
 <!-- TS_SECURITY_LAYER_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SECURITY_LAYER_POLICY-Applicability-End -->
 
 <!-- TS_SECURITY_LAYER_POLICY-OmaUri-Begin -->
@@ -3506,7 +3506,7 @@ This policy setting specifies whether to require the use of a specific security
 <!-- TS_SELECT_NETWORK_DETECT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SELECT_NETWORK_DETECT-Applicability-End -->
 
 <!-- TS_SELECT_NETWORK_DETECT-OmaUri-Begin -->
@@ -3570,7 +3570,7 @@ If you disable or don't configure this policy setting, Remote Desktop Protocol w
 <!-- TS_SELECT_TRANSPORT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SELECT_TRANSPORT-Applicability-End -->
 
 <!-- TS_SELECT_TRANSPORT-OmaUri-Begin -->
@@ -3634,7 +3634,7 @@ If the UDP connection isn't successful or if you select "Use only TCP," all of t
 <!-- TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP-Applicability-End -->
 
 <!-- TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP-OmaUri-Begin -->
@@ -3693,7 +3693,7 @@ This policy setting allows you to enable RemoteApp programs to use advanced grap
 <!-- TS_SERVER_AUTH-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_AUTH-Applicability-End -->
 
 <!-- TS_SERVER_AUTH-OmaUri-Begin -->
@@ -3757,7 +3757,7 @@ Don't connect if authentication fails: The client establishes a connection to th
 <!-- TS_SERVER_AVC_HW_ENCODE_PREFERRED-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_AVC_HW_ENCODE_PREFERRED-Applicability-End -->
 
 <!-- TS_SERVER_AVC_HW_ENCODE_PREFERRED-OmaUri-Begin -->
@@ -3812,7 +3812,7 @@ This policy setting lets you enable H.264/AVC hardware encoding support for Remo
 <!-- TS_SERVER_AVC444_MODE_PREFERRED-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_AVC444_MODE_PREFERRED-Applicability-End -->
 
 <!-- TS_SERVER_AVC444_MODE_PREFERRED-OmaUri-Begin -->
@@ -3867,7 +3867,7 @@ This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX
 <!-- TS_SERVER_COMPRESSOR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_COMPRESSOR-Applicability-End -->
 
 <!-- TS_SERVER_COMPRESSOR-OmaUri-Begin -->
@@ -3929,7 +3929,7 @@ You can also choose not to use an RDP compression algorithm. Choosing not to use
 <!-- TS_SERVER_IMAGE_QUALITY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_IMAGE_QUALITY-Applicability-End -->
 
 <!-- TS_SERVER_IMAGE_QUALITY-OmaUri-Begin -->
@@ -3993,7 +3993,7 @@ This policy setting allows you to specify the visual quality for remote users wh
 <!-- TS_SERVER_LEGACY_RFX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_LEGACY_RFX-Applicability-End -->
 
 <!-- TS_SERVER_LEGACY_RFX-OmaUri-Begin -->
@@ -4052,7 +4052,7 @@ This policy setting allows you to configure graphics encoding to use the RemoteF
 <!-- TS_SERVER_PROFILE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_PROFILE-Applicability-End -->
 
 <!-- TS_SERVER_PROFILE-OmaUri-Begin -->
@@ -4109,63 +4109,13 @@ This policy setting allows the administrator to configure the RemoteFX experienc
 
 <!-- TS_SERVER_PROFILE-End -->
 
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Begin -->
-## TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Applicability-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/ADMX_TerminalServer/TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME
-```
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-OmaUri-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Description-Begin -->
-<!-- Description-Source-Not-Found -->
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Description-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Editable-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Add, Delete, Get, Replace |
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-DFProperties-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
-[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
-
-**ADMX mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME |
-| ADMX File Name | TerminalServer.admx |
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-AdmxBacked-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Examples-End -->
-
-<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-End -->
-
 <!-- TS_SERVER_VISEXP-Begin -->
 ## TS_SERVER_VISEXP
 
 <!-- TS_SERVER_VISEXP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_VISEXP-Applicability-End -->
 
 <!-- TS_SERVER_VISEXP-OmaUri-Begin -->
@@ -4225,7 +4175,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia,
 <!-- TS_SERVER_WDDM_GRAPHICS_DRIVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_WDDM_GRAPHICS_DRIVER-Applicability-End -->
 
 <!-- TS_SERVER_WDDM_GRAPHICS_DRIVER-OmaUri-Begin -->
@@ -4286,7 +4236,7 @@ For this change to take effect, you must restart Windows.
 <!-- TS_Session_End_On_Limit_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_Session_End_On_Limit_1-Applicability-End -->
 
 <!-- TS_Session_End_On_Limit_1-OmaUri-Begin -->
@@ -4354,7 +4304,7 @@ Time limits are set locally by the server administrator or by using Group Policy
 <!-- TS_Session_End_On_Limit_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_Session_End_On_Limit_2-Applicability-End -->
 
 <!-- TS_Session_End_On_Limit_2-OmaUri-Begin -->
@@ -4422,7 +4372,7 @@ Time limits are set locally by the server administrator or by using Group Policy
 <!-- TS_SESSIONS_Disconnected_Timeout_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Disconnected_Timeout_1-Applicability-End -->
 
 <!-- TS_SESSIONS_Disconnected_Timeout_1-OmaUri-Begin -->
@@ -4487,7 +4437,7 @@ When a session is in a disconnected state, running programs are kept active even
 <!-- TS_SESSIONS_Disconnected_Timeout_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Disconnected_Timeout_2-Applicability-End -->
 
 <!-- TS_SESSIONS_Disconnected_Timeout_2-OmaUri-Begin -->
@@ -4552,7 +4502,7 @@ When a session is in a disconnected state, running programs are kept active even
 <!-- TS_SESSIONS_Idle_Limit_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Idle_Limit_1-Applicability-End -->
 
 <!-- TS_SESSIONS_Idle_Limit_1-OmaUri-Begin -->
@@ -4615,7 +4565,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SESSIONS_Idle_Limit_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Idle_Limit_2-Applicability-End -->
 
 <!-- TS_SESSIONS_Idle_Limit_2-OmaUri-Begin -->
@@ -4678,7 +4628,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SESSIONS_Limits_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Limits_1-Applicability-End -->
 
 <!-- TS_SESSIONS_Limits_1-OmaUri-Begin -->
@@ -4741,7 +4691,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SESSIONS_Limits_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Limits_2-Applicability-End -->
 
 <!-- TS_SESSIONS_Limits_2-OmaUri-Begin -->
@@ -4804,7 +4754,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SINGLE_SESSION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SINGLE_SESSION-Applicability-End -->
 
 <!-- TS_SINGLE_SESSION-OmaUri-Begin -->
@@ -4865,7 +4815,7 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv
 <!-- TS_SMART_CARD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SMART_CARD-Applicability-End -->
 
 <!-- TS_SMART_CARD-OmaUri-Begin -->
@@ -4927,7 +4877,7 @@ This policy setting allows you to control the redirection of smart card devices
 <!-- TS_START_PROGRAM_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_START_PROGRAM_1-Applicability-End -->
 
 <!-- TS_START_PROGRAM_1-OmaUri-Begin -->
@@ -4995,7 +4945,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess
 <!-- TS_START_PROGRAM_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_START_PROGRAM_2-Applicability-End -->
 
 <!-- TS_START_PROGRAM_2-OmaUri-Begin -->
@@ -5062,7 +5012,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess
 <!-- TS_TEMP_DELETE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TEMP_DELETE-Applicability-End -->
 
 <!-- TS_TEMP_DELETE-OmaUri-Begin -->
@@ -5128,7 +5078,7 @@ You can use this setting to maintain a user's session-specific temporary folders
 <!-- TS_TEMP_PER_SESSION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TEMP_PER_SESSION-Applicability-End -->
 
 <!-- TS_TEMP_PER_SESSION-OmaUri-Begin -->
@@ -5191,7 +5141,7 @@ You can use this policy setting to disable the creation of separate temporary fo
 <!-- TS_TIME_ZONE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TIME_ZONE-Applicability-End -->
 
 <!-- TS_TIME_ZONE-OmaUri-Begin -->
@@ -5253,7 +5203,7 @@ This policy setting determines whether the client computer redirects its time zo
 <!-- TS_TSCC_PERMISSIONS_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TSCC_PERMISSIONS_POLICY-Applicability-End -->
 
 <!-- TS_TSCC_PERMISSIONS_POLICY-OmaUri-Begin -->
@@ -5317,7 +5267,7 @@ You can use this setting to prevent administrators from making changes to the us
 <!-- TS_TURNOFF_SINGLEAPP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TURNOFF_SINGLEAPP-Applicability-End -->
 
 <!-- TS_TURNOFF_SINGLEAPP-OmaUri-Begin -->
@@ -5379,7 +5329,7 @@ This policy setting determines whether the desktop is always displayed after a c
 <!-- TS_UIA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_UIA-Applicability-End -->
 
 <!-- TS_UIA-OmaUri-Begin -->
@@ -5442,7 +5392,7 @@ Remote Desktop sessions don't currently support UI Automation redirection.
 <!-- TS_USB_REDIRECTION_DISABLE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USB_REDIRECTION_DISABLE-Applicability-End -->
 
 <!-- TS_USB_REDIRECTION_DISABLE-OmaUri-Begin -->
@@ -5502,7 +5452,7 @@ For this change to take effect, you must restart Windows.
 <!-- TS_USER_AUTHENTICATION_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_AUTHENTICATION_POLICY-Applicability-End -->
 
 <!-- TS_USER_AUTHENTICATION_POLICY-OmaUri-Begin -->
@@ -5568,7 +5518,7 @@ To determine whether a client computer supports Network Level Authentication, st
 <!-- TS_USER_HOME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_HOME-Applicability-End -->
 
 <!-- TS_USER_HOME-OmaUri-Begin -->
@@ -5633,7 +5583,7 @@ If the status is set to Disabled or Not Configured, the user's home directory is
 <!-- TS_USER_MANDATORY_PROFILES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_MANDATORY_PROFILES-Applicability-End -->
 
 <!-- TS_USER_MANDATORY_PROFILES-OmaUri-Begin -->
@@ -5695,7 +5645,7 @@ This policy setting allows you to specify whether Remote Desktop Services uses a
 <!-- TS_USER_PROFILES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_PROFILES-Applicability-End -->
 
 <!-- TS_USER_PROFILES-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index 1b7747fb27..7095179c9c 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Thumbnails Policy CSP
 description: Learn more about the ADMX_Thumbnails Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableThumbnails-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableThumbnails-Applicability-End -->
 
 <!-- DisableThumbnails-OmaUri-Begin -->
@@ -82,7 +82,7 @@ File Explorer displays thumbnail images by default.
 <!-- DisableThumbnailsOnNetworkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableThumbnailsOnNetworkFolders-Applicability-End -->
 
 <!-- DisableThumbnailsOnNetworkFolders-OmaUri-Begin -->
@@ -143,7 +143,7 @@ File Explorer displays thumbnail images on network folders by default.
 <!-- DisableThumbsDBOnNetworkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableThumbsDBOnNetworkFolders-Applicability-End -->
 
 <!-- DisableThumbsDBOnNetworkFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 90a38cf981..0dd7cbbfb3 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_TouchInput Policy CSP
 description: Learn more about the ADMX_TouchInput Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- PanningEverywhereOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PanningEverywhereOff_1-Applicability-End -->
 
 <!-- PanningEverywhereOff_1-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co
 <!-- PanningEverywhereOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PanningEverywhereOff_2-Applicability-End -->
 
 <!-- PanningEverywhereOff_2-OmaUri-Begin -->
@@ -153,7 +153,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co
 <!-- TouchInputOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TouchInputOff_1-Applicability-End -->
 
 <!-- TouchInputOff_1-OmaUri-Begin -->
@@ -219,7 +219,7 @@ Turns off touch input, which allows the user to interact with their computer usi
 <!-- TouchInputOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TouchInputOff_2-Applicability-End -->
 
 <!-- TouchInputOff_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index 299bc993aa..f32dd4464c 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_TPM Policy CSP
 description: Learn more about the ADMX_TPM Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- BlockedCommandsList_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockedCommandsList_Name-Applicability-End -->
 
 <!-- BlockedCommandsList_Name-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting allows you to manage the Group Policy list of Trusted Platfo
 <!-- ClearTPMIfNotReady_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearTPMIfNotReady_Name-Applicability-End -->
 
 <!-- ClearTPMIfNotReady_Name-OmaUri-Begin -->
@@ -135,7 +135,7 @@ This policy setting configures the system to prompt the user to clear the TPM if
 <!-- IgnoreDefaultList_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IgnoreDefaultList_Name-Applicability-End -->
 
 <!-- IgnoreDefaultList_Name-OmaUri-Begin -->
@@ -196,7 +196,7 @@ The default list of blocked TPM commands is pre-configured by Windows. You can v
 <!-- IgnoreLocalList_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IgnoreLocalList_Name-Applicability-End -->
 
 <!-- IgnoreLocalList_Name-OmaUri-Begin -->
@@ -257,7 +257,7 @@ The local list of blocked TPM commands is configured outside of Group Policy by
 <!-- OptIntoDSHA_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- OptIntoDSHA_Name-Applicability-End -->
 
 <!-- OptIntoDSHA_Name-OmaUri-Begin -->
@@ -312,7 +312,7 @@ This group policy enables Device Health Attestation reporting (DHA-report) on su
 <!-- OSManagedAuth_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- OSManagedAuth_Name-Applicability-End -->
 
 <!-- OSManagedAuth_Name-OmaUri-Begin -->
@@ -379,7 +379,7 @@ Choose the operating system managed TPM authentication setting of "None" for com
 <!-- StandardUserAuthorizationFailureDuration_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StandardUserAuthorizationFailureDuration_Name-Applicability-End -->
 
 <!-- StandardUserAuthorizationFailureDuration_Name-OmaUri-Begin -->
@@ -450,7 +450,7 @@ If this value isn't configured, a default value of 480 minutes (8 hours) is used
 <!-- StandardUserAuthorizationFailureIndividualThreshold_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StandardUserAuthorizationFailureIndividualThreshold_Name-Applicability-End -->
 
 <!-- StandardUserAuthorizationFailureIndividualThreshold_Name-OmaUri-Begin -->
@@ -523,7 +523,7 @@ A value of zero means the OS won't allow standard users to send commands to the
 <!-- StandardUserAuthorizationFailureTotalThreshold_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StandardUserAuthorizationFailureTotalThreshold_Name-Applicability-End -->
 
 <!-- StandardUserAuthorizationFailureTotalThreshold_Name-OmaUri-Begin -->
@@ -596,7 +596,7 @@ A value of zero means the OS won't allow standard users to send commands to the
 <!-- UseLegacyDAP_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UseLegacyDAP_Name-Applicability-End -->
 
 <!-- UseLegacyDAP_Name-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index 5df403b933..01ba02840f 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_UserExperienceVirtualization Policy CSP
 description: Learn more about the ADMX_UserExperienceVirtualization Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Calculator-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Calculator-Applicability-End -->
 
 <!-- Calculator-OmaUri-Begin -->
@@ -88,7 +88,7 @@ By default, the user settings of Calculator synchronize between computers. Use t
 <!-- ConfigureSyncMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureSyncMethod-Applicability-End -->
 
 <!-- ConfigureSyncMethod-OmaUri-Begin -->
@@ -156,7 +156,7 @@ With notifications enabled, UE-V users receive a message when the settings sync
 <!-- ConfigureVdi-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureVdi-Applicability-End -->
 
 <!-- ConfigureVdi-OmaUri-Begin -->
@@ -221,7 +221,7 @@ This policy setting configures the synchronization of User Experience Virtualiza
 <!-- ContactITDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ContactITDescription-Applicability-End -->
 
 <!-- ContactITDescription-OmaUri-Begin -->
@@ -281,7 +281,7 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co
 <!-- ContactITUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ContactITUrl-Applicability-End -->
 
 <!-- ContactITUrl-OmaUri-Begin -->
@@ -341,7 +341,7 @@ This policy setting specifies the URL for the Contact IT link in the Company Set
 <!-- DisableWin8Sync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWin8Sync-Applicability-End -->
 
 <!-- DisableWin8Sync-OmaUri-Begin -->
@@ -411,7 +411,7 @@ By default, the UE-V Agent synchronizes settings for Windows apps between the co
 <!-- DisableWindowsOSSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWindowsOSSettings-Applicability-End -->
 
 <!-- DisableWindowsOSSettings-OmaUri-Begin -->
@@ -477,7 +477,7 @@ Certain Windows settings will synchronize between computers by default. These se
 <!-- EnableUEV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableUEV-Applicability-End -->
 
 <!-- EnableUEV-OmaUri-Begin -->
@@ -532,7 +532,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati
 <!-- Finance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Finance-Applicability-End -->
 
 <!-- Finance-OmaUri-Begin -->
@@ -599,7 +599,7 @@ By default, the user settings of Finance sync between computers. Use the policy
 <!-- FirstUseNotificationEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FirstUseNotificationEnabled-Applicability-End -->
 
 <!-- FirstUseNotificationEnabled-OmaUri-Begin -->
@@ -662,7 +662,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- Games-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Games-Applicability-End -->
 
 <!-- Games-OmaUri-Begin -->
@@ -729,7 +729,7 @@ By default, the user settings of Games sync between computers. Use the policy se
 <!-- InternetExplorer10-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer10-Applicability-End -->
 
 <!-- InternetExplorer10-OmaUri-Begin -->
@@ -796,7 +796,7 @@ By default, the user settings of Internet Explorer 10 synchronize between comput
 <!-- InternetExplorer11-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer11-Applicability-End -->
 
 <!-- InternetExplorer11-OmaUri-Begin -->
@@ -863,7 +863,7 @@ By default, the user settings of Internet Explorer 11 synchronize between comput
 <!-- InternetExplorer8-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer8-Applicability-End -->
 
 <!-- InternetExplorer8-OmaUri-Begin -->
@@ -930,7 +930,7 @@ By default, the user settings of Internet Explorer 8 synchronize between compute
 <!-- InternetExplorer9-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer9-Applicability-End -->
 
 <!-- InternetExplorer9-OmaUri-Begin -->
@@ -997,7 +997,7 @@ By default, the user settings of Internet Explorer 9 synchronize between compute
 <!-- InternetExplorerCommon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorerCommon-Applicability-End -->
 
 <!-- InternetExplorerCommon-OmaUri-Begin -->
@@ -1063,7 +1063,7 @@ By default, the user settings which are common between the versions of Internet
 <!-- Maps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Maps-Applicability-End -->
 
 <!-- Maps-OmaUri-Begin -->
@@ -1130,7 +1130,7 @@ By default, the user settings of Maps sync between computers. Use the policy set
 <!-- MaxPackageSizeInBytes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MaxPackageSizeInBytes-Applicability-End -->
 
 <!-- MaxPackageSizeInBytes-OmaUri-Begin -->
@@ -1192,7 +1192,7 @@ This policy setting allows you to configure the UE-V Agent to write a warning ev
 <!-- MicrosoftOffice2010Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Access-Applicability-End -->
 
 <!-- MicrosoftOffice2010Access-OmaUri-Begin -->
@@ -1258,7 +1258,7 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu
 <!-- MicrosoftOffice2010Common-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Common-Applicability-End -->
 
 <!-- MicrosoftOffice2010Common-OmaUri-Begin -->
@@ -1323,7 +1323,7 @@ By default, the user settings which are common between the Microsoft Office Suit
 <!-- MicrosoftOffice2010Excel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Excel-Applicability-End -->
 
 <!-- MicrosoftOffice2010Excel-OmaUri-Begin -->
@@ -1389,7 +1389,7 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput
 <!-- MicrosoftOffice2010InfoPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010InfoPath-Applicability-End -->
 
 <!-- MicrosoftOffice2010InfoPath-OmaUri-Begin -->
@@ -1455,7 +1455,7 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com
 <!-- MicrosoftOffice2010Lync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Lync-Applicability-End -->
 
 <!-- MicrosoftOffice2010Lync-OmaUri-Begin -->
@@ -1522,7 +1522,7 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute
 <!-- MicrosoftOffice2010OneNote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010OneNote-Applicability-End -->
 
 <!-- MicrosoftOffice2010OneNote-OmaUri-Begin -->
@@ -1588,7 +1588,7 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp
 <!-- MicrosoftOffice2010Outlook-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Outlook-Applicability-End -->
 
 <!-- MicrosoftOffice2010Outlook-OmaUri-Begin -->
@@ -1654,7 +1654,7 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp
 <!-- MicrosoftOffice2010PowerPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010PowerPoint-Applicability-End -->
 
 <!-- MicrosoftOffice2010PowerPoint-OmaUri-Begin -->
@@ -1720,7 +1720,7 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c
 <!-- MicrosoftOffice2010Project-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Project-Applicability-End -->
 
 <!-- MicrosoftOffice2010Project-OmaUri-Begin -->
@@ -1786,7 +1786,7 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp
 <!-- MicrosoftOffice2010Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Publisher-Applicability-End -->
 
 <!-- MicrosoftOffice2010Publisher-OmaUri-Begin -->
@@ -1852,7 +1852,7 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co
 <!-- MicrosoftOffice2010SharePointDesigner-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010SharePointDesigner-Applicability-End -->
 
 <!-- MicrosoftOffice2010SharePointDesigner-OmaUri-Begin -->
@@ -1918,7 +1918,7 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize
 <!-- MicrosoftOffice2010SharePointWorkspace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010SharePointWorkspace-Applicability-End -->
 
 <!-- MicrosoftOffice2010SharePointWorkspace-OmaUri-Begin -->
@@ -1984,7 +1984,7 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize
 <!-- MicrosoftOffice2010Visio-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Visio-Applicability-End -->
 
 <!-- MicrosoftOffice2010Visio-OmaUri-Begin -->
@@ -2050,7 +2050,7 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput
 <!-- MicrosoftOffice2010Word-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Word-Applicability-End -->
 
 <!-- MicrosoftOffice2010Word-OmaUri-Begin -->
@@ -2116,7 +2116,7 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute
 <!-- MicrosoftOffice2013Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Access-Applicability-End -->
 
 <!-- MicrosoftOffice2013Access-OmaUri-Begin -->
@@ -2182,7 +2182,7 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu
 <!-- MicrosoftOffice2013AccessBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013AccessBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013AccessBackup-OmaUri-Begin -->
@@ -2248,7 +2248,7 @@ Microsoft Access 2013 has user settings that are backed up instead of synchroniz
 <!-- MicrosoftOffice2013Common-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Common-Applicability-End -->
 
 <!-- MicrosoftOffice2013Common-OmaUri-Begin -->
@@ -2314,7 +2314,7 @@ By default, the user settings which are common between the Microsoft Office Suit
 <!-- MicrosoftOffice2013CommonBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013CommonBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013CommonBackup-OmaUri-Begin -->
@@ -2380,7 +2380,7 @@ Microsoft Office Suite 2013 has user settings which are common between applicati
 <!-- MicrosoftOffice2013Excel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Excel-Applicability-End -->
 
 <!-- MicrosoftOffice2013Excel-OmaUri-Begin -->
@@ -2446,7 +2446,7 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput
 <!-- MicrosoftOffice2013ExcelBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013ExcelBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013ExcelBackup-OmaUri-Begin -->
@@ -2512,7 +2512,7 @@ Microsoft Excel 2013 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2013InfoPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013InfoPath-Applicability-End -->
 
 <!-- MicrosoftOffice2013InfoPath-OmaUri-Begin -->
@@ -2578,7 +2578,7 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com
 <!-- MicrosoftOffice2013InfoPathBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013InfoPathBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013InfoPathBackup-OmaUri-Begin -->
@@ -2644,7 +2644,7 @@ Microsoft InfoPath 2013 has user settings that are backed up instead of synchron
 <!-- MicrosoftOffice2013Lync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Lync-Applicability-End -->
 
 <!-- MicrosoftOffice2013Lync-OmaUri-Begin -->
@@ -2710,7 +2710,7 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute
 <!-- MicrosoftOffice2013LyncBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013LyncBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013LyncBackup-OmaUri-Begin -->
@@ -2776,7 +2776,7 @@ Microsoft Lync 2013 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice2013OneDriveForBusiness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OneDriveForBusiness-Applicability-End -->
 
 <!-- MicrosoftOffice2013OneDriveForBusiness-OmaUri-Begin -->
@@ -2842,7 +2842,7 @@ By default, the user settings of OneDrive for Business 2013 synchronize between
 <!-- MicrosoftOffice2013OneNote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OneNote-Applicability-End -->
 
 <!-- MicrosoftOffice2013OneNote-OmaUri-Begin -->
@@ -2908,7 +2908,7 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp
 <!-- MicrosoftOffice2013OneNoteBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OneNoteBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013OneNoteBackup-OmaUri-Begin -->
@@ -2974,7 +2974,7 @@ Microsoft OneNote 2013 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2013Outlook-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Outlook-Applicability-End -->
 
 <!-- MicrosoftOffice2013Outlook-OmaUri-Begin -->
@@ -3040,7 +3040,7 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp
 <!-- MicrosoftOffice2013OutlookBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OutlookBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013OutlookBackup-OmaUri-Begin -->
@@ -3106,7 +3106,7 @@ Microsoft Outlook 2013 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2013PowerPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013PowerPoint-Applicability-End -->
 
 <!-- MicrosoftOffice2013PowerPoint-OmaUri-Begin -->
@@ -3172,7 +3172,7 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c
 <!-- MicrosoftOffice2013PowerPointBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013PowerPointBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013PowerPointBackup-OmaUri-Begin -->
@@ -3238,7 +3238,7 @@ Microsoft PowerPoint 2013 has user settings that are backed up instead of synchr
 <!-- MicrosoftOffice2013Project-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Project-Applicability-End -->
 
 <!-- MicrosoftOffice2013Project-OmaUri-Begin -->
@@ -3304,7 +3304,7 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp
 <!-- MicrosoftOffice2013ProjectBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013ProjectBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013ProjectBackup-OmaUri-Begin -->
@@ -3370,7 +3370,7 @@ Microsoft Project 2013 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2013Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Publisher-Applicability-End -->
 
 <!-- MicrosoftOffice2013Publisher-OmaUri-Begin -->
@@ -3436,7 +3436,7 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co
 <!-- MicrosoftOffice2013PublisherBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013PublisherBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013PublisherBackup-OmaUri-Begin -->
@@ -3502,7 +3502,7 @@ Microsoft Publisher 2013 has user settings that are backed up instead of synchro
 <!-- MicrosoftOffice2013SharePointDesigner-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013SharePointDesigner-Applicability-End -->
 
 <!-- MicrosoftOffice2013SharePointDesigner-OmaUri-Begin -->
@@ -3568,7 +3568,7 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize
 <!-- MicrosoftOffice2013SharePointDesignerBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013SharePointDesignerBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013SharePointDesignerBackup-OmaUri-Begin -->
@@ -3634,7 +3634,7 @@ Microsoft SharePoint Designer 2013 has user settings that are backed up instead
 <!-- MicrosoftOffice2013UploadCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013UploadCenter-Applicability-End -->
 
 <!-- MicrosoftOffice2013UploadCenter-OmaUri-Begin -->
@@ -3700,7 +3700,7 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize
 <!-- MicrosoftOffice2013Visio-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Visio-Applicability-End -->
 
 <!-- MicrosoftOffice2013Visio-OmaUri-Begin -->
@@ -3766,7 +3766,7 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput
 <!-- MicrosoftOffice2013VisioBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013VisioBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013VisioBackup-OmaUri-Begin -->
@@ -3832,7 +3832,7 @@ Microsoft Visio 2013 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2013Word-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Word-Applicability-End -->
 
 <!-- MicrosoftOffice2013Word-OmaUri-Begin -->
@@ -3898,7 +3898,7 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute
 <!-- MicrosoftOffice2013WordBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013WordBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013WordBackup-OmaUri-Begin -->
@@ -3964,7 +3964,7 @@ Microsoft Word 2013 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice2016Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Access-Applicability-End -->
 
 <!-- MicrosoftOffice2016Access-OmaUri-Begin -->
@@ -4030,7 +4030,7 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu
 <!-- MicrosoftOffice2016AccessBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016AccessBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016AccessBackup-OmaUri-Begin -->
@@ -4096,7 +4096,7 @@ Microsoft Access 2016 has user settings that are backed up instead of synchroniz
 <!-- MicrosoftOffice2016Common-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Common-Applicability-End -->
 
 <!-- MicrosoftOffice2016Common-OmaUri-Begin -->
@@ -4162,7 +4162,7 @@ By default, the user settings which are common between the Microsoft Office Suit
 <!-- MicrosoftOffice2016CommonBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016CommonBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016CommonBackup-OmaUri-Begin -->
@@ -4228,7 +4228,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati
 <!-- MicrosoftOffice2016Excel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Excel-Applicability-End -->
 
 <!-- MicrosoftOffice2016Excel-OmaUri-Begin -->
@@ -4294,7 +4294,7 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput
 <!-- MicrosoftOffice2016ExcelBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016ExcelBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016ExcelBackup-OmaUri-Begin -->
@@ -4360,7 +4360,7 @@ Microsoft Excel 2016 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2016Lync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Lync-Applicability-End -->
 
 <!-- MicrosoftOffice2016Lync-OmaUri-Begin -->
@@ -4426,7 +4426,7 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute
 <!-- MicrosoftOffice2016LyncBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016LyncBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016LyncBackup-OmaUri-Begin -->
@@ -4492,7 +4492,7 @@ Microsoft Lync 2016 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice2016OneDriveForBusiness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OneDriveForBusiness-Applicability-End -->
 
 <!-- MicrosoftOffice2016OneDriveForBusiness-OmaUri-Begin -->
@@ -4558,7 +4558,7 @@ By default, the user settings of OneDrive for Business 2016 synchronize between
 <!-- MicrosoftOffice2016OneNote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OneNote-Applicability-End -->
 
 <!-- MicrosoftOffice2016OneNote-OmaUri-Begin -->
@@ -4624,7 +4624,7 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp
 <!-- MicrosoftOffice2016OneNoteBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OneNoteBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016OneNoteBackup-OmaUri-Begin -->
@@ -4690,7 +4690,7 @@ Microsoft OneNote 2016 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2016Outlook-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Outlook-Applicability-End -->
 
 <!-- MicrosoftOffice2016Outlook-OmaUri-Begin -->
@@ -4756,7 +4756,7 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp
 <!-- MicrosoftOffice2016OutlookBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OutlookBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016OutlookBackup-OmaUri-Begin -->
@@ -4822,7 +4822,7 @@ Microsoft Outlook 2016 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2016PowerPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016PowerPoint-Applicability-End -->
 
 <!-- MicrosoftOffice2016PowerPoint-OmaUri-Begin -->
@@ -4888,7 +4888,7 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c
 <!-- MicrosoftOffice2016PowerPointBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016PowerPointBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016PowerPointBackup-OmaUri-Begin -->
@@ -4954,7 +4954,7 @@ Microsoft PowerPoint 2016 has user settings that are backed up instead of synchr
 <!-- MicrosoftOffice2016Project-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Project-Applicability-End -->
 
 <!-- MicrosoftOffice2016Project-OmaUri-Begin -->
@@ -5020,7 +5020,7 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp
 <!-- MicrosoftOffice2016ProjectBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016ProjectBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016ProjectBackup-OmaUri-Begin -->
@@ -5086,7 +5086,7 @@ Microsoft Project 2016 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2016Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Publisher-Applicability-End -->
 
 <!-- MicrosoftOffice2016Publisher-OmaUri-Begin -->
@@ -5152,7 +5152,7 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co
 <!-- MicrosoftOffice2016PublisherBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016PublisherBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016PublisherBackup-OmaUri-Begin -->
@@ -5218,7 +5218,7 @@ Microsoft Publisher 2016 has user settings that are backed up instead of synchro
 <!-- MicrosoftOffice2016UploadCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016UploadCenter-Applicability-End -->
 
 <!-- MicrosoftOffice2016UploadCenter-OmaUri-Begin -->
@@ -5284,7 +5284,7 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize
 <!-- MicrosoftOffice2016Visio-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Visio-Applicability-End -->
 
 <!-- MicrosoftOffice2016Visio-OmaUri-Begin -->
@@ -5350,7 +5350,7 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput
 <!-- MicrosoftOffice2016VisioBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016VisioBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016VisioBackup-OmaUri-Begin -->
@@ -5416,7 +5416,7 @@ Microsoft Visio 2016 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2016Word-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Word-Applicability-End -->
 
 <!-- MicrosoftOffice2016Word-OmaUri-Begin -->
@@ -5482,7 +5482,7 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute
 <!-- MicrosoftOffice2016WordBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016WordBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016WordBackup-OmaUri-Begin -->
@@ -5548,7 +5548,7 @@ Microsoft Word 2016 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice365Access2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Access2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Access2013-OmaUri-Begin -->
@@ -5614,7 +5614,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Access2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Access2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Access2016-OmaUri-Begin -->
@@ -5680,7 +5680,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Common2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Common2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Common2013-OmaUri-Begin -->
@@ -5746,7 +5746,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Common2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Common2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Common2016-OmaUri-Begin -->
@@ -5812,7 +5812,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Excel2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Excel2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Excel2013-OmaUri-Begin -->
@@ -5878,7 +5878,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Excel2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Excel2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Excel2016-OmaUri-Begin -->
@@ -5944,7 +5944,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365InfoPath2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365InfoPath2013-Applicability-End -->
 
 <!-- MicrosoftOffice365InfoPath2013-OmaUri-Begin -->
@@ -6010,7 +6010,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Lync2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Lync2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Lync2013-OmaUri-Begin -->
@@ -6076,7 +6076,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Lync2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Lync2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Lync2016-OmaUri-Begin -->
@@ -6142,7 +6142,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365OneNote2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365OneNote2013-Applicability-End -->
 
 <!-- MicrosoftOffice365OneNote2013-OmaUri-Begin -->
@@ -6208,7 +6208,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365OneNote2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365OneNote2016-Applicability-End -->
 
 <!-- MicrosoftOffice365OneNote2016-OmaUri-Begin -->
@@ -6274,7 +6274,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Outlook2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Outlook2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Outlook2013-OmaUri-Begin -->
@@ -6340,7 +6340,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Outlook2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Outlook2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Outlook2016-OmaUri-Begin -->
@@ -6406,7 +6406,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365PowerPoint2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365PowerPoint2013-Applicability-End -->
 
 <!-- MicrosoftOffice365PowerPoint2013-OmaUri-Begin -->
@@ -6472,7 +6472,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365PowerPoint2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365PowerPoint2016-Applicability-End -->
 
 <!-- MicrosoftOffice365PowerPoint2016-OmaUri-Begin -->
@@ -6538,7 +6538,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Project2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Project2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Project2013-OmaUri-Begin -->
@@ -6604,7 +6604,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Project2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Project2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Project2016-OmaUri-Begin -->
@@ -6670,7 +6670,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Publisher2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Publisher2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Publisher2013-OmaUri-Begin -->
@@ -6736,7 +6736,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Publisher2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Publisher2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Publisher2016-OmaUri-Begin -->
@@ -6802,7 +6802,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365SharePointDesigner2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365SharePointDesigner2013-Applicability-End -->
 
 <!-- MicrosoftOffice365SharePointDesigner2013-OmaUri-Begin -->
@@ -6868,7 +6868,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Visio2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Visio2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Visio2013-OmaUri-Begin -->
@@ -6934,7 +6934,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Visio2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Visio2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Visio2016-OmaUri-Begin -->
@@ -7000,7 +7000,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Word2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Word2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Word2013-OmaUri-Begin -->
@@ -7066,7 +7066,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Word2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Word2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Word2016-OmaUri-Begin -->
@@ -7132,7 +7132,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- Music-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Music-Applicability-End -->
 
 <!-- Music-OmaUri-Begin -->
@@ -7199,7 +7199,7 @@ By default, the user settings of Music sync between computers. Use the policy se
 <!-- News-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- News-Applicability-End -->
 
 <!-- News-OmaUri-Begin -->
@@ -7266,7 +7266,7 @@ By default, the user settings of News sync between computers. Use the policy set
 <!-- Notepad-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Notepad-Applicability-End -->
 
 <!-- Notepad-OmaUri-Begin -->
@@ -7333,7 +7333,7 @@ By default, the user settings of Notepad synchronize between computers. Use the
 <!-- Reader-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reader-Applicability-End -->
 
 <!-- Reader-OmaUri-Begin -->
@@ -7400,7 +7400,7 @@ By default, the user settings of Reader sync between computers. Use the policy s
 <!-- RepositoryTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RepositoryTimeout-Applicability-End -->
 
 <!-- RepositoryTimeout-OmaUri-Begin -->
@@ -7464,7 +7464,7 @@ You can use this setting to override the default value of 2000 milliseconds.
 <!-- SettingsStoragePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SettingsStoragePath-Applicability-End -->
 
 <!-- SettingsStoragePath-OmaUri-Begin -->
@@ -7526,7 +7526,7 @@ This policy setting configures where the settings package files that contain use
 <!-- SettingsTemplateCatalogPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SettingsTemplateCatalogPath-Applicability-End -->
 
 <!-- SettingsTemplateCatalogPath-OmaUri-Begin -->
@@ -7592,7 +7592,7 @@ If you specify a UNC path and check the option to replace the default Microsoft
 <!-- Sports-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Sports-Applicability-End -->
 
 <!-- Sports-OmaUri-Begin -->
@@ -7659,7 +7659,7 @@ By default, the user settings of Sports sync between computers. Use the policy s
 <!-- SyncEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncEnabled-Applicability-End -->
 
 <!-- SyncEnabled-OmaUri-Begin -->
@@ -7718,7 +7718,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati
 <!-- SyncOverMeteredNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncOverMeteredNetwork-Applicability-End -->
 
 <!-- SyncOverMeteredNetwork-OmaUri-Begin -->
@@ -7785,7 +7785,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- SyncOverMeteredNetworkWhenRoaming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncOverMeteredNetworkWhenRoaming-Applicability-End -->
 
 <!-- SyncOverMeteredNetworkWhenRoaming-OmaUri-Begin -->
@@ -7852,7 +7852,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- SyncProviderPingEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncProviderPingEnabled-Applicability-End -->
 
 <!-- SyncProviderPingEnabled-OmaUri-Begin -->
@@ -7917,7 +7917,7 @@ This policy setting allows you to configure the User Experience Virtualization (
 <!-- SyncUnlistedWindows8Apps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncUnlistedWindows8Apps-Applicability-End -->
 
 <!-- SyncUnlistedWindows8Apps-OmaUri-Begin -->
@@ -7980,7 +7980,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- Travel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Travel-Applicability-End -->
 
 <!-- Travel-OmaUri-Begin -->
@@ -8047,7 +8047,7 @@ By default, the user settings of Travel sync between computers. Use the policy s
 <!-- TrayIconEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TrayIconEnabled-Applicability-End -->
 
 <!-- TrayIconEnabled-OmaUri-Begin -->
@@ -8106,7 +8106,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- Video-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Video-Applicability-End -->
 
 <!-- Video-OmaUri-Begin -->
@@ -8173,7 +8173,7 @@ By default, the user settings of Video sync between computers. Use the policy se
 <!-- Weather-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Weather-Applicability-End -->
 
 <!-- Weather-OmaUri-Begin -->
@@ -8240,7 +8240,7 @@ By default, the user settings of Weather sync between computers. Use the policy
 <!-- Wordpad-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Wordpad-Applicability-End -->
 
 <!-- Wordpad-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index adf0ccefe0..f6d72112f3 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_UserProfiles Policy CSP
 description: Learn more about the ADMX_UserProfiles Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CleanupProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CleanupProfiles-Applicability-End -->
 
 <!-- CleanupProfiles-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting allows an administrator to automatically delete user profile
 <!-- DontForceUnloadHive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DontForceUnloadHive-Applicability-End -->
 
 <!-- DontForceUnloadHive-OmaUri-Begin -->
@@ -144,7 +144,7 @@ This policy setting controls whether Windows forcefully unloads the user's regis
 <!-- LeaveAppMgmtData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LeaveAppMgmtData-Applicability-End -->
 
 <!-- LeaveAppMgmtData-OmaUri-Begin -->
@@ -208,7 +208,7 @@ By default Windows deletes all information related to a roaming user (which incl
 <!-- LimitSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LimitSize-Applicability-End -->
 
 <!-- LimitSize-OmaUri-Begin -->
@@ -280,7 +280,7 @@ This policy setting sets the maximum size of each user profile and determines th
 <!-- ProfileErrorAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProfileErrorAction-Applicability-End -->
 
 <!-- ProfileErrorAction-OmaUri-Begin -->
@@ -343,7 +343,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting.
 <!-- SlowLinkTimeOut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SlowLinkTimeOut-Applicability-End -->
 
 <!-- SlowLinkTimeOut-OmaUri-Begin -->
@@ -408,7 +408,7 @@ This policy setting and related policy settings in this folder together define t
 <!-- USER_HOME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- USER_HOME-Applicability-End -->
 
 <!-- USER_HOME-OmaUri-Begin -->
@@ -475,7 +475,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl
 <!-- UserInfoAccessAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UserInfoAccessAction-Applicability-End -->
 
 <!-- UserInfoAccessAction-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 3aaf1c7335..36500806d4 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_W32Time Policy CSP
 description: Learn more about the ADMX_W32Time Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- W32TIME_POLICY_CONFIG-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_CONFIG-Applicability-End -->
 
 <!-- W32TIME_POLICY_CONFIG-OmaUri-Begin -->
@@ -179,7 +179,7 @@ This parameter controls the frequency at which an event that indicates the numbe
 <!-- W32TIME_POLICY_CONFIGURE_NTPCLIENT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_CONFIGURE_NTPCLIENT-Applicability-End -->
 
 <!-- W32TIME_POLICY_CONFIGURE_NTPCLIENT-OmaUri-Begin -->
@@ -265,7 +265,7 @@ This value is a bitmask that controls events that may be logged to the System lo
 <!-- W32TIME_POLICY_ENABLE_NTPCLIENT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_ENABLE_NTPCLIENT-Applicability-End -->
 
 <!-- W32TIME_POLICY_ENABLE_NTPCLIENT-OmaUri-Begin -->
@@ -326,7 +326,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer
 <!-- W32TIME_POLICY_ENABLE_NTPSERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_ENABLE_NTPSERVER-Applicability-End -->
 
 <!-- W32TIME_POLICY_ENABLE_NTPSERVER-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index e6fe0c1726..67bae2d6f2 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WCM Policy CSP
 description: Learn more about the ADMX_WCM Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WCM_DisablePowerManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCM_DisablePowerManagement-Applicability-End -->
 
 <!-- WCM_DisablePowerManagement-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting specifies that power management is disabled when the machine
 <!-- WCM_EnableSoftDisconnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCM_EnableSoftDisconnect-Applicability-End -->
 
 <!-- WCM_EnableSoftDisconnect-OmaUri-Begin -->
@@ -149,7 +149,7 @@ This policy setting depends on other group policy settings. For example, if 'Min
 <!-- WCM_MinimizeConnections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCM_MinimizeConnections-Applicability-End -->
 
 <!-- WCM_MinimizeConnections-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index df4c5846ad..1c28ee517e 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WDI Policy CSP
 description: Learn more about the ADMX_WDI Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WdiDpsScenarioDataSizeLimitPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiDpsScenarioDataSizeLimitPolicy-Applicability-End -->
 
 <!-- WdiDpsScenarioDataSizeLimitPolicy-OmaUri-Begin -->
@@ -84,7 +84,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiDpsScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiDpsScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiDpsScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index 31833306d1..182bcadb67 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WinCal Policy CSP
 description: Learn more about the ADMX_WinCal Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- TurnOffWinCal_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffWinCal_1-Applicability-End -->
 
 <!-- TurnOffWinCal_1-OmaUri-Begin -->
@@ -82,7 +82,7 @@ The default is for Windows Calendar to be turned on.
 <!-- TurnOffWinCal_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffWinCal_2-Applicability-End -->
 
 <!-- TurnOffWinCal_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index 2055d516ec..d975aa7c0c 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsColorSystem Policy CSP
 description: Learn more about the ADMX_WindowsColorSystem Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ProhibitChangingInstalledProfileList_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProhibitChangingInstalledProfileList_1-Applicability-End -->
 
 <!-- ProhibitChangingInstalledProfileList_1-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting affects the ability of users to install or uninstall color p
 <!-- ProhibitChangingInstalledProfileList_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProhibitChangingInstalledProfileList_2-Applicability-End -->
 
 <!-- ProhibitChangingInstalledProfileList_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index b115f7d5e2..581b608823 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsConnectNow Policy CSP
 description: Learn more about the ADMX_WindowsConnectNow Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- WCN_DisableWcnUi_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCN_DisableWcnUi_1-Applicability-End -->
 
 <!-- WCN_DisableWcnUi_1-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards.
 <!-- WCN_DisableWcnUi_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCN_DisableWcnUi_2-Applicability-End -->
 
 <!-- WCN_DisableWcnUi_2-OmaUri-Begin -->
@@ -139,7 +139,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards.
 <!-- WCN_EnableRegistrar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCN_EnableRegistrar-Applicability-End -->
 
 <!-- WCN_EnableRegistrar-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 7fe9bd9679..44d542de9d 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsExplorer Policy CSP
 description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CheckSameSourceAndTargetForFRAndDFS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CheckSameSourceAndTargetForFRAndDFS-Applicability-End -->
 
 <!-- CheckSameSourceAndTargetForFRAndDFS-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting allows you to prevent data loss when you change the target l
 <!-- ClassicShell-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClassicShell-Applicability-End -->
 
 <!-- ClassicShell-OmaUri-Begin -->
@@ -149,7 +149,7 @@ Also, see the "Disable Active Desktop" setting in User Configuration\Administrat
 <!-- ConfirmFileDelete-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfirmFileDelete-Applicability-End -->
 
 <!-- ConfirmFileDelete-OmaUri-Begin -->
@@ -208,7 +208,7 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i
 <!-- DefaultLibrariesLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DefaultLibrariesLocation-Applicability-End -->
 
 <!-- DefaultLibrariesLocation-OmaUri-Begin -->
@@ -270,7 +270,7 @@ This policy setting allows you to specify a location where all default Library d
 <!-- DisableBindDirectlyToPropertySetStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBindDirectlyToPropertySetStorage-Applicability-End -->
 
 <!-- DisableBindDirectlyToPropertySetStorage-OmaUri-Begin -->
@@ -331,7 +331,7 @@ This disables access to user-defined properties, and properties stored in NTFS s
 <!-- DisableIndexedLibraryExperience-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableIndexedLibraryExperience-Applicability-End -->
 
 <!-- DisableIndexedLibraryExperience-OmaUri-Begin -->
@@ -402,7 +402,7 @@ This policy won't enable users to add unsupported locations to Libraries.
 <!-- DisableKnownFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableKnownFolders-Applicability-End -->
 
 <!-- DisableKnownFolders-OmaUri-Begin -->
@@ -456,13 +456,63 @@ You can specify a known folder using its known folder id or using its canonical
 
 <!-- DisableKnownFolders-End -->
 
+<!-- DisableMotWOnInsecurePathCopy-Begin -->
+## DisableMotWOnInsecurePathCopy
+
+<!-- DisableMotWOnInsecurePathCopy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+<!-- DisableMotWOnInsecurePathCopy-Applicability-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsExplorer/DisableMotWOnInsecurePathCopy
+```
+<!-- DisableMotWOnInsecurePathCopy-OmaUri-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- DisableMotWOnInsecurePathCopy-Description-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableMotWOnInsecurePathCopy-Editable-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DisableMotWOnInsecurePathCopy-DFProperties-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableMotWOnInsecurePathCopy |
+| ADMX File Name | WindowsExplorer.admx |
+<!-- DisableMotWOnInsecurePathCopy-AdmxBacked-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableMotWOnInsecurePathCopy-Examples-End -->
+
+<!-- DisableMotWOnInsecurePathCopy-End -->
+
 <!-- DisableSearchBoxSuggestions-Begin -->
 ## DisableSearchBoxSuggestions
 
 <!-- DisableSearchBoxSuggestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSearchBoxSuggestions-Applicability-End -->
 
 <!-- DisableSearchBoxSuggestions-OmaUri-Begin -->
@@ -522,7 +572,7 @@ File Explorer shows suggestion pop-ups as users type into the Search Box. These
 <!-- EnableShellShortcutIconRemotePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableShellShortcutIconRemotePath-Applicability-End -->
 
 <!-- EnableShellShortcutIconRemotePath-OmaUri-Begin -->
@@ -584,7 +634,7 @@ This policy setting determines whether remote paths can be used for file shortcu
 <!-- EnableSmartScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableSmartScreen-Applicability-End -->
 
 <!-- EnableSmartScreen-OmaUri-Begin -->
@@ -655,7 +705,7 @@ For more information, see [Microsoft Defender SmartScreen](/windows/security/ope
 <!-- EnforceShellExtensionSecurity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnforceShellExtensionSecurity-Applicability-End -->
 
 <!-- EnforceShellExtensionSecurity-OmaUri-Begin -->
@@ -716,7 +766,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_
 <!-- ExplorerRibbonStartsMinimized-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExplorerRibbonStartsMinimized-Applicability-End -->
 
 <!-- ExplorerRibbonStartsMinimized-OmaUri-Begin -->
@@ -779,7 +829,7 @@ This policy setting allows you to specify whether the ribbon appears minimized o
 <!-- HideContentViewModeSnippets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideContentViewModeSnippets-Applicability-End -->
 
 <!-- HideContentViewModeSnippets-OmaUri-Begin -->
@@ -838,7 +888,7 @@ This policy setting allows you to turn off the display of snippets in Content vi
 <!-- IZ_Policy_OpenSearchPreview_Internet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Internet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Internet-OmaUri-Begin -->
@@ -905,7 +955,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_InternetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_InternetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_InternetLockdown-OmaUri-Begin -->
@@ -972,7 +1022,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_Intranet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Intranet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Intranet-OmaUri-Begin -->
@@ -1039,7 +1089,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_IntranetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_IntranetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_IntranetLockdown-OmaUri-Begin -->
@@ -1106,7 +1156,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_LocalMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_LocalMachine-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_LocalMachine-OmaUri-Begin -->
@@ -1173,7 +1223,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_LocalMachineLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_LocalMachineLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_LocalMachineLockdown-OmaUri-Begin -->
@@ -1240,7 +1290,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_Restricted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Restricted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Restricted-OmaUri-Begin -->
@@ -1307,7 +1357,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_RestrictedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_RestrictedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_RestrictedLockdown-OmaUri-Begin -->
@@ -1374,7 +1424,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_Trusted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Trusted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Trusted-OmaUri-Begin -->
@@ -1441,7 +1491,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_TrustedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_TrustedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_TrustedLockdown-OmaUri-Begin -->
@@ -1508,7 +1558,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchQuery_Internet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Internet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Internet-OmaUri-Begin -->
@@ -1573,7 +1623,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_InternetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_InternetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_InternetLockdown-OmaUri-Begin -->
@@ -1638,7 +1688,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_Intranet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Intranet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Intranet-OmaUri-Begin -->
@@ -1703,7 +1753,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_IntranetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_IntranetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_IntranetLockdown-OmaUri-Begin -->
@@ -1768,7 +1818,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_LocalMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_LocalMachine-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_LocalMachine-OmaUri-Begin -->
@@ -1833,7 +1883,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_LocalMachineLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_LocalMachineLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_LocalMachineLockdown-OmaUri-Begin -->
@@ -1898,7 +1948,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_Restricted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Restricted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Restricted-OmaUri-Begin -->
@@ -1963,7 +2013,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_RestrictedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_RestrictedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_RestrictedLockdown-OmaUri-Begin -->
@@ -2028,7 +2078,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_Trusted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Trusted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Trusted-OmaUri-Begin -->
@@ -2093,7 +2143,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_TrustedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_TrustedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_TrustedLockdown-OmaUri-Begin -->
@@ -2158,7 +2208,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- LinkResolveIgnoreLinkInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LinkResolveIgnoreLinkInfo-Applicability-End -->
 
 <!-- LinkResolveIgnoreLinkInfo-OmaUri-Begin -->
@@ -2219,7 +2269,7 @@ Shortcut files typically include an absolute path to the original target file as
 <!-- MaxRecentDocs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MaxRecentDocs-Applicability-End -->
 
 <!-- MaxRecentDocs-OmaUri-Begin -->
@@ -2279,7 +2329,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo
 <!-- NoBackButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoBackButton-Applicability-End -->
 
 <!-- NoBackButton-OmaUri-Begin -->
@@ -2345,7 +2395,7 @@ To see an example of the standard Open dialog box, start Notepad and, on the Fil
 <!-- NoCacheThumbNailPictures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCacheThumbNailPictures-Applicability-End -->
 
 <!-- NoCacheThumbNailPictures-OmaUri-Begin -->
@@ -2407,7 +2457,7 @@ This policy setting allows you to turn off caching of thumbnail pictures.
 <!-- NoCDBurning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCDBurning-Applicability-End -->
 
 <!-- NoCDBurning-OmaUri-Begin -->
@@ -2469,7 +2519,7 @@ This policy setting allows you to remove CD Burning features. File Explorer allo
 <!-- NoChangeAnimation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChangeAnimation-Applicability-End -->
 
 <!-- NoChangeAnimation-OmaUri-Begin -->
@@ -2530,7 +2580,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi
 <!-- NoChangeKeyboardNavigationIndicators-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChangeKeyboardNavigationIndicators-Applicability-End -->
 
 <!-- NoChangeKeyboardNavigationIndicators-OmaUri-Begin -->
@@ -2589,7 +2639,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper
 <!-- NoDFSTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDFSTab-Applicability-End -->
 
 <!-- NoDFSTab-OmaUri-Begin -->
@@ -2650,7 +2700,7 @@ This policy setting doesn't prevent users from using other methods to configure
 <!-- NoDrives-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDrives-Applicability-End -->
 
 <!-- NoDrives-OmaUri-Begin -->
@@ -2717,7 +2767,7 @@ Also, see the "Prevent access to drives from My Computer" policy setting.
 <!-- NoEntireNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoEntireNetwork-Applicability-End -->
 
 <!-- NoEntireNetwork-OmaUri-Begin -->
@@ -2781,7 +2831,7 @@ To remove computers in the user's workgroup or domain from lists of network reso
 <!-- NoFileMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFileMenu-Applicability-End -->
 
 <!-- NoFileMenu-OmaUri-Begin -->
@@ -2838,7 +2888,7 @@ This setting doesn't prevent users from using other methods to perform tasks ava
 <!-- NoFileMRU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFileMRU-Applicability-End -->
 
 <!-- NoFileMRU-OmaUri-Begin -->
@@ -2904,7 +2954,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil
 <!-- NoFolderOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFolderOptions-Applicability-End -->
 
 <!-- NoFolderOptions-OmaUri-Begin -->
@@ -2965,7 +3015,7 @@ Folder Options allows users to change the way files and folders open, what appea
 <!-- NoHardwareTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoHardwareTab-Applicability-End -->
 
 <!-- NoHardwareTab-OmaUri-Begin -->
@@ -3022,7 +3072,7 @@ This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio
 <!-- NoManageMyComputerVerb-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoManageMyComputerVerb-Applicability-End -->
 
 <!-- NoManageMyComputerVerb-OmaUri-Begin -->
@@ -3084,7 +3134,7 @@ This setting doesn't remove the Computer Management item from the Start menu (St
 <!-- NoMyComputerSharedDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMyComputerSharedDocuments-Applicability-End -->
 
 <!-- NoMyComputerSharedDocuments-OmaUri-Begin -->
@@ -3148,7 +3198,7 @@ When a Windows client is in a workgroup, a Shared Documents icon appears in the
 <!-- NoNetConnectDisconnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNetConnectDisconnect-Applicability-End -->
 
 <!-- NoNetConnectDisconnect-OmaUri-Begin -->
@@ -3213,7 +3263,7 @@ This setting doesn't prevent users from connecting to another computer by typing
 <!-- NoNewAppAlert-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNewAppAlert-Applicability-End -->
 
 <!-- NoNewAppAlert-OmaUri-Begin -->
@@ -3270,7 +3320,7 @@ If this group policy is enabled, no notifications will be shown. If the group po
 <!-- NoPlacesBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPlacesBar-Applicability-End -->
 
 <!-- NoPlacesBar-OmaUri-Begin -->
@@ -3332,7 +3382,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil
 <!-- NoRecycleFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecycleFiles-Applicability-End -->
 
 <!-- NoRecycleFiles-OmaUri-Begin -->
@@ -3391,7 +3441,7 @@ When a file or folder is deleted in File Explorer, a copy of the file or folder
 <!-- NoRunAsInstallPrompt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRunAsInstallPrompt-Applicability-End -->
 
 <!-- NoRunAsInstallPrompt-OmaUri-Begin -->
@@ -3456,7 +3506,7 @@ By default, users aren't prompted for alternate logon credentials when installin
 <!-- NoSearchInternetTryHarderButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchInternetTryHarderButton-Applicability-End -->
 
 <!-- NoSearchInternetTryHarderButton-OmaUri-Begin -->
@@ -3516,7 +3566,7 @@ By default, users aren't prompted for alternate logon credentials when installin
 <!-- NoSecurityTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSecurityTab-Applicability-End -->
 
 <!-- NoSecurityTab-OmaUri-Begin -->
@@ -3575,7 +3625,7 @@ Removes the Security tab from File Explorer.
 <!-- NoShellSearchButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoShellSearchButton-Applicability-End -->
 
 <!-- NoShellSearchButton-OmaUri-Begin -->
@@ -3638,7 +3688,7 @@ This policy setting doesn't affect the Search items on the File Explorer context
 <!-- NoStrCmpLogical-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStrCmpLogical-Applicability-End -->
 
 <!-- NoStrCmpLogical-OmaUri-Begin -->
@@ -3701,7 +3751,7 @@ This policy setting allows you to have file names sorted literally (as in Window
 <!-- NoViewContextMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoViewContextMenu-Applicability-End -->
 
 <!-- NoViewContextMenu-OmaUri-Begin -->
@@ -3758,7 +3808,7 @@ If you enable this setting, menus don't appear when you right-click the desktop
 <!-- NoViewOnDrive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoViewOnDrive-Applicability-End -->
 
 <!-- NoViewOnDrive-OmaUri-Begin -->
@@ -3823,7 +3873,7 @@ Also, see the "Hide these specified drives in My Computer" setting.
 <!-- NoWindowsHotKeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsHotKeys-Applicability-End -->
 
 <!-- NoWindowsHotKeys-OmaUri-Begin -->
@@ -3884,7 +3934,7 @@ Keyboards with a Windows key provide users with shortcuts to common shell featur
 <!-- NoWorkgroupContents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWorkgroupContents-Applicability-End -->
 
 <!-- NoWorkgroupContents-OmaUri-Begin -->
@@ -3947,7 +3997,7 @@ To remove network computers from lists of network resources, use the "No Entire
 <!-- PlacesBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PlacesBar-Applicability-End -->
 
 <!-- PlacesBar-OmaUri-Begin -->
@@ -4024,7 +4074,7 @@ Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachment
 <!-- PromptRunasInstallNetPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PromptRunasInstallNetPath-Applicability-End -->
 
 <!-- PromptRunasInstallNetPath-OmaUri-Begin -->
@@ -4090,7 +4140,7 @@ If the dialog box doesn't appear, the installation proceeds with the current use
 <!-- RecycleBinSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RecycleBinSize-Applicability-End -->
 
 <!-- RecycleBinSize-OmaUri-Begin -->
@@ -4151,7 +4201,7 @@ Limits the percentage of a volume's disk space that can be used to store deleted
 <!-- ShellProtocolProtectedModeTitle_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellProtocolProtectedModeTitle_1-Applicability-End -->
 
 <!-- ShellProtocolProtectedModeTitle_1-OmaUri-Begin -->
@@ -4212,7 +4262,7 @@ This policy setting allows you to configure the amount of functionality that the
 <!-- ShellProtocolProtectedModeTitle_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellProtocolProtectedModeTitle_2-Applicability-End -->
 
 <!-- ShellProtocolProtectedModeTitle_2-OmaUri-Begin -->
@@ -4273,7 +4323,7 @@ This policy setting allows you to configure the amount of functionality that the
 <!-- ShowHibernateOption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowHibernateOption-Applicability-End -->
 
 <!-- ShowHibernateOption-OmaUri-Begin -->
@@ -4334,7 +4384,7 @@ Shows or hides hibernate from the power options menu.
 <!-- ShowSleepOption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowSleepOption-Applicability-End -->
 
 <!-- ShowSleepOption-OmaUri-Begin -->
@@ -4395,7 +4445,7 @@ Shows or hides sleep from the power options menu.
 <!-- TryHarderPinnedLibrary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TryHarderPinnedLibrary-Applicability-End -->
 
 <!-- TryHarderPinnedLibrary-OmaUri-Begin -->
@@ -4458,7 +4508,7 @@ The first several links will also be pinned to the Start menu. A total of four l
 <!-- TryHarderPinnedOpenSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TryHarderPinnedOpenSearch-Applicability-End -->
 
 <!-- TryHarderPinnedOpenSearch-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index dbd36541c4..1e41f5c049 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsMediaDRM Policy CSP
 description: Learn more about the ADMX_WindowsMediaDRM Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableOnline-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOnline-Applicability-End -->
 
 <!-- DisableOnline-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index 04df21d7a7..7f1dc35461 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsMediaPlayer Policy CSP
 description: Learn more about the ADMX_WindowsMediaPlayer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ConfigureHTTPProxySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureHTTPProxySettings-Applicability-End -->
 
 <!-- ConfigureHTTPProxySettings-OmaUri-Begin -->
@@ -94,7 +94,7 @@ This policy is ignored if the "Streaming media protocols" policy setting is enab
 <!-- ConfigureMMSProxySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureMMSProxySettings-Applicability-End -->
 
 <!-- ConfigureMMSProxySettings-OmaUri-Begin -->
@@ -165,7 +165,7 @@ This policy setting is ignored if the "Streaming media protocols" policy setting
 <!-- ConfigureRTSPProxySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureRTSPProxySettings-Applicability-End -->
 
 <!-- ConfigureRTSPProxySettings-OmaUri-Begin -->
@@ -234,7 +234,7 @@ The Configure button on the Network tab in the Player isn't available and the pr
 <!-- DisableAutoUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoUpdate-Applicability-End -->
 
 <!-- DisableAutoUpdate-OmaUri-Begin -->
@@ -295,7 +295,7 @@ This policy setting prevents the dialog boxes which allow users to select privac
 <!-- DisableNetworkSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNetworkSettings-Applicability-End -->
 
 <!-- DisableNetworkSettings-OmaUri-Begin -->
@@ -354,7 +354,7 @@ This policy setting allows you to hide the Network tab.
 <!-- DisableSetupFirstUseConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSetupFirstUseConfiguration-Applicability-End -->
 
 <!-- DisableSetupFirstUseConfiguration-OmaUri-Begin -->
@@ -415,7 +415,7 @@ This policy setting allows you to prevent the anchor window from being displayed
 <!-- DoNotShowAnchor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotShowAnchor-Applicability-End -->
 
 <!-- DoNotShowAnchor-OmaUri-Begin -->
@@ -476,7 +476,7 @@ When this policy isn't configured and the Set and Lock Skin policy is enabled, s
 <!-- DontUseFrameInterpolation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DontUseFrameInterpolation-Applicability-End -->
 
 <!-- DontUseFrameInterpolation-OmaUri-Begin -->
@@ -539,7 +539,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP
 <!-- EnableScreenSaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableScreenSaver-Applicability-End -->
 
 <!-- EnableScreenSaver-OmaUri-Begin -->
@@ -600,7 +600,7 @@ This policy setting allows a screen saver to interrupt playback.
 <!-- HidePrivacyTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HidePrivacyTab-Applicability-End -->
 
 <!-- HidePrivacyTab-OmaUri-Begin -->
@@ -661,7 +661,7 @@ The default privacy settings are used for the options on the Privacy tab unless
 <!-- HideSecurityTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSecurityTab-Applicability-End -->
 
 <!-- HideSecurityTab-OmaUri-Begin -->
@@ -720,7 +720,7 @@ This policy setting allows you to hide the Security tab in Windows Media Player.
 <!-- NetworkBuffering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NetworkBuffering-Applicability-End -->
 
 <!-- NetworkBuffering-OmaUri-Begin -->
@@ -785,7 +785,7 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P
 <!-- PolicyCodecUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PolicyCodecUpdate-Applicability-End -->
 
 <!-- PolicyCodecUpdate-OmaUri-Begin -->
@@ -846,7 +846,7 @@ This policy setting allows you to prevent Windows Media Player from downloading
 <!-- PreventCDDVDMetadataRetrieval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventCDDVDMetadataRetrieval-Applicability-End -->
 
 <!-- PreventCDDVDMetadataRetrieval-OmaUri-Begin -->
@@ -905,7 +905,7 @@ This policy setting allows you to prevent media information for CDs and DVDs fro
 <!-- PreventLibrarySharing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventLibrarySharing-Applicability-End -->
 
 <!-- PreventLibrarySharing-OmaUri-Begin -->
@@ -964,7 +964,7 @@ This policy setting allows you to prevent media sharing from Windows Media Playe
 <!-- PreventMusicFileMetadataRetrieval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventMusicFileMetadataRetrieval-Applicability-End -->
 
 <!-- PreventMusicFileMetadataRetrieval-OmaUri-Begin -->
@@ -1023,7 +1023,7 @@ This policy setting allows you to prevent media information for music files from
 <!-- PreventQuickLaunchShortcut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventQuickLaunchShortcut-Applicability-End -->
 
 <!-- PreventQuickLaunchShortcut-OmaUri-Begin -->
@@ -1082,7 +1082,7 @@ This policy setting allows you to prevent a shortcut for the Player from being a
 <!-- PreventRadioPresetsRetrieval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventRadioPresetsRetrieval-Applicability-End -->
 
 <!-- PreventRadioPresetsRetrieval-OmaUri-Begin -->
@@ -1141,7 +1141,7 @@ This policy setting allows you to prevent radio station presets from being retri
 <!-- PreventWMPDeskTopShortcut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventWMPDeskTopShortcut-Applicability-End -->
 
 <!-- PreventWMPDeskTopShortcut-OmaUri-Begin -->
@@ -1200,7 +1200,7 @@ This policy setting allows you to prevent a shortcut icon for the Player from be
 <!-- SkinLockDown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SkinLockDown-Applicability-End -->
 
 <!-- SkinLockDown-OmaUri-Begin -->
@@ -1263,7 +1263,7 @@ A user has access only to the Player features that are available with the specif
 <!-- WindowsStreamingMediaProtocols-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WindowsStreamingMediaProtocols-Applicability-End -->
 
 <!-- WindowsStreamingMediaProtocols-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 9feebc0561..6839ac8703 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsRemoteManagement Policy CSP
 description: Learn more about the ADMX_WindowsRemoteManagement Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisallowKerberos_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowKerberos_1-Applicability-End -->
 
 <!-- DisallowKerberos_1-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- DisallowKerberos_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowKerberos_2-Applicability-End -->
 
 <!-- DisallowKerberos_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index ad9da6b96b..16548d4632 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsStore Policy CSP
 description: Learn more about the ADMX_WindowsStore Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableAutoDownloadWin8-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoDownloadWin8-Applicability-End -->
 
 <!-- DisableAutoDownloadWin8-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Enables or disables the automatic download of app updates on PCs running Windows
 <!-- DisableOSUpgrade_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOSUpgrade_1-Applicability-End -->
 
 <!-- DisableOSUpgrade_1-OmaUri-Begin -->
@@ -141,7 +141,7 @@ Enables or disables the Store offer to update to the latest version of Windows.
 <!-- DisableOSUpgrade_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOSUpgrade_2-Applicability-End -->
 
 <!-- DisableOSUpgrade_2-OmaUri-Begin -->
@@ -200,7 +200,7 @@ Enables or disables the Store offer to update to the latest version of Windows.
 <!-- RemoveWindowsStore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveWindowsStore_1-Applicability-End -->
 
 <!-- RemoveWindowsStore_1-OmaUri-Begin -->
@@ -220,8 +220,6 @@ Denies or allows access to the Store application.
 
 <!-- RemoveWindowsStore_1-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]
-> This policy is not supported on Windows Professional edition, and requires Windows Enterprise or Windows Education to function. For more information, see [Can't disable Microsoft Store in Windows Pro through Group Policy](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
 <!-- RemoveWindowsStore_1-Editable-End -->
 
 <!-- RemoveWindowsStore_1-DFProperties-Begin -->
@@ -261,7 +259,7 @@ Denies or allows access to the Store application.
 <!-- RemoveWindowsStore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveWindowsStore_2-Applicability-End -->
 
 <!-- RemoveWindowsStore_2-OmaUri-Begin -->
@@ -281,8 +279,6 @@ Denies or allows access to the Store application.
 
 <!-- RemoveWindowsStore_2-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]
-> This policy is not supported on Windows Professional edition, and requires Windows Enterprise or Windows Education to function. For more information, see [Can't disable Microsoft Store in Windows Pro through Group Policy](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
 <!-- RemoveWindowsStore_2-Editable-End -->
 
 <!-- RemoveWindowsStore_2-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 016d00fda3..53c453b291 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WinInit Policy CSP
 description: Learn more about the ADMX_WinInit Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableNamedPipeShutdownPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNamedPipeShutdownPolicyDescription-Applicability-End -->
 
 <!-- DisableNamedPipeShutdownPolicyDescription-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting controls the legacy remote shutdown interface (named pipe).
 <!-- Hiberboot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Hiberboot-Applicability-End -->
 
 <!-- Hiberboot-OmaUri-Begin -->
@@ -139,7 +139,7 @@ This policy setting controls the use of fast startup.
 <!-- ShutdownTimeoutHungSessionsDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShutdownTimeoutHungSessionsDescription-Applicability-End -->
 
 <!-- ShutdownTimeoutHungSessionsDescription-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index 7861b20555..3777efde58 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WinLogon Policy CSP
 description: Learn more about the ADMX_WinLogon Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CustomShell-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomShell-Applicability-End -->
 
 <!-- CustomShell-OmaUri-Begin -->
@@ -86,7 +86,7 @@ To use this setting, copy your interface program to a network share or to your s
 <!-- DisplayLastLogonInfoDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisplayLastLogonInfoDescription-Applicability-End -->
 
 <!-- DisplayLastLogonInfoDescription-OmaUri-Begin -->
@@ -147,7 +147,7 @@ If you disable or don't configure this setting, messages about the previous logo
 <!-- LogonHoursNotificationPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LogonHoursNotificationPolicyDescription-Applicability-End -->
 
 <!-- LogonHoursNotificationPolicyDescription-OmaUri-Begin -->
@@ -209,7 +209,7 @@ This policy controls whether the logged-on user should be notified when his logo
 <!-- LogonHoursPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LogonHoursPolicyDescription-Applicability-End -->
 
 <!-- LogonHoursPolicyDescription-OmaUri-Begin -->
@@ -274,7 +274,7 @@ If you choose to log off a user, the user can't log on again except during permi
 <!-- ReportCachedLogonPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ReportCachedLogonPolicyDescription-Applicability-End -->
 
 <!-- ReportCachedLogonPolicyDescription-OmaUri-Begin -->
@@ -337,7 +337,7 @@ If disabled or not configured, no popup will be displayed to the user.
 <!-- SoftwareSASGeneration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SoftwareSASGeneration-Applicability-End -->
 
 <!-- SoftwareSASGeneration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 56d9974fe2..4bb456deae 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_Winsrv Policy CSP
 description: Learn more about the ADMX_Winsrv Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- AllowBlockingAppsAtShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowBlockingAppsAtShutdown-Applicability-End -->
 
 <!-- AllowBlockingAppsAtShutdown-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index d09a2030f0..f757409689 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_wlansvc Policy CSP
 description: Learn more about the ADMX_wlansvc Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- SetCost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetCost-Applicability-End -->
 
 <!-- SetCost-OmaUri-Begin -->
@@ -85,7 +85,7 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th
 <!-- SetPINEnforced-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPINEnforced-Applicability-End -->
 
 <!-- SetPINEnforced-OmaUri-Begin -->
@@ -144,7 +144,7 @@ Conversely it means that Push Button is NOT allowed.
 <!-- SetPINPreferred-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPINPreferred-Applicability-End -->
 
 <!-- SetPINPreferred-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index a71623c248..100d06044e 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WordWheel Policy CSP
 description: Learn more about the ADMX_WordWheel Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- CustomSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomSearch-Applicability-End -->
 
 <!-- CustomSearch-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index f5b3d60f6b..0cc0f52149 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WorkFoldersClient Policy CSP
 description: Learn more about the ADMX_WorkFoldersClient Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- Pol_MachineEnableWorkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MachineEnableWorkFolders-Applicability-End -->
 
 <!-- Pol_MachineEnableWorkFolders-OmaUri-Begin -->
@@ -80,7 +80,7 @@ This policy setting specifies whether Work Folders should be set up automaticall
 <!-- Pol_UserEnableTokenBroker-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_UserEnableTokenBroker-Applicability-End -->
 
 <!-- Pol_UserEnableTokenBroker-OmaUri-Begin -->
@@ -135,7 +135,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti
 <!-- Pol_UserEnableWorkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_UserEnableWorkFolders-Applicability-End -->
 
 <!-- Pol_UserEnableWorkFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index f69b55da60..bfddc2641c 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -1,7 +1,7 @@
 ---
 title: ADMX_WPN Policy CSP
 description: Learn more about the ADMX_WPN Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- NoCallsDuringQuietHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCallsDuringQuietHours-Applicability-End -->
 
 <!-- NoCallsDuringQuietHours-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This policy setting blocks voice and video calls during Quiet Hours.
 <!-- NoLockScreenToastNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoLockScreenToastNotification-Applicability-End -->
 
 <!-- NoLockScreenToastNotification-OmaUri-Begin -->
@@ -143,7 +143,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- NoQuietHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoQuietHours-Applicability-End -->
 
 <!-- NoQuietHours-OmaUri-Begin -->
@@ -204,7 +204,7 @@ This policy setting turns off Quiet Hours functionality.
 <!-- NoToastNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoToastNotification-Applicability-End -->
 
 <!-- NoToastNotification-OmaUri-Begin -->
@@ -273,7 +273,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- QuietHoursDailyBeginMinute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QuietHoursDailyBeginMinute-Applicability-End -->
 
 <!-- QuietHoursDailyBeginMinute-OmaUri-Begin -->
@@ -333,7 +333,7 @@ This policy setting specifies the number of minutes after midnight (local time)
 <!-- QuietHoursDailyEndMinute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QuietHoursDailyEndMinute-Applicability-End -->
 
 <!-- QuietHoursDailyEndMinute-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-appdeviceinventory.md b/windows/client-management/mdm/policy-csp-appdeviceinventory.md
new file mode 100644
index 0000000000..7e0fb8176b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-appdeviceinventory.md
@@ -0,0 +1,178 @@
+---
+title: AppDeviceInventory Policy CSP
+description: Learn more about the AppDeviceInventory Area in Policy CSP.
+ms.date: 08/07/2024
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- AppDeviceInventory-Begin -->
+# Policy CSP - AppDeviceInventory
+
+[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+<!-- AppDeviceInventory-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AppDeviceInventory-Editable-End -->
+
+<!-- TurnOffAPISamping-Begin -->
+## TurnOffAPISamping
+
+<!-- TurnOffAPISamping-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- TurnOffAPISamping-Applicability-End -->
+
+<!-- TurnOffAPISamping-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/AppDeviceInventory/TurnOffAPISamping
+```
+<!-- TurnOffAPISamping-OmaUri-End -->
+
+<!-- TurnOffAPISamping-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- TurnOffAPISamping-Description-End -->
+
+<!-- TurnOffAPISamping-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOffAPISamping-Editable-End -->
+
+<!-- TurnOffAPISamping-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- TurnOffAPISamping-DFProperties-End -->
+
+<!-- TurnOffAPISamping-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TurnOffAPISamping |
+| ADMX File Name | AppDeviceInventory.admx |
+<!-- TurnOffAPISamping-AdmxBacked-End -->
+
+<!-- TurnOffAPISamping-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOffAPISamping-Examples-End -->
+
+<!-- TurnOffAPISamping-End -->
+
+<!-- TurnOffApplicationFootprint-Begin -->
+## TurnOffApplicationFootprint
+
+<!-- TurnOffApplicationFootprint-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- TurnOffApplicationFootprint-Applicability-End -->
+
+<!-- TurnOffApplicationFootprint-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/AppDeviceInventory/TurnOffApplicationFootprint
+```
+<!-- TurnOffApplicationFootprint-OmaUri-End -->
+
+<!-- TurnOffApplicationFootprint-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- TurnOffApplicationFootprint-Description-End -->
+
+<!-- TurnOffApplicationFootprint-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOffApplicationFootprint-Editable-End -->
+
+<!-- TurnOffApplicationFootprint-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- TurnOffApplicationFootprint-DFProperties-End -->
+
+<!-- TurnOffApplicationFootprint-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TurnOffApplicationFootprint |
+| ADMX File Name | AppDeviceInventory.admx |
+<!-- TurnOffApplicationFootprint-AdmxBacked-End -->
+
+<!-- TurnOffApplicationFootprint-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOffApplicationFootprint-Examples-End -->
+
+<!-- TurnOffApplicationFootprint-End -->
+
+<!-- TurnOffInstallTracing-Begin -->
+## TurnOffInstallTracing
+
+<!-- TurnOffInstallTracing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- TurnOffInstallTracing-Applicability-End -->
+
+<!-- TurnOffInstallTracing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/AppDeviceInventory/TurnOffInstallTracing
+```
+<!-- TurnOffInstallTracing-OmaUri-End -->
+
+<!-- TurnOffInstallTracing-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- TurnOffInstallTracing-Description-End -->
+
+<!-- TurnOffInstallTracing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOffInstallTracing-Editable-End -->
+
+<!-- TurnOffInstallTracing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- TurnOffInstallTracing-DFProperties-End -->
+
+<!-- TurnOffInstallTracing-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TurnOffInstallTracing |
+| ADMX File Name | AppDeviceInventory.admx |
+<!-- TurnOffInstallTracing-AdmxBacked-End -->
+
+<!-- TurnOffInstallTracing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOffInstallTracing-Examples-End -->
+
+<!-- TurnOffInstallTracing-End -->
+
+<!-- AppDeviceInventory-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- AppDeviceInventory-CspMoreInfo-End -->
+
+<!-- AppDeviceInventory-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index ee6da319a3..8b9aeb6e3c 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,7 +1,7 @@
 ---
 title: ApplicationDefaults Policy CSP
 description: Learn more about the ApplicationDefaults Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -35,6 +35,8 @@ This policy allows an administrator to set default file type and protocol associ
 
 <!-- DefaultAssociationsConfiguration-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> For this policy, MDM policy take precedence over group policies even when [MDMWinsOverGP](policy-csp-controlpolicyconflict.md#mdmwinsovergp) policy is not set.
 <!-- DefaultAssociationsConfiguration-Editable-End -->
 
 <!-- DefaultAssociationsConfiguration-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index c434116039..3e7b9cbfee 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,7 +1,7 @@
 ---
 title: Audit Policy CSP
 description: Learn more about the Audit Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -19,7 +19,7 @@ ms.date: 01/18/2024
 <!-- AccountLogon_AuditCredentialValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditCredentialValidation-Applicability-End -->
 
 <!-- AccountLogon_AuditCredentialValidation-OmaUri-Begin -->
@@ -80,7 +80,7 @@ Volume: High on domain controllers.
 <!-- AccountLogon_AuditKerberosAuthenticationService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditKerberosAuthenticationService-Applicability-End -->
 
 <!-- AccountLogon_AuditKerberosAuthenticationService-OmaUri-Begin -->
@@ -145,7 +145,7 @@ Volume: High on Kerberos Key Distribution Center servers.
 <!-- AccountLogon_AuditKerberosServiceTicketOperations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditKerberosServiceTicketOperations-Applicability-End -->
 
 <!-- AccountLogon_AuditKerberosServiceTicketOperations-OmaUri-Begin -->
@@ -210,7 +210,7 @@ Volume: Low.
 <!-- AccountLogon_AuditOtherAccountLogonEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditOtherAccountLogonEvents-Applicability-End -->
 
 <!-- AccountLogon_AuditOtherAccountLogonEvents-OmaUri-Begin -->
@@ -270,7 +270,7 @@ This policy setting allows you to audit events generated by responses to credent
 <!-- AccountLogonLogoff_AuditAccountLockout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditAccountLockout-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditAccountLockout-OmaUri-Begin -->
@@ -331,7 +331,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditGroupMembership-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditGroupMembership-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditGroupMembership-OmaUri-Begin -->
@@ -392,7 +392,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser
 <!-- AccountLogonLogoff_AuditIPsecExtendedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditIPsecExtendedMode-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditIPsecExtendedMode-OmaUri-Begin -->
@@ -457,7 +457,7 @@ Volume: High.
 <!-- AccountLogonLogoff_AuditIPsecMainMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditIPsecMainMode-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditIPsecMainMode-OmaUri-Begin -->
@@ -522,7 +522,7 @@ Volume: High.
 <!-- AccountLogonLogoff_AuditIPsecQuickMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditIPsecQuickMode-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditIPsecQuickMode-OmaUri-Begin -->
@@ -583,7 +583,7 @@ Volume: High.
 <!-- AccountLogonLogoff_AuditLogoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditLogoff-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditLogoff-OmaUri-Begin -->
@@ -648,7 +648,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditLogon-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditLogon-OmaUri-Begin -->
@@ -709,7 +709,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser
 <!-- AccountLogonLogoff_AuditNetworkPolicyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditNetworkPolicyServer-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditNetworkPolicyServer-OmaUri-Begin -->
@@ -774,7 +774,7 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers.
 <!-- AccountLogonLogoff_AuditOtherLogonLogoffEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditOtherLogonLogoffEvents-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditOtherLogonLogoffEvents-OmaUri-Begin -->
@@ -835,7 +835,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditSpecialLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditSpecialLogon-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditSpecialLogon-OmaUri-Begin -->
@@ -896,7 +896,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditUserDeviceClaims-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditUserDeviceClaims-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditUserDeviceClaims-OmaUri-Begin -->
@@ -957,7 +957,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser
 <!-- AccountManagement_AuditApplicationGroupManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditApplicationGroupManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditApplicationGroupManagement-OmaUri-Begin -->
@@ -1022,7 +1022,7 @@ Volume: Low.
 <!-- AccountManagement_AuditComputerAccountManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditComputerAccountManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditComputerAccountManagement-OmaUri-Begin -->
@@ -1087,7 +1087,7 @@ Volume: Low.
 <!-- AccountManagement_AuditDistributionGroupManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditDistributionGroupManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditDistributionGroupManagement-OmaUri-Begin -->
@@ -1155,7 +1155,7 @@ Volume: Low.
 <!-- AccountManagement_AuditOtherAccountManagementEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditOtherAccountManagementEvents-Applicability-End -->
 
 <!-- AccountManagement_AuditOtherAccountManagementEvents-OmaUri-Begin -->
@@ -1216,7 +1216,7 @@ Volume: Low.
 <!-- AccountManagement_AuditSecurityGroupManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditSecurityGroupManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditSecurityGroupManagement-OmaUri-Begin -->
@@ -1281,7 +1281,7 @@ Volume: Low.
 <!-- AccountManagement_AuditUserAccountManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditUserAccountManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditUserAccountManagement-OmaUri-Begin -->
@@ -1346,7 +1346,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditDPAPIActivity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditDPAPIActivity-Applicability-End -->
 
 <!-- DetailedTracking_AuditDPAPIActivity-OmaUri-Begin -->
@@ -1411,7 +1411,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditPNPActivity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditPNPActivity-Applicability-End -->
 
 <!-- DetailedTracking_AuditPNPActivity-OmaUri-Begin -->
@@ -1476,7 +1476,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditProcessCreation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditProcessCreation-Applicability-End -->
 
 <!-- DetailedTracking_AuditProcessCreation-OmaUri-Begin -->
@@ -1541,7 +1541,7 @@ Volume: Depends on how the computer is used.
 <!-- DetailedTracking_AuditProcessTermination-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditProcessTermination-Applicability-End -->
 
 <!-- DetailedTracking_AuditProcessTermination-OmaUri-Begin -->
@@ -1606,7 +1606,7 @@ Volume: Depends on how the computer is used.
 <!-- DetailedTracking_AuditRPCEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditRPCEvents-Applicability-End -->
 
 <!-- DetailedTracking_AuditRPCEvents-OmaUri-Begin -->
@@ -1671,7 +1671,7 @@ Volume: High on RPC servers.
 <!-- DetailedTracking_AuditTokenRightAdjusted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditTokenRightAdjusted-Applicability-End -->
 
 <!-- DetailedTracking_AuditTokenRightAdjusted-OmaUri-Begin -->
@@ -1732,7 +1732,7 @@ Volume: High.
 <!-- DSAccess_AuditDetailedDirectoryServiceReplication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDetailedDirectoryServiceReplication-Applicability-End -->
 
 <!-- DSAccess_AuditDetailedDirectoryServiceReplication-OmaUri-Begin -->
@@ -1793,7 +1793,7 @@ Volume: High.
 <!-- DSAccess_AuditDirectoryServiceAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDirectoryServiceAccess-Applicability-End -->
 
 <!-- DSAccess_AuditDirectoryServiceAccess-OmaUri-Begin -->
@@ -1854,7 +1854,7 @@ Volume: High on domain controllers. None on client computers.
 <!-- DSAccess_AuditDirectoryServiceChanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDirectoryServiceChanges-Applicability-End -->
 
 <!-- DSAccess_AuditDirectoryServiceChanges-OmaUri-Begin -->
@@ -1922,7 +1922,7 @@ Volume: High on domain controllers only.
 <!-- DSAccess_AuditDirectoryServiceReplication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDirectoryServiceReplication-Applicability-End -->
 
 <!-- DSAccess_AuditDirectoryServiceReplication-OmaUri-Begin -->
@@ -1987,7 +1987,7 @@ Volume: Medium on domain controllers. None on client computers.
 <!-- ObjectAccess_AuditApplicationGenerated-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditApplicationGenerated-Applicability-End -->
 
 <!-- ObjectAccess_AuditApplicationGenerated-OmaUri-Begin -->
@@ -2048,7 +2048,7 @@ Volume: Depends on the applications that are generating them.
 <!-- ObjectAccess_AuditCentralAccessPolicyStaging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditCentralAccessPolicyStaging-Applicability-End -->
 
 <!-- ObjectAccess_AuditCentralAccessPolicyStaging-OmaUri-Begin -->
@@ -2109,7 +2109,7 @@ Volume: Potentially high on a file server when the proposed policy differs signi
 <!-- ObjectAccess_AuditCertificationServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditCertificationServices-Applicability-End -->
 
 <!-- ObjectAccess_AuditCertificationServices-OmaUri-Begin -->
@@ -2170,7 +2170,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
 <!-- ObjectAccess_AuditDetailedFileShare-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditDetailedFileShare-Applicability-End -->
 
 <!-- ObjectAccess_AuditDetailedFileShare-OmaUri-Begin -->
@@ -2238,7 +2238,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileShare-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFileShare-Applicability-End -->
 
 <!-- ObjectAccess_AuditFileShare-OmaUri-Begin -->
@@ -2308,7 +2308,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileSystem-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFileSystem-Applicability-End -->
 
 <!-- ObjectAccess_AuditFileSystem-OmaUri-Begin -->
@@ -2376,7 +2376,7 @@ Volume: Depends on how the file system SACLs are configured.
 <!-- ObjectAccess_AuditFilteringPlatformConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFilteringPlatformConnection-Applicability-End -->
 
 <!-- ObjectAccess_AuditFilteringPlatformConnection-OmaUri-Begin -->
@@ -2441,7 +2441,7 @@ Volume: High.
 <!-- ObjectAccess_AuditFilteringPlatformPacketDrop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFilteringPlatformPacketDrop-Applicability-End -->
 
 <!-- ObjectAccess_AuditFilteringPlatformPacketDrop-OmaUri-Begin -->
@@ -2502,7 +2502,7 @@ Volume: High.
 <!-- ObjectAccess_AuditHandleManipulation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditHandleManipulation-Applicability-End -->
 
 <!-- ObjectAccess_AuditHandleManipulation-OmaUri-Begin -->
@@ -2570,7 +2570,7 @@ Volume: Depends on how SACLs are configured.
 <!-- ObjectAccess_AuditKernelObject-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditKernelObject-Applicability-End -->
 
 <!-- ObjectAccess_AuditKernelObject-OmaUri-Begin -->
@@ -2634,7 +2634,7 @@ Volume: High if auditing access of global system objects is enabled.
 <!-- ObjectAccess_AuditOtherObjectAccessEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditOtherObjectAccessEvents-Applicability-End -->
 
 <!-- ObjectAccess_AuditOtherObjectAccessEvents-OmaUri-Begin -->
@@ -2695,7 +2695,7 @@ Volume: Low.
 <!-- ObjectAccess_AuditRegistry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditRegistry-Applicability-End -->
 
 <!-- ObjectAccess_AuditRegistry-OmaUri-Begin -->
@@ -2763,7 +2763,7 @@ Volume: Depends on how registry SACLs are configured.
 <!-- ObjectAccess_AuditRemovableStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditRemovableStorage-Applicability-End -->
 
 <!-- ObjectAccess_AuditRemovableStorage-OmaUri-Begin -->
@@ -2827,7 +2827,7 @@ This policy setting allows you to audit user attempts to access file system obje
 <!-- ObjectAccess_AuditSAM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditSAM-Applicability-End -->
 
 <!-- ObjectAccess_AuditSAM-OmaUri-Begin -->
@@ -2895,7 +2895,7 @@ Volume: High on domain controllers. For more information about reducing the numb
 <!-- PolicyChange_AuditAuthenticationPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditAuthenticationPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditAuthenticationPolicyChange-OmaUri-Begin -->
@@ -2963,7 +2963,7 @@ Volume: Low.
 <!-- PolicyChange_AuditAuthorizationPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditAuthorizationPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditAuthorizationPolicyChange-OmaUri-Begin -->
@@ -3028,7 +3028,7 @@ Volume: Low.
 <!-- PolicyChange_AuditFilteringPlatformPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditFilteringPlatformPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditFilteringPlatformPolicyChange-OmaUri-Begin -->
@@ -3093,7 +3093,7 @@ Volume: Low.
 <!-- PolicyChange_AuditMPSSVCRuleLevelPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditMPSSVCRuleLevelPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditMPSSVCRuleLevelPolicyChange-OmaUri-Begin -->
@@ -3158,7 +3158,7 @@ Volume: Low.
 <!-- PolicyChange_AuditOtherPolicyChangeEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditOtherPolicyChangeEvents-Applicability-End -->
 
 <!-- PolicyChange_AuditOtherPolicyChangeEvents-OmaUri-Begin -->
@@ -3219,7 +3219,7 @@ Volume: Low.
 <!-- PolicyChange_AuditPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditPolicyChange-OmaUri-Begin -->
@@ -3283,7 +3283,7 @@ Volume: Low.
 <!-- PrivilegeUse_AuditNonSensitivePrivilegeUse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PrivilegeUse_AuditNonSensitivePrivilegeUse-Applicability-End -->
 
 <!-- PrivilegeUse_AuditNonSensitivePrivilegeUse-OmaUri-Begin -->
@@ -3349,7 +3349,7 @@ Volume: Very High.
 <!-- PrivilegeUse_AuditOtherPrivilegeUseEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PrivilegeUse_AuditOtherPrivilegeUseEvents-Applicability-End -->
 
 <!-- PrivilegeUse_AuditOtherPrivilegeUseEvents-OmaUri-Begin -->
@@ -3409,7 +3409,7 @@ Not used.
 <!-- PrivilegeUse_AuditSensitivePrivilegeUse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PrivilegeUse_AuditSensitivePrivilegeUse-Applicability-End -->
 
 <!-- PrivilegeUse_AuditSensitivePrivilegeUse-OmaUri-Begin -->
@@ -3474,7 +3474,7 @@ Volume: High.
 <!-- System_AuditIPsecDriver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditIPsecDriver-Applicability-End -->
 
 <!-- System_AuditIPsecDriver-OmaUri-Begin -->
@@ -3539,7 +3539,7 @@ Volume: Low.
 <!-- System_AuditOtherSystemEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditOtherSystemEvents-Applicability-End -->
 
 <!-- System_AuditOtherSystemEvents-OmaUri-Begin -->
@@ -3600,7 +3600,7 @@ Volume: Low.
 <!-- System_AuditSecurityStateChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditSecurityStateChange-Applicability-End -->
 
 <!-- System_AuditSecurityStateChange-OmaUri-Begin -->
@@ -3661,7 +3661,7 @@ Volume: Low.
 <!-- System_AuditSecuritySystemExtension-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditSecuritySystemExtension-Applicability-End -->
 
 <!-- System_AuditSecuritySystemExtension-OmaUri-Begin -->
@@ -3726,7 +3726,7 @@ Volume: Low. Security system extension events are generated more often on a doma
 <!-- System_AuditSystemIntegrity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4516045](https://support.microsoft.com/help/4516045) [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 with [KB4516077](https://support.microsoft.com/help/4516077) [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 with [KB4512941](https://support.microsoft.com/help/4512941) [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditSystemIntegrity-Applicability-End -->
 
 <!-- System_AuditSystemIntegrity-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index ebc00056d8..bfd166053c 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,7 +1,7 @@
 ---
 title: Authentication Policy CSP
 description: Learn more about the Authentication Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -284,7 +284,7 @@ Your organization federates to "Contoso IDP" and your web sign-in portal at `sig
 <!-- ConfigureWebSignInAllowedUrls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.2145] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB5001339](https://support.microsoft.com/help/5001339) [10.0.17134.2145] and later |
 <!-- ConfigureWebSignInAllowedUrls-Applicability-End -->
 
 <!-- ConfigureWebSignInAllowedUrls-OmaUri-Begin -->
@@ -393,7 +393,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex
 <!-- EnablePasswordlessExperience-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 23H2 [10.0.22631.2506] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 23H2 with [KB5031455](https://support.microsoft.com/help/5031455) [10.0.22631.2506] and later |
 <!-- EnablePasswordlessExperience-Applicability-End -->
 
 <!-- EnablePasswordlessExperience-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 88527a21f7..a86b54d3d2 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1,7 +1,7 @@
 ---
 title: Browser Policy CSP
 description: Learn more about the Browser Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -3364,9 +3364,7 @@ You can define a list of extensions in Microsoft Edge that users cannot turn off
 Related Documents:
 
 - [Find a package family name (PFN) for per-app VPN](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
 - [Assign apps to groups with Microsoft Intune](/mem/intune/apps/apps-deploy)
-- [Manage apps from the Microsoft Store for Business and Education with Configuration Manager](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
 <!-- PreventTurningOffRequiredExtensions-Editable-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index ba4d3d7bde..a790f24a26 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,7 +1,7 @@
 ---
 title: Defender Policy CSP
 description: Learn more about the Defender Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -402,7 +402,7 @@ This policy setting allows you to manage whether or not to scan for malicious so
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1 |
+| Default Value  | 0 |
 <!-- AllowFullScanRemovableDriveScanning-DFProperties-End -->
 
 <!-- AllowFullScanRemovableDriveScanning-AllowedValues-Begin -->
@@ -410,8 +410,8 @@ This policy setting allows you to manage whether or not to scan for malicious so
 
 | Value | Description |
 |:--|:--|
-| 0 | Not allowed. Turns off scanning on removable drives. |
-| 1 (Default) | Allowed. Scans removable drives. |
+| 0 (Default) | Not allowed. Turns off scanning on removable drives. |
+| 1 | Allowed. Scans removable drives. |
 <!-- AllowFullScanRemovableDriveScanning-AllowedValues-End -->
 
 <!-- AllowFullScanRemovableDriveScanning-GpMapping-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 6e3f949a36..171f5c4349 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,7 +1,7 @@
 ---
 title: DeliveryOptimization Policy CSP
 description: Learn more about the DeliveryOptimization Area in Policy CSP.
-ms.date: 06/19/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -502,7 +502,7 @@ The recommended value is 1 minute (60).
 <!-- DODisallowCacheServerDownloadsOnVPN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2361] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5030310](https://support.microsoft.com/help/5030310) [10.0.22621.2361] and later <br> ✅ Windows Insider Preview |
 <!-- DODisallowCacheServerDownloadsOnVPN-Applicability-End -->
 
 <!-- DODisallowCacheServerDownloadsOnVPN-OmaUri-Begin -->
@@ -1670,7 +1670,7 @@ This policy allows an IT Admin to define the following details:
 <!-- DOVpnKeywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2361] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5030310](https://support.microsoft.com/help/5030310) [10.0.22621.2361] and later <br> ✅ Windows Insider Preview |
 <!-- DOVpnKeywords-Applicability-End -->
 
 <!-- DOVpnKeywords-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 88d04325f2..87f3608dd1 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -1,7 +1,7 @@
 ---
 title: DeviceInstallation Policy CSP
 description: Learn more about the DeviceInstallation Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -340,7 +340,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 <!-- EnableInstallationPolicyLayering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.256] and later <br> ✅ Windows 10, version 1809 [10.0.17763.2145] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1714] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1151] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.256] and later <br> ✅ Windows 10, version 1809 with [KB5005102](https://support.microsoft.com/help/5005102) [10.0.17763.2145] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1714] and later <br> ✅ Windows 10, version 2004 with [KB5004296](https://support.microsoft.com/help/5004296) [10.0.19041.1151] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableInstallationPolicyLayering-Applicability-End -->
 
 <!-- EnableInstallationPolicyLayering-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 1dea6a8e0c..259d88a891 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,7 +1,7 @@
 ---
 title: DeviceLock Policy CSP
 description: Learn more about the DeviceLock Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 08/05/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -429,6 +429,9 @@ Specifies whether device lock is enabled.
 > - DevicePasswordHistory
 > - MaxDevicePasswordFailedAttempts
 > - MaxInactivityTimeDeviceLock
+
+> [!NOTE]
+> DevicePasswordExpiration isn't supported through MDMWinsOverGP.
 <!-- DevicePasswordEnabled-Editable-End -->
 
 <!-- DevicePasswordEnabled-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 3bc6e9af56..f0831810bd 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,7 +1,7 @@
 ---
 title: Experience Policy CSP
 description: Learn more about the Experience Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 08/07/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1887,7 +1887,7 @@ _**Turn syncing off by default but don’t disable**_
 <!-- EnableOrganizationalMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.900] and later <br> ✅ Windows Insider Preview |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4828] and later <br> ✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later <br> ✅ Windows Insider Preview |
 <!-- EnableOrganizationalMessages-Applicability-End -->
 
 <!-- EnableOrganizationalMessages-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 61083dafc6..5e218fe45c 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,7 +1,7 @@
 ---
 title: InternetExplorer Policy CSP
 description: Learn more about the InternetExplorer Area in Policy CSP.
-ms.date: 06/21/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1453,7 +1453,7 @@ This policy allows the user to go directly to an intranet site for a one-word en
 <!-- AllowSaveTargetAsInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19041.789] and later |
 <!-- AllowSaveTargetAsInIEMode-Applicability-End -->
 
 <!-- AllowSaveTargetAsInIEMode-OmaUri-Begin -->
@@ -2096,7 +2096,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di
 <!-- ConfigureEdgeRedirectChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19041.789] and later |
 <!-- ConfigureEdgeRedirectChannel-Applicability-End -->
 
 <!-- ConfigureEdgeRedirectChannel-OmaUri-Begin -->
@@ -3603,7 +3603,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b
 <!-- DisableInternetExplorerApp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19041.789] and later |
 <!-- DisableInternetExplorerApp-Applicability-End -->
 
 <!-- DisableInternetExplorerApp-OmaUri-Begin -->
@@ -4471,7 +4471,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- EnableExtendedIEModeHotkeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.143] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1474] and later <br> ✅ Windows 10, version 2004 [10.0.19041.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.143] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1474] and later <br> ✅ Windows 10, version 2004 with [KB5000842](https://support.microsoft.com/help/5000842) [10.0.19041.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableExtendedIEModeHotkeys-Applicability-End -->
 
 <!-- EnableExtendedIEModeHotkeys-OmaUri-Begin -->
@@ -4536,7 +4536,7 @@ For more information, see <https://go.microsoft.com/fwlink/?linkid=2102115>
 <!-- EnableGlobalWindowListInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.558] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1566] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.558] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1566] and later <br> ✅ Windows 11, version 21H2 with [KB5010414](https://support.microsoft.com/help/5010414) [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableGlobalWindowListInIEMode-Applicability-End -->
 
 <!-- EnableGlobalWindowListInIEMode-OmaUri-Begin -->
@@ -7772,7 +7772,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- IntranetZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 with [KB5032288](https://support.microsoft.com/help/5032288) [10.0.22621.2792] and later |
 <!-- IntranetZoneLogonOptions-Applicability-End -->
 
 <!-- IntranetZoneLogonOptions-OmaUri-Begin -->
@@ -7973,7 +7973,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS
 <!-- KeepIntranetSitesInInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19041.789] and later |
 <!-- KeepIntranetSitesInInternetExplorer-Applicability-End -->
 
 <!-- KeepIntranetSitesInInternetExplorer-OmaUri-Begin -->
@@ -8847,7 +8847,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LocalMachineZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 with [KB5032288](https://support.microsoft.com/help/5032288) [10.0.22621.2792] and later |
 <!-- LocalMachineZoneLogonOptions-Applicability-End -->
 
 <!-- LocalMachineZoneLogonOptions-OmaUri-Begin -->
@@ -13386,7 +13386,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- ResetZoomForDialogInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.261] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1832] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1266] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.282] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.261] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1832] and later <br> ✅ Windows 10, version 2004 with [KB5005611](https://support.microsoft.com/help/5005611) [10.0.19041.1266] and later <br> ✅ Windows 11, version 21H2 with [KB5006746](https://support.microsoft.com/help/5006746) [10.0.22000.282] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ResetZoomForDialogInIEMode-Applicability-End -->
 
 <!-- ResetZoomForDialogInIEMode-OmaUri-Begin -->
@@ -16485,7 +16485,7 @@ Also, see the "Security zones: Don't allow users to change policies" policy.
 <!-- SendSitesNotInEnterpriseSiteListToEdge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19041.789] and later |
 <!-- SendSitesNotInEnterpriseSiteListToEdge-Applicability-End -->
 
 <!-- SendSitesNotInEnterpriseSiteListToEdge-OmaUri-Begin -->
@@ -17418,7 +17418,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- TrustedSitesZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 with [KB5032288](https://support.microsoft.com/help/5032288) [10.0.22621.2792] and later |
 <!-- TrustedSitesZoneLogonOptions-Applicability-End -->
 
 <!-- TrustedSitesZoneLogonOptions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index bb70540374..8caa34c334 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,7 +1,7 @@
 ---
 title: LocalPoliciesSecurityOptions Policy CSP
 description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -96,7 +96,7 @@ This policy setting prevents users from adding new Microsoft accounts on this co
 This security setting determines whether the local Administrator account is enabled or disabled.
 
 > [!NOTE]
-> If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password doesn't meet the password requirements, you can't reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator won't be enabled. Default: Disabled.
+> If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password doesn't meet the password requirements, you can't reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator won't be enabled.
 <!-- Accounts_EnableAdministratorAccountStatus-Description-End -->
 
 <!-- Accounts_EnableAdministratorAccountStatus-Editable-Begin -->
@@ -154,10 +154,7 @@ This security setting determines whether the local Administrator account is enab
 
 <!-- Accounts_EnableGuestAccountStatus-Description-Begin -->
 <!-- Description-Source-DDF -->
-This security setting determines if the Guest account is enabled or disabled. Default: Disabled.
-
-> [!NOTE]
-> If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.
+This security setting determines if the Guest account is enabled or disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.
 <!-- Accounts_EnableGuestAccountStatus-Description-End -->
 
 <!-- Accounts_EnableGuestAccountStatus-Editable-Begin -->
@@ -215,10 +212,7 @@ This security setting determines if the Guest account is enabled or disabled. De
 
 <!-- Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly-Description-Begin -->
 <!-- Description-Source-DDF -->
-Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that aren't password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to log on at the computer's keyboard. Default: Enabled.
-
-> [!WARNING]
-> Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that doesn't have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
+Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that aren't password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to log on at the computer's keyboard. Warning: Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that doesn't have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
 
 > [!NOTE]
 > This setting doesn't affect logons that use domain accounts. It's possible for applications that use remote interactive logons to bypass this setting.
@@ -380,7 +374,7 @@ Accounts: Rename guest account This security setting determines whether a differ
 Audit: Audit the use of Backup and Restore privilege This security setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy is in effect. Enabling this option when the Audit privilege use policy is also enabled generates an audit event for every file that's backed up or restored. If you disable this policy, then use of the Backup or Restore privilege isn't audited even when Audit privilege use is enabled.
 
 > [!NOTE]
-> On Windows versions prior to Windows Vista configuring this security setting, changes won't take effect until you restart Windows. Enabling this setting can cause a LOT of events, sometimes hundreds per second, during a backup operation. Default: Disabled.
+> On Windows versions prior to Windows Vista configuring this security setting, changes won't take effect until you restart Windows. Enabling this setting can cause a LOT of events, sometimes hundreds per second, during a backup operation.
 <!-- Audit_AuditTheUseOfBackupAndRestoreprivilege-Description-End -->
 
 <!-- Audit_AuditTheUseOfBackupAndRestoreprivilege-Editable-Begin -->
@@ -465,7 +459,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr
 Audit: Shut down system immediately if unable to log security audits This security setting determines whether the system shuts down if it's unable to log security events. If this security setting is enabled, it causes the system to stop if a security audit can't be logged for any reason. Typically, an event fails to be logged when the security audit log is full and the retention method that's specified for the security log is either Do Not Overwrite Events or Overwrite Events by Days. If the security log is full and an existing entry can't be overwritten, and this security option is enabled, the following Stop error appears: STOP: C0000244 {Audit Failed} An attempt to generate a security audit failed. To recover, an administrator must log on, archive the log (optional), clear the log, and reset this option as desired. Until this security setting is reset, no users, other than a member of the Administrators group will be able to log on to the system, even if the security log isn't full.
 
 > [!NOTE]
-> On Windows versions prior to Windows Vista configuring this security setting, changes won't take effect until you restart Windows. Default: Disabled.
+> On Windows versions prior to Windows Vista configuring this security setting, changes won't take effect until you restart Windows.
 <!-- Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits-Description-End -->
 
 <!-- Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits-Editable-Begin -->
@@ -555,7 +549,11 @@ Devices: Allowed to format and eject removable media This security setting deter
 
 <!-- Devices_AllowUndockWithoutHavingToLogon-Description-Begin -->
 <!-- Description-Source-DDF -->
-Devices: Allow undock without having to log on This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon isn't required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. Default: Enabled.
+Devices: Allow undock without having to log on This security setting determines whether a portable computer can be undocked without having to log on.
+
+- If this policy is enabled, logon isn't required and an external hardware eject button can be used to undock the computer.
+
+- If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
 
 > [!CAUTION]
 > Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
@@ -678,7 +676,11 @@ Devices: Prevent users from installing printer drivers when connecting to shared
 
 <!-- Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly-Description-Begin -->
 <!-- Description-Source-DDF -->
-Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged-on interactively, the CD-ROM can be accessed over the network. Default: This policy isn't defined and CD-ROM access isn't restricted to the locally logged-on user.
+Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.
+
+- If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media.
+
+- If this policy is enabled and no one is logged-on interactively, the CD-ROM can be accessed over the network. Default: This policy isn't defined and CD-ROM access isn't restricted to the locally logged-on user.
 <!-- Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly-Description-End -->
 
 <!-- Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly-Editable-Begin -->
@@ -727,7 +729,11 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
 
 <!-- Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly-Description-Begin -->
 <!-- Description-Source-DDF -->
-Devices: Restrict floppy access to locally logged-on user only This security setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable floppy media. If this policy is enabled and no one is logged-on interactively, the floppy can be accessed over the network. Default: This policy isn't defined and floppy disk drive access isn't restricted to the locally logged-on user.
+Devices: Restrict floppy access to locally logged-on user only This security setting determines whether removable floppy media are accessible to both local and remote users simultaneously.
+
+- If this policy is enabled, it allows only the interactively logged-on user to access removable floppy media.
+
+- If this policy is enabled and no one is logged-on interactively, the floppy can be accessed over the network. Default: This policy isn't defined and floppy disk drive access isn't restricted to the locally logged-on user.
 <!-- Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly-Description-End -->
 
 <!-- Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly-Editable-Begin -->
@@ -776,10 +782,11 @@ Devices: Restrict floppy access to locally logged-on user only This security set
 
 <!-- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways-Description-Begin -->
 <!-- Description-Source-DDF -->
-Domain member: Digitally encrypt or sign secure channel data (always) This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc. This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel won't be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies: Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Default: Enabled.
+Domain member: Digitally encrypt or sign secure channel data (always) This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc. This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
 
-> [!NOTE]
-> If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic. Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.
+- If this policy is enabled, then the secure channel won't be established unless either signing or encryption of all secure channel traffic is negotiated.
+
+- If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies: Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Notes: If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic. Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.
 <!-- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways-Description-End -->
 
 <!-- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways-Editable-Begin -->
@@ -829,10 +836,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur
 
 <!-- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible-Description-Begin -->
 <!-- Description-Source-DDF -->
-Domain member: Digitally encrypt secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc. This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member won't attempt to negotiate secure channel encryption. Default: Enabled.
-
-> [!IMPORTANT]
-> There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
+Domain member: Digitally encrypt secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc. This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member won't attempt to negotiate secure channel encryption. Important There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
 
 > [!NOTE]
 > Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.
@@ -885,7 +889,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi
 
 <!-- DomainMember_DigitallySignSecureChannelDataWhenPossible-Description-Begin -->
 <!-- Description-Source-DDF -->
-Domain member: Digitally sign secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc. This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it can't be tampered with in transit. Default: Enabled.
+Domain member: Digitally sign secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc. This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it can't be tampered with in transit.
 <!-- DomainMember_DigitallySignSecureChannelDataWhenPossible-Description-End -->
 
 <!-- DomainMember_DigitallySignSecureChannelDataWhenPossible-Editable-Begin -->
@@ -939,10 +943,7 @@ Domain member: Disable machine account password changes Determines whether a dom
 
 - If this setting is enabled, the domain member doesn't attempt to change its computer account password.
 
-- If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days. Default: Disabled.
-
-> [!NOTE]
-> This security setting shouldn't be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it's established, the secure channel is used to transmit sensitive information that's necessary for making authentication and authorization decisions. This setting shouldn't be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.
+- If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days. Notes This security setting shouldn't be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it's established, the secure channel is used to transmit sensitive information that's necessary for making authentication and authorization decisions. This setting shouldn't be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.
 <!-- DomainMember_DisableMachineAccountPasswordChanges-Description-End -->
 
 <!-- DomainMember_DisableMachineAccountPasswordChanges-Editable-Begin -->
@@ -1049,10 +1050,7 @@ Domain member: Require strong (Windows 2000 or later) session key This security
 
 - If this setting is enabled, then the secure channel won't be established unless 128-bit encryption can be performed.
 
-- If this setting is disabled, then the key strength is negotiated with the domain controller. Default: Enabled.
-
-> [!IMPORTANT]
-> In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later. In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.
+- If this setting is disabled, then the key strength is negotiated with the domain controller. Important In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later. In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.
 <!-- DomainMember_RequireStrongSessionKey-Description-End -->
 
 <!-- DomainMember_RequireStrongSessionKey-Editable-Begin -->
@@ -1162,7 +1160,11 @@ Interactive Logon:Display user information when the session is locked User displ
 
 <!-- InteractiveLogon_DoNotDisplayLastSignedIn-Description-Begin -->
 <!-- Description-Source-DDF -->
-Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username won't be shown. If this policy is disabled, the username will be shown. Default: Disabled.
+Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
+
+- If this policy is enabled, the username won't be shown.
+
+- If this policy is disabled, the username will be shown.
 <!-- InteractiveLogon_DoNotDisplayLastSignedIn-Description-End -->
 
 <!-- InteractiveLogon_DoNotDisplayLastSignedIn-Editable-Begin -->
@@ -1220,7 +1222,11 @@ Interactive logon: Don't display last signed-in This security setting determines
 
 <!-- InteractiveLogon_DoNotDisplayUsernameAtSignIn-Description-Begin -->
 <!-- Description-Source-DDF -->
-Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username won't be shown. If this policy is disabled, the username will be shown. Default: Disabled.
+Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
+
+- If this policy is enabled, the username won't be shown.
+
+- If this policy is disabled, the username will be shown.
 <!-- InteractiveLogon_DoNotDisplayUsernameAtSignIn-Description-End -->
 
 <!-- InteractiveLogon_DoNotDisplayUsernameAtSignIn-Editable-Begin -->
@@ -1278,7 +1284,11 @@ Interactive logon: Don't display username at sign-in This security setting deter
 
 <!-- InteractiveLogon_DoNotRequireCTRLALTDEL-Description-Begin -->
 <!-- Description-Source-DDF -->
-Interactive logon: Don't require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user isn't required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled.
+Interactive logon: Don't require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
+
+- If this policy is enabled on a computer, a user isn't required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
+
+- If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled.
 <!-- InteractiveLogon_DoNotRequireCTRLALTDEL-Description-End -->
 
 <!-- InteractiveLogon_DoNotRequireCTRLALTDEL-Editable-Begin -->
@@ -1684,10 +1694,7 @@ Microsoft network client: Digitally sign communications (always) This security s
 
 - If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing.
 
-- If this policy is disabled, SMB packet signing is negotiated between the client and server. Default: Disabled.
-
-> [!IMPORTANT]
-> For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
+- If this policy is disabled, SMB packet signing is negotiated between the client and server. Important For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
 
 > [!NOTE]
 > All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference:< https://go.microsoft.com/fwlink/?LinkID=787136>.
@@ -1752,10 +1759,7 @@ Microsoft network client: Digitally sign communications (if server agrees) This
 
 - If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated.
 
-- If this policy is disabled, the SMB client will never negotiate SMB packet signing. Default: Enabled.
-
-> [!NOTE]
-> All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference:< https://go.microsoft.com/fwlink/?LinkID=787136>.
+- If this policy is disabled, the SMB client will never negotiate SMB packet signing. Notes All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference:< https://go.microsoft.com/fwlink/?LinkID=787136>.
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees-Description-End -->
 
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees-Editable-Begin -->
@@ -1813,7 +1817,7 @@ Microsoft network client: Digitally sign communications (if server agrees) This
 
 <!-- MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that don't support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled.
+Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that don't support password encryption during authentication. Sending unencrypted passwords is a security risk.
 <!-- MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers-Description-End -->
 
 <!-- MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers-Editable-Begin -->
@@ -1993,7 +1997,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
 
 - If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated.
 
-- If this policy is disabled, the SMB client will never negotiate SMB packet signing. Default: Enabled on domain controllers only.
+- If this policy is disabled, the SMB client will never negotiate SMB packet signing. on domain controllers only.
 
 > [!IMPORTANT]
 > For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature Notes All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference:< https://go.microsoft.com/fwlink/?LinkID=787136>.
@@ -2054,7 +2058,9 @@ Microsoft network server: Digitally sign communications (if client agrees) This
 
 <!-- MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire-Description-Begin -->
 <!-- Description-Source-DDF -->
-Microsoft network server: Disconnect clients when logon hours expire This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB Service to be forcibly disconnected when the client's logon hours expire. If this policy is disabled, an established client session is allowed to be maintained after the client's logon hours have expired. Default on Windows Vista and above: Enabled. Default on Windows XP: Disabled.
+Microsoft network server: Disconnect clients when logon hours expire This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB Service to be forcibly disconnected when the client's logon hours expire.
+
+- If this policy is disabled, an established client session is allowed to be maintained after the client's logon hours have expired. Default on Windows Vista and above: Enabled. Default on Windows XP: Disabled.
 <!-- MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire-Description-End -->
 
 <!-- MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire-Editable-Begin -->
@@ -2259,7 +2265,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts This security
 
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares-Description-Begin -->
 <!-- Description-Source-DDF -->
-Network access: Don't allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. Default: Disabled.
+Network access: Don't allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares-Description-End -->
 
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares-Editable-Begin -->
@@ -2324,7 +2330,7 @@ Network access: Don't allow storage of passwords and credentials for network aut
 - If you disable or don't configure this policy setting, Credential Manager will store passwords and credentials on this computer for later use for domain authentication.
 
 > [!NOTE]
-> When configuring this security setting, changes won't take effect until you restart Windows. Default: Disabled.
+> When configuring this security setting, changes won't take effect until you restart Windows.
 <!-- NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication-Description-End -->
 
 <!-- NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication-Editable-Begin -->
@@ -2365,7 +2371,9 @@ Network access: Don't allow storage of passwords and credentials for network aut
 
 <!-- NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Network access: Let Everyone permissions apply to anonymous users This security setting determines what additional permissions are granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. By Default, the Everyone security identifier (SID) is removed from the token created for anonymous connections. Therefore, permissions granted to the Everyone group don't apply to anonymous users. If this option is set, anonymous users can only access those resources for which the anonymous user has been explicitly given permission. If this policy is enabled, the Everyone SID is added to the token that's created for anonymous connections. In this case, anonymous users are able to access any resource for which the Everyone group has been given permissions. Default: Disabled.
+Network access: Let Everyone permissions apply to anonymous users This security setting determines what additional permissions are granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. By Default, the Everyone security identifier (SID) is removed from the token created for anonymous connections. Therefore, permissions granted to the Everyone group don't apply to anonymous users. If this option is set, anonymous users can only access those resources for which the anonymous user has been explicitly given permission.
+
+- If this policy is enabled, the Everyone SID is added to the token that's created for anonymous connections. In this case, anonymous users are able to access any resource for which the Everyone group has been given permissions.
 <!-- NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers-Description-End -->
 
 <!-- NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers-Editable-Begin -->
@@ -2541,7 +2549,7 @@ Network access: Remotely accessible registry paths and subpaths This security se
 
 <!-- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares-Description-Begin -->
 <!-- Description-Source-DDF -->
-Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled.
+Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously
 <!-- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares-Description-End -->
 
 <!-- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares-Editable-Begin -->
@@ -2961,10 +2969,9 @@ Network security: Don't store LAN Manager hash value on next password change Thi
 
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Description-Begin -->
 <!-- Description-Source-DDF -->
-Network security: Force logoff when logon hours expire This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB server to be forcibly disconnected when the client's logon hours expire. If this policy is disabled, an established client session is allowed to be maintained after the client's logon hours have expired. Default: Enabled.
+Network security: Force logoff when logon hours expire This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB server to be forcibly disconnected when the client's logon hours expire.
 
-> [!NOTE]
-> This security setting behaves as an account policy. For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain Policy, and it's enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from the Default Domain Policy Group Policy object (GPO), even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers that are joined to a domain (for example, member computers) also receive the same account policy for their local accounts. However, local account policies for member computers can be different from the domain account policy by defining an account policy for the organizational unit that contains the member computers. Kerberos settings aren't applied to member computers.
+- If this policy is disabled, an established client session is allowed to be maintained after the client's logon hours have expired. Note: This security setting behaves as an account policy. For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain Policy, and it's enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from the Default Domain Policy Group Policy object (GPO), even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers that are joined to a domain (for example, member computers) also receive the same account policy for their local accounts. However, local account policies for member computers can be different from the domain account policy by defining an account policy for the organizational unit that contains the member computers. Kerberos settings aren't applied to member computers.
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Description-End -->
 
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Editable-Begin -->
@@ -3642,7 +3649,7 @@ Shutdown: Allow system to be shut down without having to log on This security se
 
 <!-- Shutdown_ClearVirtualMemoryPageFile-Description-Begin -->
 <!-- Description-Source-DDF -->
-Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they aren't used. On a running system, this pagefile is opened exclusively by the operating system, and it's well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile isn't available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled.
+Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they aren't used. On a running system, this pagefile is opened exclusively by the operating system, and it's well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile isn't available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
 <!-- Shutdown_ClearVirtualMemoryPageFile-Description-End -->
 
 <!-- Shutdown_ClearVirtualMemoryPageFile-Editable-Begin -->
@@ -3741,7 +3748,7 @@ System Cryptography: Force strong key protection for user keys stored on the com
 
 <!-- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems-Description-Begin -->
 <!-- Description-Source-DDF -->
-System objects: Require case insensitivity for non-Windows subsystems This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. If this setting is enabled, case insensitivity is enforced for all directory objects, symbolic links, and IO objects, including file objects. Disabling this setting doesn't allow the Win32 subsystem to become case sensitive. Default: Enabled.
+System objects: Require case insensitivity for non-Windows subsystems This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. If this setting is enabled, case insensitivity is enforced for all directory objects, symbolic links, and IO objects, including file objects. Disabling this setting doesn't allow the Win32 subsystem to become case sensitive.
 <!-- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems-Description-End -->
 
 <!-- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems-Editable-Begin -->
@@ -3791,7 +3798,9 @@ System objects: Require case insensitivity for non-Windows subsystems This secur
 
 <!-- SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects-Description-Begin -->
 <!-- Description-Source-DDF -->
-System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. Each type of object is created with a default DACL that specifies who can access the objects and what permissions are granted. If this policy is enabled, the default DACL is stronger, allowing users who aren't administrators to read shared objects but not allowing these users to modify shared objects that they didn't create. Default: Enabled.
+System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. Each type of object is created with a default DACL that specifies who can access the objects and what permissions are granted.
+
+- If this policy is enabled, the default DACL is stronger, allowing users who aren't administrators to read shared objects but not allowing these users to modify shared objects that they didn't create.
 <!-- SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects-Description-End -->
 
 <!-- SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects-Editable-Begin -->
@@ -3832,7 +3841,11 @@ System objects: Strengthen default permissions of internal system objects (e.g.,
 
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. - Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
+User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. 
+
+- Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. 
+
+- Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-Description-End -->
 
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-Editable-Begin -->
@@ -3873,6 +3886,70 @@ User Account Control: Allow UIAccess applications to prompt for elevation withou
 
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-End -->
 
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Begin -->
+## UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Applicability-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection
+```
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-OmaUri-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Description-Begin -->
+<!-- Description-Source-DDF -->
+User Account Control: Behavior of the elevation prompt for administrators running with Administrator protection. This policy setting controls the behavior of the elevation prompt for administrators. The options are: 
+
+- Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged credentials. If the user enters valid credentials, the operation continues with the user's highest available privilege. 
+
+- Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Allow changes or Don't allow. If the user selects Allow changes, the operation continues with the user's highest available privilege.
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Description-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> When Administrator protection is enabled, this policy overrides [UserAccountControl_BehaviorOfTheElevationPromptForAdministrators](#useraccountcontrol_behavioroftheelevationpromptforadministrators) policy.
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Editable-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-DFProperties-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 (Default) | Prompt for credentials on the secure desktop. |
+| 2 | Prompt for consent on the secure desktop. |
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-AllowedValues-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | User Account Control: Behavior of the elevation prompt for administrators running with Administrator protection |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-GpMapping-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-Examples-End -->
+
+<!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection-End -->
+
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Begin -->
 ## UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
 
@@ -3890,14 +3967,28 @@ User Account Control: Allow UIAccess applications to prompt for elevation withou
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials.
+User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. The options are: 
 
-> [!NOTE]
-> Use this option only in the most constrained environments. - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. - Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. - Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+- Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. 
+
+  >[!NOTE]
+  > Use this option only in the most constrained environments. 
+
+- Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. 
+
+- Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. 
+
+- Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. 
+
+- Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. 
+
+- Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Description-End -->
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> When Administrator protection is enabled, this policy behavior is overridden by [UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection](#useraccountcontrol_behavioroftheelevationpromptforadministratorprotection) policy.
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Editable-End -->
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-DFProperties-Begin -->
@@ -3938,64 +4029,6 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-End -->
 
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Begin -->
-## UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Applicability-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators
-```
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-OmaUri-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Description-Begin -->
-<!-- Description-Source-DDF -->
-User Account Control: Behavior of the elevation prompt for administrators running with enhanced privilege protection. This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. - Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Description-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Editable-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value  | 2 |
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-DFProperties-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-AllowedValues-Begin -->
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 1 | Prompt for credentials on the secure desktop. |
-| 2 (Default) | Prompt for consent on the secure desktop. |
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-AllowedValues-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | User Account Control: Behavior of the elevation prompt for administrators running with enhanced privilege protection |
-| Path | Windows Settings > Security Settings > Local Policies > Security Options |
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-GpMapping-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-Examples-End -->
-
-<!-- UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators-End -->
-
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-Begin -->
 ## UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
 
@@ -4013,7 +4046,13 @@ User Account Control: Behavior of the elevation prompt for administrators runnin
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: - Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that's running desktops as standard user may choose this setting to reduce help desk calls. - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: 
+
+- Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. 
+
+- Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that's running desktops as standard user may choose this setting to reduce help desk calls. 
+
+- Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-Description-End -->
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-Editable-Begin -->
@@ -4130,7 +4169,11 @@ User Account Control: Detect application installations and prompt for elevation
 
 <!-- UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run. - Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
+User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: 
+
+- Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run. 
+
+- Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
 <!-- UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated-Description-End -->
 
 <!-- UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated-Editable-Begin -->
@@ -4188,7 +4231,11 @@ User Account Control: Only elevate executable files that are signed and validate
 
 <!-- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ..\Program Files\, including subfolders - ..\Windows\system32\ - ..\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
+User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ..\Program Files\, including subfolders - ..\Windows\system32\ - ..\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: 
+
+- Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. 
+
+- Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
 <!-- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations-Description-End -->
 
 <!-- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations-Editable-Begin -->
@@ -4246,7 +4293,11 @@ User Account Control: Only elevate UIAccess applications that are installed in s
 
 <!-- UserAccountControl_RunAllAdministratorsInAdminApprovalMode-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
+User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: 
+
+- Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
+
+- Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
 
 > [!NOTE]
 > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
@@ -4307,7 +4358,11 @@ User Account Control: Turn on Admin Approval Mode This policy setting controls t
 
 <!-- UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. - Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: 
+
+- Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. 
+
+- Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
 <!-- UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation-Description-End -->
 
 <!-- UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation-Editable-Begin -->
@@ -4365,7 +4420,7 @@ User Account Control: Switch to the secure desktop when prompting for elevation
 
 <!-- UserAccountControl_TypeOfAdminApprovalMode-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Configure type of Admin Approval Mode. This policy setting controls whether enhanced privilege protection is applied to admin approval mode elevations. If you change this policy setting, you must restart your computer. This policy is only supported on Windows Desktop, not Server. The options are: - Admin Approval Mode is running in legacy mode (default). - Admin Approval Mode is running with enhanced privilege protection.
+User Account Control: Configure type of Admin Approval Mode. This policy setting controls whether Administrator protection is applied to admin approval mode elevations. If you change this policy setting, you must restart your computer. This policy is only supported on Windows Desktop, not Server. The options are: - Admin Approval Mode is running in legacy mode (default). - Admin Approval Mode is running with Administrator protection.
 <!-- UserAccountControl_TypeOfAdminApprovalMode-Description-End -->
 
 <!-- UserAccountControl_TypeOfAdminApprovalMode-Editable-Begin -->
@@ -4388,7 +4443,7 @@ User Account Control: Configure type of Admin Approval Mode. This policy setting
 | Value | Description |
 |:--|:--|
 | 1 (Default) | Legacy Admin Approval Mode. |
-| 2 | Admin Approval Mode with enhanced privilege protection. |
+| 2 | Admin Approval Mode with Administrator protection. |
 <!-- UserAccountControl_TypeOfAdminApprovalMode-AllowedValues-End -->
 
 <!-- UserAccountControl_TypeOfAdminApprovalMode-GpMapping-Begin -->
@@ -4423,7 +4478,11 @@ User Account Control: Configure type of Admin Approval Mode. This policy setting
 
 <!-- UserAccountControl_UseAdminApprovalMode-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: - Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. - Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
+User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: 
+
+- Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. 
+
+- Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
 <!-- UserAccountControl_UseAdminApprovalMode-Description-End -->
 
 <!-- UserAccountControl_UseAdminApprovalMode-Editable-Begin -->
@@ -4481,7 +4540,11 @@ User Account Control: Use Admin Approval Mode for the built-in Administrator acc
 
 <!-- UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations-Description-Begin -->
 <!-- Description-Source-DDF -->
-User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. The options are: - Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. - Disabled: Applications that write data to protected locations fail.
+User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. The options are: 
+
+- Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. 
+
+- Disabled: Applications that write data to protected locations fail.
 <!-- UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations-Description-End -->
 
 <!-- UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations-Editable-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index 7dc4364747..08570e074e 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -1,7 +1,7 @@
 ---
 title: LocalUsersAndGroups Policy CSP
 description: Learn more about the LocalUsersAndGroups Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -19,7 +19,7 @@ ms.date: 01/18/2024
 <!-- Configure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Configure-Applicability-End -->
 
 <!-- Configure-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 19bd347e3c..d2ccb8d7eb 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -1,7 +1,7 @@
 ---
 title: MixedReality Policy CSP
 description: Learn more about the MixedReality Area in Policy CSP.
-ms.date: 02/20/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1406,7 +1406,9 @@ This policy setting controls if it's required that the Start icon to be looked a
 
 <!-- SkipCalibrationDuringSetup-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup. If this policy is enabled, the device won't show the eye tracking calibration process during device setup and first time user setup. Note that until the user goes through the calibration process, eye tracking won't work on the device. If an app requires eye tracking and the user hasn't gone through the calibration process, the user will be prompted to do so.
+This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup.
+
+- If this policy is enabled, the device won't show the eye tracking calibration process during device setup and first time user setup. Note that until the user goes through the calibration process, eye tracking won't work on the device. If an app requires eye tracking and the user hasn't gone through the calibration process, the user will be prompted to do so.
 <!-- SkipCalibrationDuringSetup-Description-End -->
 
 <!-- SkipCalibrationDuringSetup-Editable-Begin -->
@@ -1457,7 +1459,9 @@ This policy configures whether the device will take the user through the eye tra
 
 <!-- SkipTrainingDuringSetup-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy configures whether the device will take the user through a training process during device setup and first time user setup. If this policy is enabled, the device won't show the training process during device setup and first time user setup. If the user wishes to go through that training process, the user can launch the Tips app.
+This policy configures whether the device will take the user through a training process during device setup and first time user setup.
+
+- If this policy is enabled, the device won't show the training process during device setup and first time user setup. If the user wishes to go through that training process, the user can launch the Tips app.
 <!-- SkipTrainingDuringSetup-Description-End -->
 
 <!-- SkipTrainingDuringSetup-Editable-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 0ade49a774..5864c486c1 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,7 +1,7 @@
 ---
 title: NetworkListManager Policy CSP
 description: Learn more about the NetworkListManager Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -168,7 +168,7 @@ This policy setting allows you to specify whether users can change the network n
 <!-- AllowedTlsAuthenticationEndpoints-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- AllowedTlsAuthenticationEndpoints-Applicability-End -->
 
 <!-- AllowedTlsAuthenticationEndpoints-OmaUri-Begin -->
@@ -221,7 +221,7 @@ Invoke-WebRequest -Uri https://nls.corp.contoso.com -Method get -UseBasicParsing
 <!-- ConfiguredTlsAuthenticationNetworkName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- ConfiguredTlsAuthenticationNetworkName-Applicability-End -->
 
 <!-- ConfiguredTlsAuthenticationNetworkName-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index e1e5083184..165845af43 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -37,6 +37,10 @@ This policy setting decides if hibernate on the machine is allowed or not. Suppo
 
 <!-- AllowHibernate-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> This policy does not override **powercfg** configuration and has no effect on the device if Hibernate is disabled using either of the following methods:
+> - Running the command `powercfg /hibernate off`.
+> - Modifying the **HibernateEnabled** value to **0** in the `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power` registry key.
 <!-- AllowHibernate-Editable-End -->
 
 <!-- AllowHibernate-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 4713b9e21b..895ee8c286 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,7 +1,7 @@
 ---
 title: Privacy Policy CSP
 description: Learn more about the Privacy Area in Policy CSP.
-ms.date: 06/21/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -155,9 +155,9 @@ Most restrictive value is `0` to not allow cross-device clipboard.
 <!-- Description-Source-ADMX -->
 This policy specifies whether users on the device have the option to enable online speech recognition services.
 
-If this policy is enabled or not configured, control is deferred to users, and users may choose whether to enable speech services via settings.
+- If this policy is enabled or not configured, control is deferred to users, and users may choose whether to enable speech services via settings.
 
-If this policy is disabled, speech services will be disabled, and users can't enable speech services via settings.
+- If this policy is disabled, speech services will be disabled, and users can't enable speech services via settings.
 <!-- AllowInputPersonalization-Description-End -->
 
 <!-- AllowInputPersonalization-Editable-Begin -->
@@ -300,9 +300,9 @@ This policy setting turns off the advertising ID, preventing apps from using the
 <!-- Description-Source-ADMX -->
 When logging into a new user account for the first time or after an upgrade in some scenarios, that user may be presented with a screen or series of screens that prompts the user to choose privacy settings for their account. Enable this policy to prevent this experience from launching.
 
-If this policy is enabled, the privacy experience won't launch for newly created user accounts or for accounts that would've been prompted to choose their privacy settings after an upgrade.
+- If this policy is enabled, the privacy experience won't launch for newly created user accounts or for accounts that would've been prompted to choose their privacy settings after an upgrade.
 
-If this policy is disabled or not configured, then the privacy experience may launch for newly created user accounts or for accounts that should be prompted to choose their privacy settings after an upgrade.
+- If this policy is disabled or not configured, then the privacy experience may launch for newly created user accounts or for accounts that should be prompted to choose their privacy settings after an upgrade.
 <!-- DisablePrivacyExperience-Description-End -->
 
 <!-- DisablePrivacyExperience-Editable-Begin -->
@@ -2398,6 +2398,207 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
 
 <!-- LetAppsAccessGazeInput_UserInControlOfTheseApps-End -->
 
+<!-- LetAppsAccessGenerativeAI-Begin -->
+## LetAppsAccessGenerativeAI
+
+<!-- LetAppsAccessGenerativeAI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+<!-- LetAppsAccessGenerativeAI-Applicability-End -->
+
+<!-- LetAppsAccessGenerativeAI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI
+```
+<!-- LetAppsAccessGenerativeAI-OmaUri-End -->
+
+<!-- LetAppsAccessGenerativeAI-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting specifies whether Windows apps can use generative AI features of Windows.
+<!-- LetAppsAccessGenerativeAI-Description-End -->
+
+<!-- LetAppsAccessGenerativeAI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI-Editable-End -->
+
+<!-- LetAppsAccessGenerativeAI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-2]` |
+| Default Value  | 0 |
+<!-- LetAppsAccessGenerativeAI-DFProperties-End -->
+
+<!-- LetAppsAccessGenerativeAI-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LetAppsAccessGenerativeAI |
+| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
+| Element Name | LetAppsAccessGenerativeAI_Enum |
+<!-- LetAppsAccessGenerativeAI-GpMapping-End -->
+
+<!-- LetAppsAccessGenerativeAI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI-Examples-End -->
+
+<!-- LetAppsAccessGenerativeAI-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Begin -->
+## LetAppsAccessGenerativeAI_ForceAllowTheseApps
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Applicability-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceAllowTheseApps
+```
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-OmaUri-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Description-Begin -->
+<!-- Description-Source-DDF -->
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Description-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Editable-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-DFProperties-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LetAppsAccessGenerativeAI |
+| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
+| Element Name | LetAppsAccessGenerativeAI_ForceAllowTheseApps_List |
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-GpMapping-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Examples-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Begin -->
+## LetAppsAccessGenerativeAI_ForceDenyTheseApps
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Applicability-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceDenyTheseApps
+```
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-OmaUri-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Description-Begin -->
+<!-- Description-Source-DDF -->
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Description-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Editable-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-DFProperties-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LetAppsAccessGenerativeAI |
+| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
+| Element Name | LetAppsAccessGenerativeAI_ForceDenyTheseApps_List |
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-GpMapping-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Examples-End -->
+
+<!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Begin -->
+## LetAppsAccessGenerativeAI_UserInControlOfTheseApps
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Applicability-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_UserInControlOfTheseApps
+```
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-OmaUri-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Description-Begin -->
+<!-- Description-Source-DDF -->
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the generative AI setting for the listed apps. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Description-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Editable-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-DFProperties-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LetAppsAccessGenerativeAI |
+| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
+| Element Name | LetAppsAccessGenerativeAI_UserInControlOfTheseApps_List |
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-GpMapping-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Examples-End -->
+
+<!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-End -->
+
 <!-- LetAppsAccessGraphicsCaptureProgrammatic-Begin -->
 ## LetAppsAccessGraphicsCaptureProgrammatic
 
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index caa589b6f9..f549cfc712 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -1,7 +1,7 @@
 ---
 title: RemoteDesktop Policy CSP
 description: Learn more about the RemoteDesktop Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -19,7 +19,7 @@ ms.date: 01/18/2024
 <!-- AutoSubscription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1370] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1370] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1370] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1370] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1370] and later <br> ✅ Windows 10, version 20H2 [10.0.19042.1370] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1370] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1370] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoSubscription-Applicability-End -->
 
 <!-- AutoSubscription-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 6a06309613..68895bc0f7 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,7 +1,7 @@
 ---
 title: RemoteDesktopServices Policy CSP
 description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 06/21/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -439,7 +439,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitClientToServerClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2400] and later <br> ✅ [10.0.25398.827] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2898] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3374] and later <br> ✅ Windows 11, version 23H2 [10.0.22631.3374] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later <br> ✅ [10.0.25398.946] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.3014] and later <br> ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later <br> ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later <br> ✅ Windows Insider Preview |
 <!-- LimitClientToServerClipboardRedirection-Applicability-End -->
 
 <!-- LimitClientToServerClipboardRedirection-OmaUri-Begin -->
@@ -493,7 +493,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitServerToClientClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2400] and later <br> ✅ [10.0.25398.827] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2898] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3374] and later <br> ✅ Windows 11, version 23H2 [10.0.22631.3374] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later <br> ✅ [10.0.25398.946] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.3014] and later <br> ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later <br> ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later <br> ✅ Windows Insider Preview |
 <!-- LimitServerToClientClipboardRedirection-Applicability-End -->
 
 <!-- LimitServerToClientClipboardRedirection-OmaUri-Begin -->
@@ -672,6 +672,56 @@ If the status is set to Not Configured, unsecured communication is allowed.
 
 <!-- RequireSecureRPCCommunication-End -->
 
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Begin -->
+## TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2400] and later <br> ✅ [10.0.25398.827] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2898] and later <br> ✅ Windows 11, version 22H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22621.3374] and later <br> ✅ Windows 11, version 23H2 with [KB5035942](https://support.microsoft.com/help/5035942) [10.0.22631.3374] and later <br> ✅ Windows Insider Preview |
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Applicability-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME
+```
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-OmaUri-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Description-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Editable-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-DFProperties-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME |
+| ADMX File Name | TerminalServer.admx |
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-AdmxBacked-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Examples-End -->
+
+<!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-End -->
+
 <!-- RemoteDesktopServices-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- RemoteDesktopServices-CspMoreInfo-End -->
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 1260cd7ab1..005ef18357 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,7 +1,7 @@
 ---
 title: Search Policy CSP
 description: Learn more about the Search Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -286,7 +286,7 @@ The most restrictive value is `0` to not allow indexing of encrypted items.
 <!-- AllowSearchHighlights-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1620] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1620] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1620] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1761] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5011543](https://support.microsoft.com/help/5011543) [10.0.19042.1620] and later <br> ✅ Windows 10, version 21H1 with [KB5011543](https://support.microsoft.com/help/5011543) [10.0.19043.1620] and later <br> ✅ Windows 10, version 21H2 with [KB5011543](https://support.microsoft.com/help/5011543) [10.0.19044.1620] and later <br> ✅ Windows 11, version 21H2 with [KB5023774](https://support.microsoft.com/help/5023774) [10.0.22000.1761] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- AllowSearchHighlights-Applicability-End -->
 
 <!-- AllowSearchHighlights-OmaUri-Begin -->
@@ -919,7 +919,7 @@ This policy setting configures whether or not locations on removable drives can
 <!-- DoNotUseWebResults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DoNotUseWebResults-Applicability-End -->
 
 <!-- DoNotUseWebResults-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index cfa71536be..418199d466 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,7 +1,7 @@
 ---
 title: Start Policy CSP
 description: Learn more about the Start Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1423,7 +1423,7 @@ To validate this policy, do the following steps:
 <!-- HideRecommendedPersonalizedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.1928] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5027303](https://support.microsoft.com/help/5027303) [10.0.22621.1928] and later |
 <!-- HideRecommendedPersonalizedSites-Applicability-End -->
 
 <!-- HideRecommendedPersonalizedSites-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 337e3987e3..57739476b7 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,7 +1,7 @@
 ---
 title: System Policy CSP
 description: Learn more about the System Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -173,7 +173,7 @@ See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for i
 <!-- AllowDesktopAnalyticsProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 with [KB4551853](https://support.microsoft.com/help/4551853) [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 with [KB4556799](https://support.microsoft.com/help/4556799) [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDesktopAnalyticsProcessing-Applicability-End -->
 
 <!-- AllowDesktopAnalyticsProcessing-OmaUri-Begin -->
@@ -431,7 +431,7 @@ This policy setting determines whether Windows is allowed to download fonts and
 
 - If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text.
 
-- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally-installed fonts.
+- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts.
 
 - If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
 <!-- AllowFontProviders-Description-End -->
@@ -555,7 +555,7 @@ Specifies whether to allow app access to the Location service. Most restricted v
 <!-- AllowMicrosoftManagedDesktopProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 with [KB4551853](https://support.microsoft.com/help/4551853) [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 with [KB4556799](https://support.microsoft.com/help/4556799) [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowMicrosoftManagedDesktopProcessing-Applicability-End -->
 
 <!-- AllowMicrosoftManagedDesktopProcessing-OmaUri-Begin -->
@@ -569,7 +569,7 @@ Specifies whether to allow app access to the Location service. Most restricted v
 This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
 This policy setting configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See <https://go.microsoft.com/fwlink/?linkid=2184944> for more information.
-hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
 This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 <!-- AllowMicrosoftManagedDesktopProcessing-Description-End -->
 
@@ -737,7 +737,7 @@ If you disable or don't configure this policy setting, the device will send requ
 <!-- AllowUpdateComplianceProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 with [KB4551853](https://support.microsoft.com/help/4551853) [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 with [KB4556799](https://support.microsoft.com/help/4556799) [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowUpdateComplianceProcessing-Applicability-End -->
 
 <!-- AllowUpdateComplianceProcessing-OmaUri-Begin -->
@@ -864,7 +864,7 @@ Specifies whether to allow the user to factory reset the device by using control
 <!-- AllowWUfBCloudProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 with [KB4551853](https://support.microsoft.com/help/4551853) [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 with [KB4556799](https://support.microsoft.com/help/4556799) [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowWUfBCloudProcessing-Applicability-End -->
 
 <!-- AllowWUfBCloudProcessing-OmaUri-Begin -->
@@ -888,7 +888,7 @@ To enable this behavior:
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
 
-If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
+If you disable or don't configure this policy setting, devices enrolled to Windows Autopatch won't be able to take advantage of some deployment service features.
 <!-- AllowWUfBCloudProcessing-Description-End -->
 
 <!-- AllowWUfBCloudProcessing-Editable-Begin -->
@@ -1739,7 +1739,7 @@ This policy setting controls whether Windows records attempts to connect with th
 
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Description-Begin -->
 <!-- Description-Source-DDF -->
-Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
+Diagnostic files created when feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Description-End -->
 
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Editable-Begin -->
@@ -1761,8 +1761,8 @@ Diagnostic files created when a feedback is filed in the Feedback Hub app will a
 
 | Value | Description |
 |:--|:--|
-| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. |
-| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. |
+| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so. |
+| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted. |
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-AllowedValues-End -->
 
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index a847cb3ec9..bfe95ab006 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,7 +1,7 @@
 ---
 title: TaskScheduler Policy CSP
 description: Learn more about the TaskScheduler Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -30,7 +30,7 @@ ms.date: 01/18/2024
 
 <!-- EnableXboxGameSaveTask-Description-Begin -->
 <!-- Description-Source-DDF -->
-This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.
+This setting determines whether the specific task is enabled (1) or disabled (0).
 <!-- EnableXboxGameSaveTask-Description-End -->
 
 <!-- EnableXboxGameSaveTask-Editable-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
index b0838899b1..484f4c88ad 100644
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@@ -1,7 +1,7 @@
 ---
 title: TenantRestrictions Policy CSP
 description: Learn more about the TenantRestrictions Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -21,7 +21,7 @@ ms.date: 01/18/2024
 <!-- ConfigureTenantRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.320] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1320] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1320] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1320] and later <br> ✅ Windows 10, version 21H2 [10.0.19044] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.320] and later <br> ✅ Windows 10, version 2004 with [KB5006738](https://support.microsoft.com/help/5006738) [10.0.19041.1320] and later <br> ✅ Windows 10, version 20H2 with [KB5006738](https://support.microsoft.com/help/5006738) [10.0.19042.1320] and later <br> ✅ Windows 10, version 21H1 with [KB5006738](https://support.microsoft.com/help/5006738) [10.0.19043.1320] and later <br> ✅ Windows 10, version 21H2 [10.0.19044] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureTenantRestrictions-Applicability-End -->
 
 <!-- ConfigureTenantRestrictions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 796984d07c..9ecb6a207c 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,7 +1,7 @@
 ---
 title: Update Policy CSP
 description: Learn more about the Update Area in Policy CSP.
-ms.date: 06/19/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -673,7 +673,7 @@ If you disable or don't configure this policy, Windows Update won't alter its be
 <!-- DisableWUfBSafeguards-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1490] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1110] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1110] and later <br> ✅ Windows 10, version 2004 [10.0.19041.546] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 with [KB4577069](https://support.microsoft.com/help/4577069) [10.0.17763.1490] and later <br> ✅ Windows 10, version 1903 with [KB4577062](https://support.microsoft.com/help/4577062) [10.0.18362.1110] and later <br> ✅ Windows 10, version 1909 with [KB4577062](https://support.microsoft.com/help/4577062) [10.0.18363.1110] and later <br> ✅ Windows 10, version 2004 with [KB4577063](https://support.microsoft.com/help/4577063) [10.0.19041.546] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWUfBSafeguards-Applicability-End -->
 
 <!-- DisableWUfBSafeguards-OmaUri-Begin -->
@@ -1129,7 +1129,7 @@ Specifies the date and time when the IT admin wants to start pausing the Quality
 <!-- ProductVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProductVersion-Applicability-End -->
 
 <!-- ProductVersion-OmaUri-Begin -->
@@ -1197,7 +1197,7 @@ Supported value type is a string containing a Windows product. For example, "Win
 <!-- TargetReleaseVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1488] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 10, version 1909 [10.0.18363.836] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 with [KB4556807](https://support.microsoft.com/help/4556807) [10.0.17134.1488] and later <br> ✅ Windows 10, version 1809 with [KB4551853](https://support.microsoft.com/help/4551853) [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 with [KB4556799](https://support.microsoft.com/help/4556799) [10.0.18362.836] and later <br> ✅ Windows 10, version 1909 with [KB4556799](https://support.microsoft.com/help/4556799) [10.0.18363.836] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- TargetReleaseVersion-Applicability-End -->
 
 <!-- TargetReleaseVersion-OmaUri-Begin -->
@@ -1222,6 +1222,9 @@ If you enter an invalid value, you'll remain on your current version until you c
 <!-- TargetReleaseVersion-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Supported value type is a string containing Windows version number. For example, `1809`, `1903`, etc.
+
+> [!NOTE]
+> You need to set up the ProductVersion CSP along with the TargetReleaseVersion CSP for it to work.
 <!-- TargetReleaseVersion-Editable-End -->
 
 <!-- TargetReleaseVersion-DFProperties-Begin -->
@@ -1398,7 +1401,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240.18818] and later <br> ✅ Windows 10, version 1607 [10.0.14393.4169] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2108] and later <br> ✅ Windows 10, version 1709 [10.0.16299.2166] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1967] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1697] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1316] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1316] and later <br> ✅ Windows 10, version 2004 [10.0.19041.746] and later <br> ✅ Windows 10, version 2009 [10.0.19042.746] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 with [KB4598231](https://support.microsoft.com/help/4598231) [10.0.10240.18818] and later <br> ✅ Windows 10, version 1607 with [KB4598243](https://support.microsoft.com/help/4598243) [10.0.14393.4169] and later <br> ✅ Windows 10, version 1703 with [KB4520010](https://support.microsoft.com/help/4520010) [10.0.15063.2108] and later <br> ✅ Windows 10, version 1709 with [KB4580328](https://support.microsoft.com/help/4580328) [10.0.16299.2166] and later <br> ✅ Windows 10, version 1803 with [KB4598245](https://support.microsoft.com/help/4598245) [10.0.17134.1967] and later <br> ✅ Windows 10, version 1809 with [KB4598230](https://support.microsoft.com/help/4598230) [10.0.17763.1697] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1316] and later <br> ✅ Windows 10, version 1909 with [KB4598229](https://support.microsoft.com/help/4598229) [10.0.18363.1316] and later <br> ✅ Windows 10, version 2004 with [KB4598242](https://support.microsoft.com/help/4598242) [10.0.19041.746] and later <br> ✅ Windows 10, version 20H2 with [KB4598242](https://support.microsoft.com/help/4598242) [10.0.19042.746] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-Applicability-End -->
 
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-OmaUri-Begin -->
@@ -1528,7 +1531,7 @@ Allows Windows Update Agent to determine the download URL when it's missing from
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-OmaUri-Begin -->
@@ -1597,7 +1600,7 @@ Configure this policy to specify whether to receive **Windows Driver Updates** f
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-OmaUri-Begin -->
@@ -1667,7 +1670,7 @@ Configure this policy to specify whether to receive **Windows Feature Updates**
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-OmaUri-Begin -->
@@ -1736,7 +1739,7 @@ Configure this policy to specify whether to receive **Other Updates** from Windo
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.371] and later <br> ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1288] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.2130] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-OmaUri-Begin -->
@@ -1806,7 +1809,7 @@ Configure this policy to specify whether to receive **Windows Quality Updates**
 <!-- SetProxyBehaviorForUpdateDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240.18696] and later <br> ✅ Windows 10, version 1607 [10.0.14393.3930] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2500] and later <br> ✅ Windows 10, version 1709 [10.0.16299.2107] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1726] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1457] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1082] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1082] and later <br> ✅ Windows 10, version 2004 [10.0.19041.508] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 with [KB4577049](https://support.microsoft.com/help/4577049) [10.0.10240.18696] and later <br> ✅ Windows 10, version 1607 with [KB4577015](https://support.microsoft.com/help/4577015) [10.0.14393.3930] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2500] and later <br> ✅ Windows 10, version 1709 with [KB4577041](https://support.microsoft.com/help/4577041) [10.0.16299.2107] and later <br> ✅ Windows 10, version 1803 with [KB4577032](https://support.microsoft.com/help/4577032) [10.0.17134.1726] and later <br> ✅ Windows 10, version 1809 with [KB4570333](https://support.microsoft.com/help/4570333) [10.0.17763.1457] and later <br> ✅ Windows 10, version 1903 with [KB4574727](https://support.microsoft.com/help/4574727) [10.0.18362.1082] and later <br> ✅ Windows 10, version 1909 with [KB4574727](https://support.microsoft.com/help/4574727) [10.0.18363.1082] and later <br> ✅ Windows 10, version 2004 with [KB4571756](https://support.microsoft.com/help/4571756) [10.0.19041.508] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetProxyBehaviorForUpdateDetection-Applicability-End -->
 
 <!-- SetProxyBehaviorForUpdateDetection-OmaUri-Begin -->
@@ -2406,7 +2409,7 @@ Allows the IT admin to manage whether to scan for app updates from Microsoft Upd
 <!-- AllowTemporaryEnterpriseFeatureControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.1344] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5022913](https://support.microsoft.com/help/5022913) [10.0.22621.1344] and later |
 <!-- AllowTemporaryEnterpriseFeatureControl-Applicability-End -->
 
 <!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-Begin -->
@@ -2650,7 +2653,7 @@ Minimum number of days from update installation until restarts occur automatical
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1852] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1474] and later <br> ✅ Windows 10, version 2004 [10.0.19041.906] and later <br> ✅ Windows 10, version 2009 [10.0.19042.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 with [KB5000854](https://support.microsoft.com/help/5000854) [10.0.17763.1852] and later <br> ✅ Windows 10, version 1909 with [KB5000850](https://support.microsoft.com/help/5000850) [10.0.18363.1474] and later <br> ✅ Windows 10, version 2004 with [KB5000842](https://support.microsoft.com/help/5000842) [10.0.19041.906] and later <br> ✅ Windows 10, version 20H2 with [KB5000842](https://support.microsoft.com/help/5000842) [10.0.19042.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-Applicability-End -->
 
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-OmaUri-Begin -->
@@ -4074,7 +4077,7 @@ Allows IT Admins to specify additional upgrade delays for up to 8 months. Suppor
 <!-- Description-Source-ADMX -->
 Enable this policy to not allow update deferral policies to cause scans against Windows Update.
 
-If this policy is disabled or not configured, then the Windows Update client may initiate automatic scans against Windows Update while update deferral policies are enabled.
+- If this policy is disabled or not configured, then the Windows Update client may initiate automatic scans against Windows Update while update deferral policies are enabled.
 
 > [!NOTE]
 > This policy applies only when the intranet Microsoft update service this computer is directed to is configured to support client-side targeting. If the "Specify intranet Microsoft update service location" policy is disabled or not configured, this policy has no effect.
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 8f672a114e..1d1a1691af 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 06/19/2024
+ms.date: 09/11/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -15,68 +15,6 @@ ms.date: 06/19/2024
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- WindowsAI-Editable-End -->
 
-<!-- AllowImageCreator-Begin -->
-## AllowImageCreator
-
-<!-- AllowImageCreator-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-<!-- AllowImageCreator-Applicability-End -->
-
-<!-- AllowImageCreator-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/WindowsAI/AllowImageCreator
-```
-<!-- AllowImageCreator-OmaUri-End -->
-
-<!-- AllowImageCreator-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy setting allows you to control whether Image Creator functionality is available in the Windows Paint app.
-
-- If you disable this policy setting, Image Creator functionality won't be accessible in the Windows Paint app.
-
-- If you enable or don't configure this policy setting, users will be able to access Image Creator functionality.
-<!-- AllowImageCreator-Description-End -->
-
-<!-- AllowImageCreator-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- AllowImageCreator-Editable-End -->
-
-<!-- AllowImageCreator-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1 |
-<!-- AllowImageCreator-DFProperties-End -->
-
-<!-- AllowImageCreator-AllowedValues-Begin -->
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 | Disabled. |
-| 1 (Default) | Enabled. |
-<!-- AllowImageCreator-AllowedValues-End -->
-
-<!-- AllowImageCreator-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | AllowImageCreator |
-| Path | WindowsAI > AT > WindowsComponents > Paint |
-<!-- AllowImageCreator-GpMapping-End -->
-
-<!-- AllowImageCreator-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- AllowImageCreator-Examples-End -->
-
-<!-- AllowImageCreator-End -->
-
 <!-- DisableAIDataAnalysis-Begin -->
 ## DisableAIDataAnalysis
 
@@ -94,11 +32,13 @@ This policy setting allows you to control whether Image Creator functionality is
 
 <!-- DisableAIDataAnalysis-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to control whether Windows saves snapshots of the screen and analyzes the user's activity on their device.
+This policy setting allows you to determine whether end users have the option to allow snapshots to be saved on their PCs.
 
-- If you enable this policy setting, Windows won't be able to save snapshots and users won't be able to search for or browse through their historical device activity using Recall.
+- If disabled, end users will have a choice to save snapshots of their screen on their PC and then use Recall to find things they've seen.
 
-- If you disable or don't configure this policy setting, Windows will save snapshots of the screen and users will be able to search for or browse through a timeline of their past activities using Recall.
+- If the policy is enabled, end users won't be able to save snapshots on their PC.
+
+- If the policy isn't configured, end users may or may not be able to save snapshots on their PC-depending on other policy configurations.
 <!-- DisableAIDataAnalysis-Description-End -->
 
 <!-- DisableAIDataAnalysis-Editable-Begin -->
@@ -120,8 +60,8 @@ This policy setting allows you to control whether Windows saves snapshots of the
 
 | Value | Description |
 |:--|:--|
-| 0 (Default) | Enable saving Snapshots for Windows. |
-| 1 | Disable saving Snapshots for Windows. |
+| 0 (Default) | Enable Saving Snapshots for Windows. |
+| 1 | Disable Saving Snapshots for Windows. |
 <!-- DisableAIDataAnalysis-AllowedValues-End -->
 
 <!-- DisableAIDataAnalysis-GpMapping-Begin -->
@@ -139,6 +79,130 @@ This policy setting allows you to control whether Windows saves snapshots of the
 
 <!-- DisableAIDataAnalysis-End -->
 
+<!-- DisableCocreator-Begin -->
+## DisableCocreator
+
+<!-- DisableCocreator-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- DisableCocreator-Applicability-End -->
+
+<!-- DisableCocreator-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableCocreator
+```
+<!-- DisableCocreator-OmaUri-End -->
+
+<!-- DisableCocreator-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to control whether Cocreator functionality is disabled in the Windows Paint app.
+
+- If this policy is enabled, Cocreator functionality won't be accessible in the Paint app.
+
+- If this policy is disabled or not configured, users will be able to access Cocreator functionality.
+<!-- DisableCocreator-Description-End -->
+
+<!-- DisableCocreator-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableCocreator-Editable-End -->
+
+<!-- DisableCocreator-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableCocreator-DFProperties-End -->
+
+<!-- DisableCocreator-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Cocreator is enabled. |
+| 1 | Cocreator is disabled. |
+<!-- DisableCocreator-AllowedValues-End -->
+
+<!-- DisableCocreator-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableCocreator |
+| Path | WindowsAI > AT > WindowsComponents > Paint |
+<!-- DisableCocreator-GpMapping-End -->
+
+<!-- DisableCocreator-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableCocreator-Examples-End -->
+
+<!-- DisableCocreator-End -->
+
+<!-- DisableImageCreator-Begin -->
+## DisableImageCreator
+
+<!-- DisableImageCreator-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- DisableImageCreator-Applicability-End -->
+
+<!-- DisableImageCreator-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableImageCreator
+```
+<!-- DisableImageCreator-OmaUri-End -->
+
+<!-- DisableImageCreator-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to control whether Image Creator functionality is disabled in the Windows Paint app.
+
+- If this policy is enabled, Image Creator functionality won't be accessible in the Paint app.
+
+- If this policy is disabled or not configured, users will be able to access Image Creator functionality.
+<!-- DisableImageCreator-Description-End -->
+
+<!-- DisableImageCreator-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableImageCreator-Editable-End -->
+
+<!-- DisableImageCreator-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableImageCreator-DFProperties-End -->
+
+<!-- DisableImageCreator-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Image Creator is enabled. |
+| 1 | Image Creator is disabled. |
+<!-- DisableImageCreator-AllowedValues-End -->
+
+<!-- DisableImageCreator-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableImageCreator |
+| Path | WindowsAI > AT > WindowsComponents > Paint |
+<!-- DisableImageCreator-GpMapping-End -->
+
+<!-- DisableImageCreator-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableImageCreator-Examples-End -->
+
+<!-- DisableImageCreator-End -->
+
 <!-- TurnOffWindowsCopilot-Begin -->
 ## TurnOffWindowsCopilot
 
@@ -148,7 +212,7 @@ This policy setting allows you to control whether Windows saves snapshots of the
 <!-- TurnOffWindowsCopilot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3758] and later <br> ✅ Windows 10, version 22H2 [10.0.19045.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2361] and later <br> ✅ Windows 11, version 23H2 [10.0.22631] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3758] and later <br> ✅ Windows 10, version 22H2 with [KB5032278](https://support.microsoft.com/help/5032278) [10.0.19045.3758] and later <br> ✅ Windows 11, version 22H2 with [KB5030310](https://support.microsoft.com/help/5030310) [10.0.22621.2361] and later <br> ✅ Windows 11, version 23H2 [10.0.22631] and later |
 <!-- TurnOffWindowsCopilot-Applicability-End -->
 
 <!-- TurnOffWindowsCopilot-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/printerprovisioning-csp.md b/windows/client-management/mdm/printerprovisioning-csp.md
index a80ace3abb..8667239d07 100644
--- a/windows/client-management/mdm/printerprovisioning-csp.md
+++ b/windows/client-management/mdm/printerprovisioning-csp.md
@@ -1,7 +1,7 @@
 ---
 title: PrinterProvisioning CSP
 description: Learn more about the PrinterProvisioning CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -32,7 +32,7 @@ The following list shows the PrinterProvisioning configuration service provider
 <!-- User-UPPrinterInstalls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-OmaUri-Begin -->
@@ -71,7 +71,7 @@ This setting will take the action on the specified user account to install or un
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-OmaUri-Begin -->
@@ -111,7 +111,7 @@ Identifies the Universal Print printer, by its Share ID, you wish to install on
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-CloudDeviceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-CloudDeviceID-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-CloudDeviceID-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Identifies the Universal Print printer, by its Printer ID, you wish to install o
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-ErrorCode-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-ErrorCode-OmaUri-Begin -->
@@ -189,7 +189,7 @@ HRESULT of the last installation returned code.
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Install-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Install-OmaUri-Begin -->
@@ -228,7 +228,7 @@ Support async execute. Install Universal Print printer.
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-PrinterSharedName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-PrinterSharedName-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-PrinterSharedName-OmaUri-Begin -->
@@ -267,7 +267,7 @@ Identifies the Universal Print printer, by its Share Name, you wish to install o
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 with [KB5014666](https://support.microsoft.com/help/5014666) [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Status-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Status-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/printerprovisioning-ddf-file.md b/windows/client-management/mdm/printerprovisioning-ddf-file.md
index 4aa2087423..e4db037ecb 100644
--- a/windows/client-management/mdm/printerprovisioning-ddf-file.md
+++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: PrinterProvisioning DDF file
 description: View the XML file containing the device description framework (DDF) for the PrinterProvisioning configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1806, 10.0.19043.1806, 10.0.19042.1806</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 3bca6f69a4..ab06e22815 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: Reboot DDF file
 description: View the XML file containing the device description framework (DDF) for the Reboot configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 2a8292e9f6..5479190d60 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: RootCATrustedCertificates DDF file
 description: View the XML file containing the device description framework (DDF) for the RootCATrustedCertificates configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -1067,7 +1067,7 @@ The following XML file contains the device description framework (DDF) for the R
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index d45d5f6b92..7d49cb3604 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: SecureAssessment DDF file
 description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 0baa724281..4412297df6 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: SharedPC DDF file
 description: View the XML file containing the device description framework (DDF) for the SharedPC configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index fed441c564..0797c3447b 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: SUPL DDF file
 description: View the XML file containing the device description framework (DDF) for the SUPL configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the S
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index f830d00fd8..663982ef0f 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -1,7 +1,7 @@
 ---
 title: SurfaceHub CSP
 description: Learn more about the SurfaceHub CSP.
-ms.date: 05/20/2024
+ms.date: 08/16/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -84,6 +84,7 @@ The following list shows the SurfaceHub configuration service provider nodes:
     - [SleepTimeout](#propertiessleeptimeout)
     - [SurfaceHubMeetingMode](#propertiessurfacehubmeetingmode)
     - [VtcAppPackageId](#propertiesvtcapppackageid)
+  - [UpdateBootManager](#updatebootmanager)
 <!-- SurfaceHub-Tree-End -->
 
 <!-- Device-DeviceAccount-Begin -->
@@ -358,7 +359,7 @@ Possible error values:
 <!-- Device-DeviceAccount-ExchangeModernAuthEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.789] and later <br> ✅ Windows 10, version 2009 [10.0.19042.789] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19041.789] and later <br> ✅ Windows 10, version 20H2 with [KB4598291](https://support.microsoft.com/help/4598291) [10.0.19042.789] and later <br> ✅ Windows Insider Preview |
 <!-- Device-DeviceAccount-ExchangeModernAuthEnabled-Applicability-End -->
 
 <!-- Device-DeviceAccount-ExchangeModernAuthEnabled-OmaUri-Begin -->
@@ -689,7 +690,7 @@ This method validates the data provided and then commits the changes.
 <!-- Device-Dot3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4048955](https://support.microsoft.com/help/4048955) [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Dot3-Applicability-End -->
 
 <!-- Device-Dot3-OmaUri-Begin -->
@@ -728,7 +729,7 @@ Parent node.
 <!-- Device-Dot3-EapUserData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4048955](https://support.microsoft.com/help/4048955) [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Dot3-EapUserData-Applicability-End -->
 
 <!-- Device-Dot3-EapUserData-OmaUri-Begin -->
@@ -767,7 +768,7 @@ Used to specify credentials to authenticate device to the network.
 <!-- Device-Dot3-LanProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 with [KB4048955](https://support.microsoft.com/help/4048955) [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Dot3-LanProfile-Applicability-End -->
 
 <!-- Device-Dot3-LanProfile-OmaUri-Begin -->
@@ -1010,7 +1011,7 @@ Specifies the domain of the Skype for Business account when you are using Active
 <!-- Device-InBoxApps-Teams-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.450] and later <br> ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB4566782](https://support.microsoft.com/help/4566782) [10.0.19041.450] and later <br> ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-InBoxApps-Teams-Applicability-End -->
 
 <!-- Device-InBoxApps-Teams-OmaUri-Begin -->
@@ -1049,7 +1050,7 @@ This node controls policies specific to the Teams App on Surface Hub.
 <!-- Device-InBoxApps-Teams-Configurations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.450] and later <br> ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB4566782](https://support.microsoft.com/help/4566782) [10.0.19041.450] and later <br> ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-InBoxApps-Teams-Configurations-Applicability-End -->
 
 <!-- Device-InBoxApps-Teams-Configurations-OmaUri-Begin -->
@@ -1262,7 +1263,7 @@ Meeting information displayed on the welcome screen.
 <!-- Device-InBoxApps-Whiteboard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 with [KB4522355](https://support.microsoft.com/help/4522355) [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-OmaUri-Begin -->
@@ -1301,7 +1302,7 @@ This node controls policies specific to the Whiteboard App on Surface Hub.
 <!-- Device-InBoxApps-Whiteboard-SharingDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 with [KB4522355](https://support.microsoft.com/help/4522355) [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-SharingDisabled-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-SharingDisabled-OmaUri-Begin -->
@@ -1349,7 +1350,7 @@ When enabled, prevents a user from initiating a collaborative session on the dev
 <!-- Device-InBoxApps-Whiteboard-SignInDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 with [KB4522355](https://support.microsoft.com/help/4522355) [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-SignInDisabled-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-SignInDisabled-OmaUri-Begin -->
@@ -1398,7 +1399,7 @@ When enabled, prevents a user from Signing into Whiteboard on the device.
 <!-- Device-InBoxApps-Whiteboard-TelemetryDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 with [KB4522355](https://support.microsoft.com/help/4522355) [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-TelemetryDisabled-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-TelemetryDisabled-OmaUri-Begin -->
@@ -1787,7 +1788,7 @@ Specifies the start time for maintenance hours in minutes from midnight. For exa
 <!-- Device-Management-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 with [KB4015438](https://support.microsoft.com/help/4015438) [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Management-Applicability-End -->
 
 <!-- Device-Management-OmaUri-Begin -->
@@ -1826,7 +1827,7 @@ Not a supported scenario.
 <!-- Device-Management-GroupName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 with [KB4015438](https://support.microsoft.com/help/4015438) [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Management-GroupName-Applicability-End -->
 
 <!-- Device-Management-GroupName-OmaUri-Begin -->
@@ -1865,7 +1866,7 @@ The name of the domain admin group to add to the administrators group on the dev
 <!-- Device-Management-GroupSid-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 with [KB4015438](https://support.microsoft.com/help/4015438) [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Management-GroupSid-Applicability-End -->
 
 <!-- Device-Management-GroupSid-OmaUri-Begin -->
@@ -2021,7 +2022,7 @@ Primary key for authenticating with workspace. Will always return an empty strin
 <!-- Device-MOMAgentGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5036979](https://support.microsoft.com/help/5036979) [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-Applicability-End -->
 
 <!-- Device-MOMAgentGovtCloud-OmaUri-Begin -->
@@ -2059,7 +2060,7 @@ Primary key for authenticating with workspace. Will always return an empty strin
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5036979](https://support.microsoft.com/help/5036979) [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Applicability-End -->
 
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-OmaUri-Begin -->
@@ -2099,7 +2100,7 @@ Enum value for Azure Clouds supported for OMS tracking in SurfaceHub.
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5036979](https://support.microsoft.com/help/5036979) [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Applicability-End -->
 
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-OmaUri-Begin -->
@@ -2138,7 +2139,7 @@ GUID identifying the Microsoft Operations Management Suite workspace ID to colle
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5036979](https://support.microsoft.com/help/5036979) [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Applicability-End -->
 
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-OmaUri-Begin -->
@@ -2314,7 +2315,7 @@ Specifies whether to allow the ability to resume a session when the session time
 <!-- Device-Properties-DefaultAutomaticFraming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 20H2 [10.0.19042] and later |
 <!-- Device-Properties-DefaultAutomaticFraming-Applicability-End -->
 
 <!-- Device-Properties-DefaultAutomaticFraming-OmaUri-Begin -->
@@ -2804,7 +2805,7 @@ Specifies the number of minutes until the Hub enters sleep mode.
 <!-- Device-Properties-SurfaceHubMeetingMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 with [KB4015438](https://support.microsoft.com/help/4015438) [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-SurfaceHubMeetingMode-Applicability-End -->
 
 <!-- Device-Properties-SurfaceHubMeetingMode-OmaUri-Begin -->
@@ -2845,7 +2846,7 @@ Teams mode.
 <!-- Device-Properties-VtcAppPackageId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 with [KB4015438](https://support.microsoft.com/help/4015438) [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-VtcAppPackageId-Applicability-End -->
 
 <!-- Device-Properties-VtcAppPackageId-OmaUri-Begin -->
@@ -2878,6 +2879,55 @@ App name.
 
 <!-- Device-Properties-VtcAppPackageId-End -->
 
+<!-- Device-UpdateBootManager-Begin -->
+## UpdateBootManager
+
+<!-- Device-UpdateBootManager-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045] and later |
+<!-- Device-UpdateBootManager-Applicability-End -->
+
+<!-- Device-UpdateBootManager-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SurfaceHub/UpdateBootManager
+```
+<!-- Device-UpdateBootManager-OmaUri-End -->
+
+<!-- Device-UpdateBootManager-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enables new boot manager usage.
+<!-- Device-UpdateBootManager-Description-End -->
+
+<!-- Device-UpdateBootManager-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UpdateBootManager-Editable-End -->
+
+<!-- Device-UpdateBootManager-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 0 |
+<!-- Device-UpdateBootManager-DFProperties-End -->
+
+<!-- Device-UpdateBootManager-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disable new boot manager. |
+| 320 | Enable new boot manager. |
+<!-- Device-UpdateBootManager-AllowedValues-End -->
+
+<!-- Device-UpdateBootManager-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UpdateBootManager-Examples-End -->
+
+<!-- Device-UpdateBootManager-End -->
+
 <!-- SurfaceHub-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- SurfaceHub-CspMoreInfo-End -->
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 3222bade2d..1193b28214 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: SurfaceHub DDF file
 description: View the XML file containing the device description framework (DDF) for the SurfaceHub configuration service provider.
-ms.date: 04/22/2024
+ms.date: 08/16/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -1574,6 +1574,43 @@ The following XML file contains the device description framework (DDF) for the S
         </DFProperties>
       </Node>
     </Node>
+    <Node>
+      <NodeName>UpdateBootManager</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+          <Replace />
+        </AccessType>
+        <Description>Enables new boot manager usage.</Description>
+        <DefaultValue>0</DefaultValue>
+        <DFFormat>
+          <int />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <MIME>text/plain</MIME>
+        </DFType>
+        <MSFT:Applicability>
+          <MSFT:OsBuildVersion>10.0.19045</MSFT:OsBuildVersion>
+          <MSFT:CspVersion>1.0</MSFT:CspVersion>
+        </MSFT:Applicability>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Disable new boot manager</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>320</MSFT:Value>
+            <MSFT:ValueDescription>Enable new boot manager</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
     <Node>
       <NodeName>Management</NodeName>
       <DFProperties>
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index f6ca93aa95..eba37a1745 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -8,12 +8,26 @@ items:
   - name: Device description framework (DDF) files
     href: configuration-service-provider-ddf.md
   - name: Support scenarios
-    href: configuration-service-provider-support.md
+    items:
+    - name: Configuration service provider support
+      href: configuration-service-provider-support.md
+    - name: Policies supported by Windows Insider Preview
+      href: policies-in-preview.md
+    - name: Policies supported by HoloLens 2
+      href: policies-in-policy-csp-supported-by-hololens2.md
+    - name: Policies supported by HoloLens (1st gen) Commercial Suite
+      href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
+    - name: Policies supported by HoloLens (1st gen) Development Edition
+      href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
+    - name: Policies supported by Windows 10 Team
+      href: policies-in-policy-csp-supported-by-surface-hub.md
+    - name: Policies that can be set using Exchange Active Sync
+      href: policies-in-policy-csp-that-can-be-set-using-eas.md
   - name: WMI Bridge provider
     items:
     - name: Using PowerShell scripting with the WMI Bridge Provider
       href: ../using-powershell-scripting-with-the-wmi-bridge-provider.md
-    - name: WMI providers supported in Windows 10
+    - name: WMI providers supported in Windows
       href: ../wmi-providers-supported-in-windows.md
   - name: Understanding ADMX policies
     href: ../understanding-admx-backed-policies.md
@@ -29,11 +43,21 @@ items:
       href: ../structure-of-oma-dm-provisioning-files.md
     - name: Server requirements for OMA DM
       href: ../server-requirements-windows-mdm.md
-  - name: Declared Configuration protocol
-    href: ../declared-configuration.md
+  - name: Declared Configuration
     items:
-    - name: Declared Configuration extensibility
+    - name: Protocol
+      expanded: true
+      items:
+        - name: Overview
+          href: ../declared-configuration.md
+        - name: Discovery
+          href: ../declared-configuration-discovery.md
+        - name: Enrollment
+          href: ../declared-configuration-enrollment.md
+    - name: Extensibility
       href: ../declared-configuration-extensibility.md
+    - name: Resource access
+      href: ../declared-configuration-resource-access.md
     - name: DeclaredConfiguration CSP
       href: declaredconfiguration-csp.md
     - name: DMClient CSP
@@ -46,24 +70,6 @@ items:
       items:
       - name: Policy CSP DDF file
         href: configuration-service-provider-ddf.md
-      - name: Policy CSP support scenarios
-        items:
-        - name: Policies that are ADMX-backed
-          href: policies-in-policy-csp-admx-backed.md
-        - name: Policies supported by Group Policy
-          href: policies-in-policy-csp-supported-by-group-policy.md
-        - name: Policies supported by HoloLens 2
-          href: policies-in-policy-csp-supported-by-hololens2.md
-        - name: Policies supported by HoloLens (1st gen) Commercial Suite
-          href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
-        - name: Policies supported by HoloLens (1st gen) Development Edition
-          href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
-        - name: Policies supported by Windows 10 IoT Core
-          href: policies-in-policy-csp-supported-by-iot-core.md
-        - name: Policies supported by Windows 10 Team
-          href: policies-in-policy-csp-supported-by-surface-hub.md
-        - name: Policies that can be set using Exchange Active Sync (EAS)
-          href: policies-in-policy-csp-that-can-be-set-using-eas.md
       - name: Policy CSP areas
         expanded: true
         items:
@@ -363,6 +369,8 @@ items:
           href: policy-csp-admx-workfoldersclient.md
         - name: ADMX_WPN
           href: policy-csp-admx-wpn.md
+        - name: AppDeviceInventory
+          href: policy-csp-appdeviceinventory.md
         - name: ApplicationDefaults
           href: policy-csp-applicationdefaults.md
         - name: ApplicationManagement
@@ -379,7 +387,7 @@ items:
           href: policy-csp-authentication.md
         - name: Autoplay
           href: policy-csp-autoplay.md
-        - name: Bitlocker
+        - name: BitLocker
           href: policy-csp-bitlocker.md
         - name: BITS
           href: policy-csp-bits.md
diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md
index 183576910e..a2cceef581 100644
--- a/windows/client-management/mdm/universalprint-csp.md
+++ b/windows/client-management/mdm/universalprint-csp.md
@@ -18,9 +18,9 @@ The table below shows the applicability of Windows:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
-The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, go to [What is Universal Print](/universal-print/fundamentals/universal-print-whatis).
+The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, see [Discover Universal Print](/universal-print/discover-universal-print).
 
-This CSP was added in Windows 11 and in Windows 10 21H2 July 2022 update [KB5015807](https://support.microsoft.com/topic/july-12-2022-kb5015807-os-builds-19042-1826-19043-1826-and-19044-1826-8c8ea8fe-ec83-467d-86fb-a2f48a85eb41).
+This CSP was added in Windows 11 and in Windows 10, version 21H2 July 2022 update [KB5015807](https://support.microsoft.com/topic/july-12-2022-kb5015807-os-builds-19042-1826-19043-1826-and-19044-1826-8c8ea8fe-ec83-467d-86fb-a2f48a85eb41).
 
 The following example shows the UniversalPrint configuration service provider in tree format.
 
@@ -52,7 +52,7 @@ The data type is node (XML node). Supported operation is Get.
 
 <a href="" id="guidprintersharedid)"></a>**`<GUID>` (PrinterSharedID)**
 
-The Share ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+The Share ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share ID in the printer's properties in the [Universal Print portal](/universal-print/reference/portal/navigate-azure-portal).
 
 The data type is node (XML node). Supported operations are Get, Add, and Delete.
 
@@ -61,7 +61,7 @@ The data type is node (XML node). Supported operations are Get, Add, and Delete.
 
 <a href="" id="clouddeviceid"></a>**CloudDeviceID**
 
-The Printer ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Printer ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+The Printer ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Printer ID in the printer's properties in the [Universal Print portal](/universal-print/reference/portal/navigate-azure-portal).
 
 The data type is string/text (GUID). Supported operations are Get, Add, Delete, and Replace.
 
@@ -70,7 +70,7 @@ The data type is string/text (GUID). Supported operations are Get, Add, Delete,
 
 <a href="" id="printersharedname"></a>**PrinterSharedName**
 
-The Share Name is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share Name in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+The Share Name is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share Name in the printer's properties in the [Universal Print portal](/universal-print/reference/portal/navigate-azure-portal).
 
 The data type is string/text. Supported operations are Get, Add, Delete, and Replace.
 
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 7454dd4105..abe39e405a 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: VPNv2 DDF file
 description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the V
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -3265,7 +3265,7 @@ The following XML file contains the device description framework (DDF) for the V
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index d1e6f1f167..a2a8cf4407 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: WiFi DDF file
 description: View the XML file containing the device description framework (DDF) for the WiFi configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -322,7 +322,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index 040365664e..c0d23cc517 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -17,6 +17,13 @@ The table below shows the applicability of Windows:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+> [!IMPORTANT]
+> Windows 11 Home devices that have been upgraded to one of the below mentioned applicable editions might require you to run the following command before onboarding:
+> 
+> `DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~`
+> 
+> For more information about edition upgrades and features, see [Customize Windows features](/windows-hardware/manufacture/desktop/windows-features?view=windows-11&preserve-view=true).
+
 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
 
 The following example shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index b4460e2d71..06f96f2518 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsDefenderApplicationGuard DDF file
 description: View the XML file containing the device description framework (DDF) for the WindowsDefenderApplicationGuard configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.1</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index f880dd265e..91e5d7b4ea 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsLicensing CSP
 description: Learn more about the WindowsLicensing CSP.
-ms.date: 01/18/2024
+ms.date: 08/06/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -156,7 +156,7 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi
 <!-- Device-DeviceLicensingService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-OmaUri-Begin -->
@@ -195,7 +195,7 @@ Device Based Subscription.
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-OmaUri-Begin -->
@@ -234,7 +234,7 @@ Returns the last error code of Refresh/Remove Device License operation. Value wo
 <!-- Device-DeviceLicensingService-DeviceLicensingLastErrorDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-DeviceLicensingLastErrorDescription-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-DeviceLicensingLastErrorDescription-OmaUri-Begin -->
@@ -273,7 +273,7 @@ Returns last error description from Device Licensing. Value would be empty, if e
 <!-- Device-DeviceLicensingService-DeviceLicensingStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-DeviceLicensingStatus-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-DeviceLicensingStatus-OmaUri-Begin -->
@@ -312,7 +312,7 @@ Returns the status of Refresh/Remove Device License operation.
 <!-- Device-DeviceLicensingService-LicenseType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 with [KB5018483](https://support.microsoft.com/help/5018483) [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-LicenseType-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-LicenseType-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index 571ba992b0..d2abdc9fc4 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsLicensing DDF file
 description: View the XML file containing the device description framework (DDF) for the WindowsLicensing configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index c3aebaeba0..178bba80f3 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -1,7 +1,7 @@
 ---
 title: WiredNetwork DDF file
 description: View the XML file containing the device description framework (DDF) for the WiredNetwork configuration service provider.
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -118,7 +118,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mobile-device-enrollment.md b/windows/client-management/mobile-device-enrollment.md
index 5d0537216a..214a73f052 100644
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@@ -2,7 +2,7 @@
 title: Mobile device enrollment
 description: Learn how mobile device enrollment verifies that only authenticated and authorized devices are managed by the enterprise.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ms.collection:
 - highpri
 - tier2
@@ -43,13 +43,13 @@ The certificate enrollment is an implementation of the MS-WSTEP protocol.
 
 ### Management configuration
 
-The server sends provisioning XML that contains a server certificate (for TLS/SSL server authentication), a client certificate issued by enterprise CA, DM client bootstrap information (for the client to communicate with the management server), an enterprise application token (for the user to install enterprise applications), and the link to download the Company Hub application.
+The server sends provisioning XML that contains a server certificate (for TLS/SSL server authentication), a client certificate issued by enterprise CA, DMClient bootstrap information (for the client to communicate with the management server), an enterprise application token (for the user to install enterprise applications), and the link to download the Company Hub application.
 
 The following articles describe the end-to-end enrollment process using various authentication methods:
 
 - [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
 - [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
-- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
+- [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md)
 
 > [!NOTE]
 > As a best practice, don't use hardcoded server-side checks on values such as:
@@ -168,4 +168,4 @@ TraceID is a freeform text node that is logged. It should identify the server si
 - [MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)
 - [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
 - [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
-- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
+- [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md)
diff --git a/windows/client-management/new-in-windows-mdm-enrollment-management.md b/windows/client-management/new-in-windows-mdm-enrollment-management.md
index dcfbdeb34b..053a0dd779 100644
--- a/windows/client-management/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/new-in-windows-mdm-enrollment-management.md
@@ -3,7 +3,7 @@ title: What's new in MDM enrollment and management
 description: Discover what's new and breaking changes in mobile device management (MDM) enrollment and management experience across all Windows devices.
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # What's new in mobile device enrollment and management
diff --git a/windows/client-management/oma-dm-protocol-support.md b/windows/client-management/oma-dm-protocol-support.md
index 3d1ff0619c..5caf42c5f0 100644
--- a/windows/client-management/oma-dm-protocol-support.md
+++ b/windows/client-management/oma-dm-protocol-support.md
@@ -2,7 +2,7 @@
 title: OMA DM protocol support
 description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # OMA DM protocol support
diff --git a/windows/client-management/on-premise-authentication-device-enrollment.md b/windows/client-management/on-premise-authentication-device-enrollment.md
index 0d3a3b1a1d..e6c445b43c 100644
--- a/windows/client-management/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/on-premise-authentication-device-enrollment.md
@@ -2,7 +2,7 @@
 title: On-premises authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # On-premises authentication device enrollment
diff --git a/windows/client-management/push-notification-windows-mdm.md b/windows/client-management/push-notification-windows-mdm.md
index 0ac4310aab..e0842698e8 100644
--- a/windows/client-management/push-notification-windows-mdm.md
+++ b/windows/client-management/push-notification-windows-mdm.md
@@ -2,7 +2,7 @@
 title: Push notification support for device management
 description: The DMClient CSP supports the ability to configure push-initiated device management sessions.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Push notification support for device management
diff --git a/windows/client-management/server-requirements-windows-mdm.md b/windows/client-management/server-requirements-windows-mdm.md
index 6b3a303e0a..92e09679f4 100644
--- a/windows/client-management/server-requirements-windows-mdm.md
+++ b/windows/client-management/server-requirements-windows-mdm.md
@@ -2,7 +2,7 @@
 title: Server requirements for using OMA DM to manage Windows devices
 description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Server requirements for using OMA DM to manage Windows devices
@@ -11,11 +11,11 @@ The following list shows the general server requirements for using OMA DM to man
 
 - The OMA DM server must support the OMA DM v1.1.2 or later protocol.
 
-- Secure Sockets Layer (TLS/SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate isn't issued by a commercial Certification Authority whose root certificate is preinstalled in the device, you must provision the enterprise root certificate in the device's Root store.
+- Secure Sockets Layer (TLS/SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate isn't issued by a public Certification Authority whose root certificate is preinstalled in the device, you must provision the enterprise root certificate in the device's Root store.
 
 - To authenticate the client at the application level, you must use either Basic or MD5 client authentication.
 
-- The server MD5 nonce must be renewed in each DM session. The DM client sends the new server nonce for the next session to the server over the Status element in every DM session.
+- The server MD5 nonce must be renewed in each DM session. The DMClient sends the new server nonce for the next session to the server over the Status element in every DM session.
 
 - The MD5 binary nonce is sent over XML B64 encoded format, but the octal form of the binary data should be used when the service calculates the hash.
 
diff --git a/windows/client-management/structure-of-oma-dm-provisioning-files.md b/windows/client-management/structure-of-oma-dm-provisioning-files.md
index 170d213948..a1fcf0777c 100644
--- a/windows/client-management/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/structure-of-oma-dm-provisioning-files.md
@@ -2,7 +2,7 @@
 title: Structure of OMA DM provisioning files
 description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Structure of OMA DM provisioning files
diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml
index b6e225d925..4aa913ef53 100644
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@@ -48,7 +48,7 @@ items:
                 href: enterprise-app-management.md
               - name: Manage updates
                 href: device-update-management.md
-              - name: Manage Copilot in Windows
+              - name: Updated Windows and Microsoft Copilot experience
                 href: manage-windows-copilot.md
               - name: Manage Recall
                 href: manage-recall.md                
diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md
index 7b80861923..f327359fe3 100644
--- a/windows/client-management/understanding-admx-backed-policies.md
+++ b/windows/client-management/understanding-admx-backed-policies.md
@@ -2,7 +2,7 @@
 title: Understanding ADMX policies
 description: You can use ADMX policies for Windows mobile device management (MDM) across Windows devices.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Understanding ADMX policies
diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 5fc0485080..ca347147ab 100644
--- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -2,7 +2,7 @@
 title: Using PowerShell scripting with the WMI Bridge Provider
 description: This article covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Using PowerShell scripting with the WMI Bridge Provider
diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md
index ff1887a640..363072d68c 100644
--- a/windows/client-management/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md
@@ -2,7 +2,7 @@
 title: Win32 and Desktop Bridge app ADMX policy Ingestion
 description: Ingest ADMX files and set ADMX policies for Win32 and Desktop Bridge apps.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Win32 and Desktop Bridge app ADMX policy Ingestion
diff --git a/windows/client-management/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md
index 03c28bfba7..a9b47a78e9 100644
--- a/windows/client-management/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/windows-mdm-enterprise-settings.md
@@ -1,17 +1,17 @@
 ---
 title: Enterprise settings and policy management
-description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
+description: The DMClient manages the interaction between a device and a server. Learn more about the client-server management workflow.
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # Enterprise settings and policy management
 
-The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://technical.openmobilealliance.org/).
+The actual management interaction between the device and server is done via the DMClient. The DMClient communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://technical.openmobilealliance.org/).
 
-Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](mdm/index.yml).
+Enterprise MDM settings are exposed via various configuration service providers to the DMClient. For the list of available configuration service providers, see [Configuration service provider reference](mdm/index.yml).
 
-Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. During the enrollment process, the task scheduler is configured to invoke the DM client to periodically poll the MDM server.
+Windows currently supports one MDM server. The DMClient that is configured via the enrollment process is granted access to enterprise related settings. During the enrollment process, the task scheduler is configured to invoke the DMClient to periodically poll the MDM server.
 
 The following diagram shows the work flow between server and client.
 
@@ -21,9 +21,9 @@ The following diagram shows the work flow between server and client.
 
 This protocol defines an HTTPS-based client/server communication with DM SyncML XML as the package payload that carries management requests and execution results. The configuration request is addressed via a managed object (MO). The settings supported by the managed object are represented in a conceptual tree structure. This logical view of configurable device settings simplifies the way the server addresses the device settings by isolating the implementation details from the conceptual tree structure.
 
-To facilitate security-enhanced communication with the remote server for enterprise management, Windows supports certificate-based mutual authentication over an encrypted TLS/SSL HTTP channel between the DM client and management service. The server and client certificates are provisioned during the enrollment process.
+To facilitate security-enhanced communication with the remote server for enterprise management, Windows supports certificate-based mutual authentication over an encrypted TLS/SSL HTTP channel between the DMClient and management service. The server and client certificates are provisioned during the enrollment process.
 
-The DM client configuration, company policy enforcement, business application management, and device inventory are all exposed or expressed via configuration service providers (CSPs). CSPs are the Windows term for managed objects. The DM client communicates with the server and sends configuration request to CSPs. The server only needs to know the logical local URIs defined by those CSP nodes in order to use the DM protocol XML to manage the device.
+The DMClient configuration, company policy enforcement, business application management, and device inventory are all exposed or expressed via configuration service providers (CSPs). CSPs are the Windows term for managed objects. The DMClient communicates with the server and sends configuration request to CSPs. The server only needs to know the logical local URIs defined by those CSP nodes in order to use the DM protocol XML to manage the device.
 
 Here's a summary of the DM tasks supported for enterprise management:
 
diff --git a/windows/client-management/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md
index 9afd80ebd2..610f0e36b9 100644
--- a/windows/client-management/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/wmi-providers-supported-in-windows.md
@@ -2,7 +2,7 @@
 title: WMI providers supported in Windows
 description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
 ms.topic: conceptual
-ms.date: 08/10/2023
+ms.date: 07/08/2024
 ---
 
 # WMI providers supported in Windows
diff --git a/windows/configuration/accessibility/index.md b/windows/configuration/accessibility/index.md
index 335576ee27..815d514593 100644
--- a/windows/configuration/accessibility/index.md
+++ b/windows/configuration/accessibility/index.md
@@ -1,94 +1,44 @@
 ---
-title: Windows accessibility information for IT Pros
-description: Lists the various accessibility features available in Windows client with links to detailed guidance on how to set them.
-ms.date: 01/25/2024
-ms.topic: conceptual
+title: Windows accessibility for IT pros
+description: Basic guidance for IT administrators on accessibility features available in Windows client.
+ms.date: 08/22/2024
+ms.topic: concept-article
+ms.subservice: accessibility
 ms.collection: tier1
 ---
 
-<!-- MAXADO-8138357 -->
-<!-- MAXADO-8138352 -->
-
 # Accessibility information for IT professionals
 
 Microsoft is dedicated to making its products and services accessible and usable for everyone. Windows includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows.
 
-This article helps you as the IT administrator learn about built-in accessibility features. It also includes recommendations for how to support people in your organization who use these features.
+For more information about the accessibility resources available in Windows, see [Discover Windows accessibility features](https://support.microsoft.com/windows/discover-windows-accessibility-features-8b1068e6-d3b8-4ba8-b027-133dd8911df9#WindowsVersion=Windows_11).
 
-Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).
-<!-- 6294246 -->
+Windows 11, version 22H2, includes improvements for people with disabilities. For example, system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see the following Windows Experience blog posts:
+
+- [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)
+
+- [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/2022/09/20/how-inclusion-drives-innovation-in-windows-11/)
 
 ## General recommendations
 
 - **Be aware of Ease of Access settings**. Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows.
+
 - **Don't block settings**. Avoid using group policy or MDM settings that override Ease of Access settings.
+
 - **Encourage choice**. Allow people in your organization to customize their computers based on their needs. That customization might be installing an add-on for their browser, or a non-Microsoft assistive technology.
 
-## Vision
+- Use the [Azure AI Translator](/azure/ai-services/translator/) service to add machine translation to your solutions.
 
-- [Use Narrator to use devices without a screen](https://support.microsoft.com/windows/complete-guide-to-narrator-e4397a0d-ef4f-b386-d8ae-c172f109bdb1). Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices. Now the user is able to download and install 10 more natural languages.
-- [Create accessible apps](/windows/apps/develop/accessibility). You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.
-- Use keyboard shortcuts. Get the most out of Windows with shortcuts for apps and desktops.
-  - [Keyboard shortcuts in Windows](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec)
-  - [Narrator keyboard commands and touch gestures](https://support.microsoft.com/windows/appendix-b-narrator-keyboard-commands-and-touch-gestures-8bdab3f4-b3e9-4554-7f28-8b15bd37410a)
-  - [Windows keyboard shortcuts for accessibility](https://support.microsoft.com/windows/windows-keyboard-shortcuts-for-accessibility-021bcb62-45c8-e4ef-1e4f-41b8c1fc87fd)
-- Get closer with [Magnifier](https://support.microsoft.com/windows/use-magnifier-to-make-things-on-the-screen-easier-to-see-414948ba-8b1c-d3bd-8615-0e5e32204198). Magnifier enlarges all or part of your screen and offers various configuration settings.
-- [Make Windows easier to see](https://support.microsoft.com/windows/make-windows-easier-to-see-c97c2b0d-cadb-93f0-5fd1-59ccfe19345d).
-  - Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.
-  - Adjust the size of text, icons, and other screen items to make them easier to see.
-  - Many high-contrast themes are available to suit your needs.
-- [Have Cortana assist](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-- [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes speech recognition that lets you tell it what to do.
-- [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-- [Keep notifications around longer](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1). If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
-- [Read in braille](https://support.microsoft.com/windows/chapter-8-using-narrator-with-braille-3e5f065b-1c9d-6eb2-ec6d-1d07c9e94b20). Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.
-- Starting in Windows 11, version 22H2 with [KB5022913](https://support.microsoft.com/kb/5022913), the compatibility of braille displays has been expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience.
+- [Create accessible apps](/windows/apps/develop/accessibility) that work well with Narrator and other leading screen readers.
 
-## Hearing
-
-- [Use live captions to better understand audio](https://support.microsoft.com/windows/use-live-captions-to-better-understand-audio-b52da59c-14b8-4031-aeeb-f6a47e6055df). Use Windows 11, version 22H2 or later to better understand any spoken audio with real time captions.
-- Starting with Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446), live captions now supports additional languages.
-- [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
-- [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
-
-- [Make Windows easier to hear](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1).
-  - Replace audible alerts with visual alerts.
-  - If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
-  - Send all sounds to both left and right channels, which is helpful for those people with partial hearing loss or deafness in one ear.
-- [Read spoken words with captioning](https://support.microsoft.com/windows/change-caption-settings-135c465b-8cfd-3bac-9baf-4af74bc0069a). You can customize things like color, size, and background transparency to suit your needs and tastes.
-- Use the [Azure Cognitive Services Translator](/azure/cognitive-services/translator/) service to add machine translation to your solutions.
-
-## Physical
-
-- [Have Cortana assist you](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-- [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes voice recognition that lets you tell it what to do.
-- [Use the On-Screen Keyboard (OSK)](https://support.microsoft.com/windows/use-the-on-screen-keyboard-osk-to-type-ecbb5e08-5b4e-d8c8-f794-81dbf896267a). Instead of relying on a physical keyboard, use the OSK to enter data and select keys with a mouse or other pointing device. It also offers word prediction and completion.
-- [Make your mouse, keyboard, and other input devices easier to use](https://support.microsoft.com/windows/make-your-mouse-keyboard-and-other-input-devices-easier-to-use-10733da7-fa82-88be-0672-f123d4b3dcfe).
-
-  - If you have limited control of your hands, you can personalize your keyboard to do helpful things like ignore repeated keys.
-  - If a mouse is difficult to use, you can control the pointer by using your numeric keypad.
-
-## Cognition
-
-- [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
 - [Download and use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721). **Fluent Sitka Small** and **Fluent Calibri** are fonts that address "visual crowding" by adding character and enhance word and line spacing.
-- [Microsoft Edge reading view](https://support.microsoft.com/windows/take-your-reading-with-you-b6699255-4436-708e-7b93-4d2e19a15af8). Clears distracting content from web pages so you can stay focused on what you really want to read.
-
-## Assistive technology devices built into Windows
-
-- [Hear text read aloud with Narrator](https://support.microsoft.com/windows/hear-text-read-aloud-with-narrator-040f16c1-4632-b64e-110a-da4a0ac56917). Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.
-- Scripting functionality has been added to Narrator. There is store delivery of Narrator extension scripts which currently include an Outlook script and an Excel script.
-- [Use voice recognition](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571).
-
-<!-- MAXADO-8138354 -->
-- With spellings experience in voice access, you can dictate a complex or non-standard word letter-by-letter and add it to Windows dictionary. The next time you try to dictate the same word, voice access improves its recognition.
-
-- [Save time with keyboard shortcuts](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec).
-- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
 
 ## Other resources
 
-[Windows accessibility](https://www.microsoft.com/Accessibility/windows)
-[Designing accessible software](/windows/apps/design/accessibility/designing-inclusive-software)
-[Inclusive design](https://www.microsoft.com/design/inclusive)
-[Accessibility guide for Microsoft 365 Apps](/deployoffice/accessibility-guide)
+- [Windows accessibility](https://www.microsoft.com/windows/accessibility-features)
+
+- [Designing accessible software](/windows/apps/design/accessibility/designing-inclusive-software)
+
+- [Inclusive design](https://inclusive.microsoft.design/)
+
+- [Accessibility guide for Microsoft 365 Apps](/microsoft-365-apps/deploy/accessibility-guide)
diff --git a/windows/configuration/assigned-access/shell-launcher/configuration-file.md b/windows/configuration/assigned-access/shell-launcher/configuration-file.md
index 2dba54c2c4..d63efdb85b 100644
--- a/windows/configuration/assigned-access/shell-launcher/configuration-file.md
+++ b/windows/configuration/assigned-access/shell-launcher/configuration-file.md
@@ -106,7 +106,7 @@ Each profile defines a `Shell` element, which contains details about the applica
 |-|-|-|
 |`Shell`| Application that is used as a Windows shell. |- For Universal Windows Platform (UWP) apps, you must provide the App User Model ID (AUMID). Learn how to [Find the Application User Model ID of an installed app](../../store/find-aumid.md).<br>- For desktop apps, specify the full path of the executable, which can contain system environment variables in the form of `%variableName%`. You can also specify any parameters that the app might require. |
 |`V2:AppType`| Defines the type of application. |Allowed values are `Desktop` and `UWP`.|
-|`V2:AllAppsFullScreen` | Boolean value that defines if all applications are executed in full screen. |- When set to `True`, Shell Launcher runs every app in full screen, or maximized for desktop apps.<br>- When set to `False` or not set, only the custom shell app runs in full screen; other apps launched by the user run in windowed mode.|
+|`V2:AllAppsFullScreen` | Boolean value that defines if all applications are executed in full screen. |- When set to `true`, Shell Launcher runs every app in full screen, or maximized for desktop apps.<br>- When set to `false` or not set, only the custom shell app runs in full screen; other apps launched by the user run in windowed mode.|
 
 Example:
 
diff --git a/windows/configuration/assigned-access/shell-launcher/index.md b/windows/configuration/assigned-access/shell-launcher/index.md
index 2b0ae488ab..4a51fa2143 100644
--- a/windows/configuration/assigned-access/shell-launcher/index.md
+++ b/windows/configuration/assigned-access/shell-launcher/index.md
@@ -127,5 +127,4 @@ Depending on your configuration, you can have a user to automatically sign in to
 <!--links-->
 
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
-[MEM-2]: /mem/intune/fundamentals/licenses#device-only-licenses
 [WIN-3]: /windows/client-management/mdm/assignedaccess-csp
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 9cd7b554d8..32f9c41247 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -52,12 +52,11 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Configure Windows",
       "contributors_to_exclude": [
         "dstrome2",
-        "rjagiewich",  
+        "rjagiewich",
         "American-Dipper",
-        "claydetels19", 
+        "claydetels19",
         "jborsecnik",
         "v-stchambers",
         "shdyas",
@@ -65,16 +64,15 @@
         "garycentric",
         "dstrome",
         "beccarobins",
-        "alekyaj"
+        "alekyaj",
+        "padmagit77",
+        "aditisrivastava07"
       ],
       "searchScope": [
         "Windows 10"
       ]
     },
     "fileMetadata": {
-      "feedback_system": {
-        "ue-v/**/*.*": "None"
-      },
       "author":{
         "accessibility//**/*.md": "paolomatarazzo",
         "accessibility//**/*.yml": "paolomatarazzo",
@@ -96,8 +94,6 @@
         "taskbar//**/*.yml": "paolomatarazzo",
         "tips//**/*.md": "paolomatarazzo",
         "tips//**/*.yml": "paolomatarazzo",
-        "ue-v//**/*.md": "aczechowski",
-        "ue-v//**/*.yml": "aczechowski",
         "wcd//**/*.md": "vinaypamnani-msft",
         "wcd//**/*.yml": "vinaypamnani-msft"
       },
@@ -122,8 +118,6 @@
         "taskbar//**/*.yml": "paoloma",
         "tips//**/*.md": "paoloma",
         "tips//**/*.yml": "paoloma",
-        "ue-v//**/*.md": "aaroncz",
-        "ue-v//**/*.yml": "aaroncz",
         "wcd//**/*.md": "vinpa",
         "wcd//**/*.yml": "vinpa"
       },
@@ -132,20 +126,13 @@
         "start//**/*.md": "ericpapa"
       },
       "ms.collection": {
-        "wcd//**/*.md": "must-keep",
-        "ue-v//**/*.md": [
-          "must-keep",
-          "tier3"
-        ]
+        "wcd//**/*.md": "must-keep"
       },
       "appliesto": {
         "*/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
         ],
-        "ue-v//**/*.md": [
-          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
-        ],
         "wcd//**/*.md": ""
       }
     },
@@ -153,4 +140,4 @@
     "dest": "win-configuration",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/configuration/images/icons/notification.svg b/windows/configuration/images/icons/notification.svg
deleted file mode 100644
index 0da0f9814d..0000000000
--- a/windows/configuration/images/icons/notification.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M4.71289 13.625H2.33105C2.03809 13.625 1.75684 13.5664 1.4873 13.4492C1.22363 13.3262 0.989258 13.165 0.78418 12.9658C0.584961 12.7607 0.423828 12.5264 0.300781 12.2627C0.183594 11.9932 0.125 11.7119 0.125 11.4189V2.33105C0.125 2.03809 0.183594 1.75977 0.300781 1.49609C0.423828 1.22656 0.584961 0.992188 0.78418 0.792969C0.989258 0.587891 1.22363 0.426758 1.4873 0.30957C1.75684 0.186523 2.03809 0.125 2.33105 0.125H13.6689C13.9619 0.125 14.2402 0.186523 14.5039 0.30957C14.7734 0.426758 15.0078 0.587891 15.207 0.792969C15.4121 0.992188 15.5732 1.22656 15.6904 1.49609C15.8135 1.75977 15.875 2.03809 15.875 2.33105V11.4189C15.875 11.7236 15.8135 12.0107 15.6904 12.2803C15.5674 12.5439 15.4033 12.7754 15.1982 12.9746C14.9932 13.1738 14.7529 13.332 14.4775 13.4492C14.208 13.5664 13.9238 13.625 13.625 13.625H11.2871L8.42188 16.8154C8.31055 16.9385 8.16992 17 8 17C7.83008 17 7.68945 16.9385 7.57812 16.8154L4.71289 13.625ZM14.75 11.375V2.375C14.75 2.22266 14.7207 2.0791 14.6621 1.94434C14.6035 1.80371 14.5215 1.68359 14.416 1.58398C14.3164 1.47852 14.1963 1.39648 14.0557 1.33789C13.9209 1.2793 13.7773 1.25 13.625 1.25H2.375C2.2168 1.25 2.07031 1.2793 1.93555 1.33789C1.80078 1.39648 1.68066 1.47852 1.5752 1.58398C1.47559 1.68359 1.39648 1.80078 1.33789 1.93555C1.2793 2.07031 1.25 2.2168 1.25 2.375V11.375C1.25 11.5332 1.2793 11.6826 1.33789 11.8232C1.39648 11.958 1.47559 12.0752 1.5752 12.1748C1.6748 12.2744 1.79199 12.3535 1.92676 12.4121C2.06738 12.4707 2.2168 12.5 2.375 12.5H4.95898C5.04102 12.5 5.11719 12.5146 5.1875 12.5439C5.26367 12.5732 5.32812 12.6201 5.38086 12.6846L8 15.5938L10.6191 12.6846C10.6719 12.6201 10.7334 12.5732 10.8037 12.5439C10.8799 12.5146 10.959 12.5 11.041 12.5H13.625C13.7832 12.5 13.9297 12.4707 14.0645 12.4121C14.1992 12.3535 14.3164 12.2744 14.416 12.1748C14.5215 12.0693 14.6035 11.9492 14.6621 11.8145C14.7207 11.6797 14.75 11.5332 14.75 11.375Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/configuration/images/icons/package.svg b/windows/configuration/images/icons/package.svg
deleted file mode 100644
index 99c1148922..0000000000
--- a/windows/configuration/images/icons/package.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="16" height="18" viewBox="0 0 16 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M12.5703 1.125C13.0098 1.125 13.4287 1.21582 13.8271 1.39746C14.2314 1.57324 14.583 1.81348 14.8818 2.11816C15.1865 2.41699 15.4268 2.76855 15.6025 3.17285C15.7842 3.57129 15.875 3.99023 15.875 4.42969V7.3125C15.875 7.46484 15.8193 7.59668 15.708 7.70801C15.5967 7.81934 15.4648 7.875 15.3125 7.875C15.1602 7.875 15.0283 7.81934 14.917 7.70801C14.8057 7.59668 14.75 7.46484 14.75 7.3125V4.45605C14.75 4.16309 14.6885 3.88477 14.5654 3.62109C14.4482 3.35156 14.2871 3.11719 14.082 2.91797C13.8828 2.71289 13.6484 2.55176 13.3789 2.43457C13.1152 2.31152 12.8369 2.25 12.5439 2.25H2.04102C2.13477 2.33789 2.21387 2.41992 2.27832 2.49609C2.34277 2.57227 2.375 2.67773 2.375 2.8125C2.375 2.96484 2.31934 3.09668 2.20801 3.20801C2.09668 3.31934 1.96484 3.375 1.8125 3.375C1.66016 3.375 1.52832 3.31934 1.41699 3.20801L0.291992 2.08301C0.180664 1.97168 0.125 1.83984 0.125 1.6875C0.125 1.53516 0.180664 1.40332 0.291992 1.29199L1.41699 0.166992C1.52832 0.0556641 1.66016 0 1.8125 0C1.96484 0 2.09668 0.0556641 2.20801 0.166992C2.31934 0.27832 2.375 0.410156 2.375 0.5625C2.375 0.697266 2.33984 0.802734 2.26953 0.878906C2.20508 0.955078 2.12891 1.03711 2.04102 1.125H12.5703ZM12.0693 9C12.0693 9.14062 12.1338 9.2666 12.2627 9.37793C12.3975 9.48926 12.5439 9.60645 12.7021 9.72949C12.8662 9.84668 13.0127 9.98145 13.1416 10.1338C13.2764 10.2803 13.3438 10.4619 13.3438 10.6787C13.3438 10.8018 13.3057 10.9541 13.2295 11.1357C13.1592 11.3115 13.0713 11.4902 12.9658 11.6719C12.8662 11.8477 12.7607 12.0176 12.6494 12.1816C12.5381 12.3457 12.4414 12.4746 12.3594 12.5684C12.1777 12.7852 11.9463 12.8936 11.665 12.8936C11.5479 12.8936 11.4219 12.8701 11.2871 12.8232C11.1582 12.7764 11.0293 12.7266 10.9004 12.6738C10.7773 12.6211 10.6572 12.5713 10.54 12.5244C10.4287 12.4775 10.3291 12.4541 10.2412 12.4541C10.1533 12.4541 10.083 12.4717 10.0303 12.5068C9.97754 12.542 9.93359 12.5859 9.89844 12.6387C9.86914 12.6914 9.8457 12.7529 9.82812 12.8232C9.81641 12.8877 9.80469 12.9551 9.79297 13.0254L9.64355 13.8252C9.6084 14.0244 9.53516 14.1797 9.42383 14.291C9.3125 14.3965 9.18066 14.4756 9.02832 14.5283C8.87598 14.5752 8.71191 14.6045 8.53613 14.6162C8.36621 14.6221 8.20215 14.625 8.04395 14.625H8C7.8418 14.625 7.67188 14.6221 7.49023 14.6162C7.30859 14.6045 7.13867 14.5723 6.98047 14.5195C6.82227 14.4668 6.68457 14.3848 6.56738 14.2734C6.4502 14.1621 6.37402 14.0068 6.33887 13.8076L6.16309 12.7881C6.15137 12.7061 6.10742 12.6299 6.03125 12.5596C5.96094 12.4893 5.88184 12.4541 5.79395 12.4541C5.67676 12.4541 5.55664 12.4775 5.43359 12.5244C5.31641 12.5654 5.19629 12.6152 5.07324 12.6738C4.9502 12.7266 4.82422 12.7764 4.69531 12.8232C4.56641 12.8643 4.44043 12.8848 4.31738 12.8848C4.02441 12.8848 3.79004 12.7764 3.61426 12.5596C3.53223 12.4658 3.43555 12.3398 3.32422 12.1816C3.21875 12.0176 3.11621 11.8447 3.0166 11.6631C2.92285 11.4814 2.84082 11.3027 2.77051 11.127C2.7002 10.9512 2.66504 10.7988 2.66504 10.6699C2.66504 10.4414 2.72949 10.2539 2.8584 10.1074C2.99316 9.95508 3.13965 9.82324 3.29785 9.71191C3.45605 9.59473 3.59961 9.4834 3.72852 9.37793C3.86328 9.27246 3.93066 9.14648 3.93066 9C3.93066 8.85352 3.86328 8.72754 3.72852 8.62207C3.59961 8.51074 3.45312 8.39648 3.28906 8.2793C3.13086 8.16211 2.98438 8.03027 2.84961 7.88379C2.7207 7.73145 2.65625 7.54395 2.65625 7.32129C2.65625 7.19238 2.69141 7.04004 2.76172 6.86426C2.83789 6.68848 2.92578 6.5127 3.02539 6.33691C3.13086 6.15527 3.23926 5.98535 3.35059 5.82715C3.46191 5.66309 3.55859 5.53125 3.64062 5.43164C3.82227 5.21484 4.05371 5.10645 4.33496 5.10645C4.45215 5.10645 4.5752 5.12988 4.7041 5.17676C4.83301 5.21777 4.95898 5.26758 5.08203 5.32617C5.20508 5.37891 5.32227 5.42871 5.43359 5.47559C5.55078 5.5166 5.65625 5.53711 5.75 5.53711C5.87305 5.53711 5.9668 5.50488 6.03125 5.44043C6.0957 5.37012 6.14258 5.28223 6.17188 5.17676C6.20703 5.07129 6.23047 4.95117 6.24219 4.81641C6.25977 4.68164 6.28027 4.54687 6.30371 4.41211C6.32715 4.27148 6.35938 4.13965 6.40039 4.0166C6.44727 3.8877 6.51758 3.77637 6.61133 3.68262C6.68164 3.6123 6.7666 3.55664 6.86621 3.51562C6.97168 3.47461 7.08008 3.44531 7.19141 3.42773C7.30859 3.4043 7.42578 3.38965 7.54297 3.38379C7.66602 3.37793 7.78027 3.375 7.88574 3.375H8.01758C8.17578 3.375 8.34277 3.38086 8.51855 3.39258C8.7002 3.39844 8.87012 3.42773 9.02832 3.48047C9.18652 3.5332 9.32129 3.61523 9.43262 3.72656C9.5498 3.83789 9.62598 3.99316 9.66113 4.19238L9.83691 5.21191C9.85449 5.31738 9.90137 5.39941 9.97754 5.45801C10.0596 5.51074 10.1504 5.53711 10.25 5.53711C10.3496 5.53711 10.458 5.5166 10.5752 5.47559C10.6924 5.42871 10.8125 5.37891 10.9355 5.32617C11.0586 5.26758 11.1816 5.21777 11.3047 5.17676C11.4336 5.12988 11.5566 5.10645 11.6738 5.10645C11.8086 5.10645 11.9375 5.13574 12.0605 5.19434C12.1895 5.25293 12.2949 5.33496 12.377 5.44043C12.459 5.54004 12.5527 5.67187 12.6582 5.83594C12.7695 5.99414 12.875 6.16406 12.9746 6.3457C13.0742 6.52148 13.1592 6.69727 13.2295 6.87305C13.2998 7.04883 13.335 7.20117 13.335 7.33008C13.335 7.55859 13.2676 7.74902 13.1328 7.90137C13.0039 8.04785 12.8604 8.17969 12.7021 8.29688C12.5439 8.4082 12.3975 8.5166 12.2627 8.62207C12.1338 8.72754 12.0693 8.85352 12.0693 9ZM10.9443 9C10.9443 8.7832 10.9795 8.5957 11.0498 8.4375C11.1201 8.27344 11.2109 8.12695 11.3223 7.99805C11.4395 7.86328 11.5713 7.74023 11.7178 7.62891C11.8701 7.51172 12.0225 7.38867 12.1748 7.25977C12.0986 7.08398 12.0137 6.91406 11.9199 6.75C11.8262 6.58594 11.7207 6.42773 11.6035 6.27539C11.3926 6.35156 11.1699 6.43652 10.9355 6.53027C10.7012 6.62402 10.4668 6.6709 10.2324 6.6709C10.0918 6.6709 9.95996 6.65332 9.83691 6.61816C9.71973 6.58301 9.59961 6.53027 9.47656 6.45996C9.2832 6.34863 9.13379 6.22559 9.02832 6.09082C8.92285 5.9502 8.84375 5.80078 8.79102 5.64258C8.73828 5.47852 8.69727 5.30566 8.66797 5.12402C8.64453 4.93652 8.61523 4.74023 8.58008 4.53516C8.48633 4.52344 8.39258 4.51465 8.29883 4.50879C8.20508 4.50293 8.1084 4.5 8.00879 4.5C7.90918 4.5 7.8125 4.50293 7.71875 4.50879C7.625 4.51465 7.53125 4.52344 7.4375 4.53516C7.39648 4.74023 7.36133 4.93359 7.33203 5.11523C7.30859 5.29688 7.26758 5.46973 7.20898 5.63379C7.15625 5.79199 7.07715 5.94141 6.97168 6.08203C6.86621 6.22266 6.7168 6.34863 6.52344 6.45996C6.40039 6.53613 6.28027 6.5918 6.16309 6.62695C6.0459 6.65625 5.91406 6.6709 5.76758 6.6709C5.5332 6.6709 5.29883 6.62402 5.06445 6.53027C4.83594 6.43652 4.61621 6.34863 4.40527 6.2666C4.18262 6.56543 3.98926 6.89355 3.8252 7.25098C3.97754 7.37988 4.12695 7.50293 4.27344 7.62012C4.42578 7.7373 4.55762 7.86328 4.66895 7.99805C4.78613 8.12695 4.87988 8.27344 4.9502 8.4375C5.02051 8.5957 5.05566 8.7832 5.05566 9C5.05566 9.2168 5.02051 9.40723 4.9502 9.57129C4.87988 9.72949 4.78613 9.87598 4.66895 10.0107C4.55762 10.1396 4.42578 10.2627 4.27344 10.3799C4.12695 10.4912 3.97754 10.6113 3.8252 10.7402C3.90137 10.916 3.98633 11.0859 4.08008 11.25C4.17383 11.4141 4.2793 11.5723 4.39648 11.7246C4.60156 11.6484 4.81836 11.5635 5.04688 11.4697C5.28125 11.376 5.5127 11.3291 5.74121 11.3291C5.92871 11.3291 6.10742 11.3613 6.27734 11.4258C6.44727 11.4844 6.59961 11.5723 6.73438 11.6895C6.86914 11.8008 6.9834 11.9355 7.07715 12.0938C7.1709 12.2461 7.23535 12.4131 7.27051 12.5947L7.41992 13.4648C7.51953 13.4766 7.61328 13.4854 7.70117 13.4912C7.79492 13.4971 7.8916 13.5 7.99121 13.5C8.09082 13.5 8.1875 13.4971 8.28125 13.4912C8.375 13.4854 8.47168 13.4766 8.57129 13.4648C8.60059 13.2891 8.62695 13.1162 8.65039 12.9463C8.67969 12.7705 8.71777 12.6035 8.76465 12.4453C8.81738 12.2812 8.8877 12.1289 8.97559 11.9883C9.06934 11.8418 9.19531 11.7158 9.35352 11.6104C9.48828 11.5225 9.62891 11.4551 9.77539 11.4082C9.92773 11.3555 10.083 11.3291 10.2412 11.3291C10.3467 11.3291 10.458 11.3438 10.5752 11.373C10.6924 11.4023 10.8096 11.4375 10.9268 11.4785C11.0439 11.5195 11.1582 11.5635 11.2695 11.6104C11.3867 11.6572 11.4951 11.6982 11.5947 11.7334C11.8174 11.4346 12.0107 11.1064 12.1748 10.749C12.0225 10.6201 11.8701 10.4971 11.7178 10.3799C11.5713 10.2627 11.4395 10.1396 11.3223 10.0107C11.2109 9.87598 11.1201 9.72949 11.0498 9.57129C10.9795 9.41309 10.9443 9.22266 10.9443 9ZM9.125 9C9.125 9.1582 9.0957 9.30469 9.03711 9.43945C8.97852 9.57422 8.89648 9.69434 8.79102 9.7998C8.69141 9.89941 8.57422 9.97852 8.43945 10.0371C8.30469 10.0957 8.1582 10.125 8 10.125C7.8418 10.125 7.69238 10.0957 7.55176 10.0371C7.41699 9.97852 7.2998 9.89941 7.2002 9.7998C7.10059 9.7002 7.02148 9.58301 6.96289 9.44824C6.9043 9.30762 6.875 9.1582 6.875 9C6.875 8.8418 6.9043 8.69531 6.96289 8.56055C7.02148 8.42578 7.10059 8.30859 7.2002 8.20898C7.30566 8.10352 7.42578 8.02148 7.56055 7.96289C7.69531 7.9043 7.8418 7.875 8 7.875C8.15234 7.875 8.2959 7.9043 8.43066 7.96289C8.57129 8.02148 8.69141 8.10352 8.79102 8.20898C8.89648 8.30859 8.97852 8.42871 9.03711 8.56934C9.0957 8.7041 9.125 8.84766 9.125 9ZM15.875 16.3125C15.875 16.4648 15.8193 16.5967 15.708 16.708L14.583 17.833C14.4717 17.9443 14.3398 18 14.1875 18C14.0352 18 13.9033 17.9443 13.792 17.833C13.6807 17.7217 13.625 17.5898 13.625 17.4375C13.625 17.3027 13.6572 17.1973 13.7217 17.1211C13.792 17.0449 13.8711 16.9629 13.959 16.875H3.42969C2.99023 16.875 2.56836 16.7871 2.16406 16.6113C1.76562 16.4297 1.41406 16.1895 1.10938 15.8906C0.810547 15.5859 0.570312 15.2344 0.388672 14.8359C0.212891 14.4316 0.125 14.0098 0.125 13.5703V10.6875C0.125 10.5352 0.180664 10.4033 0.291992 10.292C0.40332 10.1807 0.535156 10.125 0.6875 10.125C0.839844 10.125 0.97168 10.1807 1.08301 10.292C1.19434 10.4033 1.25 10.5352 1.25 10.6875V13.5439C1.25 13.8369 1.30859 14.1182 1.42578 14.3877C1.54883 14.6514 1.70996 14.8857 1.90918 15.0908C2.11426 15.29 2.34863 15.4512 2.6123 15.5742C2.88184 15.6914 3.16309 15.75 3.45605 15.75H13.959C13.877 15.668 13.8008 15.5859 13.7305 15.5039C13.6602 15.4219 13.625 15.3164 13.625 15.1875C13.625 15.0352 13.6807 14.9033 13.792 14.792C13.9033 14.6807 14.0352 14.625 14.1875 14.625C14.3398 14.625 14.4717 14.6807 14.583 14.792L15.708 15.917C15.8193 16.0283 15.875 16.1602 15.875 16.3125Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
index 53a0f7861e..dc6121f2d9 100644
--- a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
@@ -2,7 +2,7 @@
 title: Diagnose Provisioning Packages
 description: Diagnose general failures in provisioning.
 ms.topic: troubleshooting
-ms.date: 01/18/2023
+ms.date: 07/09/2024
 ---
 
 # Diagnose Provisioning Packages
@@ -11,22 +11,20 @@ This article helps diagnose common issues with applying provisioning packages. Y
 
 ## Unable to apply power settings
 
-When applying a provisioning package (PPKG) containing power settings, elevated permissions are required. Because elevated permissions are required, power settings applied using the user context after the [initial setup](/windows/configuration/provisioning-packages/provisioning-apply-package#after-initial-setup) results in the error `STATUS_PRIVILEGE_NOT_HELD (HRESULT=0xc0000061)` because an incorrect security context was used.
+When you apply a provisioning package (PPKG) containing power settings, elevated permissions are required. Because elevated permissions are required, power settings applied using the user context after the [initial setup](/windows/configuration/provisioning-packages/provisioning-apply-package#after-initial-setup) results in the error `STATUS_PRIVILEGE_NOT_HELD (HRESULT=0xc0000061)` because an incorrect security context was used.
 
 To apply the power settings successfully with the [correct security context](/windows/win32/services/localsystem-account), place the PPKG in `%WINDIR%/Provisioning/Packages` directory, and reboot the device. For more information, see [Configure power settings](/windows-hardware/customize/power-settings/configure-power-settings).
 
-<a name='unable-to-perform-bulk-enrollment-in-azure-ad'></a>
-
 ## Unable to perform bulk enrollment in Microsoft Entra ID
 
-When [enrolling devices into Microsoft Entra ID using provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400), the bulk token request is rejected, if the user requesting a bulk token isn't authorized to grant application consent. For more information, see [Configure how users consent to applications](/azure/active-directory/manage-apps/configure-user-consent).
+When you [enroll devices into Microsoft Entra ID using provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400), the bulk token request is rejected, if the user requesting a bulk token isn't authorized to grant application consent. For more information, see [Configure how users consent to applications](/azure/active-directory/manage-apps/configure-user-consent).
 
 > [!NOTE]
 > When obtaining the bulk token, you should select "No, sign in to this app only" when prompted for authentication. If you select "OK" instead without also selecting "Allow my organization to manage my device", the bulk token request might be rejected.
 
 ## Unable to apply a multivariant provisioning package
 
-When applying a [multivariant package](/windows/configuration/provisioning-packages/provisioning-multivariant), it might be difficult to diagnose why a certain target didn't get applied. There may have been improperly authored conditions that didn't evaluate as expected.
+When you apply a [multivariant package](/windows/configuration/provisioning-packages/provisioning-multivariant), it might be difficult to diagnose why a certain target didn't get applied. There may be improperly authored conditions that didn't evaluate as expected.
 
 Starting in Windows 11, version 22H2, [MdmDiagnosticsTool](/windows/client-management/diagnose-mdm-failures-in-windows-10) includes multivariant condition values to diagnose problems with multivariant packages to determine why the package wasn't applied.
 
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index a535175bf7..9c82d0c44c 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -2,12 +2,12 @@
 title: Configuration service providers for IT pros
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # Configuration service providers for IT pros
 
-This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows client in their organizations. CSPs expose device configuration settings in Windows client. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Hardware Dev Center](/windows/client-management/mdm/configuration-service-provider-reference).
+This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows client in their organizations. CSPs expose device configuration settings in Windows client. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Configuration Service Provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
 ## What is a CSP?
 
@@ -15,19 +15,15 @@ In the client operating system, a CSP is the interface between configuration set
 
 On the Windows client platform, the management approach for desktop uses CSPs to configure and manage all devices running Windows client.
 
-Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp) contains the settings to create a Wi-Fi profile.
-
-CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
-
-:::image type="content" source="images/policytocsp.png" alt-text="How intune maps to CSP":::
+Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp) contains the settings to create a Wi-Fi profile. CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers.
 
 CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
 
-### Synchronization Markup Language (SyncML)
+## Synchronization Markup Language (SyncML)
 
 The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based SyncML for data exchange between compliant servers and clients. SyncML offers an open standard to use as an alternative to vendor-specific management solutions (such as WMI). The value for enterprises adopting industry standard management protocols is that it allows the management of a broader set of vendor devices using a single platform (such as Microsoft Intune). Device policies, including VPN connection profiles, are delivered to client devices formatted as in SyncML. The target CSP reads this information and applies the necessary configurations.
 
-### The WMI-to-CSP Bridge
+## The WMI-to-CSP Bridge
 
 The WMI-to-CSP Bridge is a component allowing configuration of Windows client CSPs using scripts and traditional enterprise management software, such as Configuration Manager using WMI. The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
 
@@ -37,138 +33,20 @@ The WMI-to-CSP Bridge is a component allowing configuration of Windows client CS
 
 Generally, enterprises rely on Group Policy or MDM to configure and manage devices. For devices running Windows, MDM services use CSPs to configure your devices.
 
-In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried. You can also learn about all of the available configuration settings.
+In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](/windows/client-management/mdm/configuration-service-provider-reference) can help you understand the settings that can be configured or queried. You can also learn about all of the available configuration settings.
 
-### CSPs in Windows Configuration Designer
+## CSPs in Windows Configuration Designer
 
 You can use Windows Configuration Designer to create [provisioning packages](provisioning-packages.md) to apply settings to devices during the out-of-box-experience (OOBE), and after the devices are set up. You can also use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
 
-Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
+Many settings in Windows Configuration Designer display documentation for that setting in the center pane, and include a reference to the CSP if the setting uses one.
 
 :::image type="content" source="images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in ICD.":::
 
 [Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
 
-### CSPs in MDM
+## CSPs in MDM
 
-Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. It might be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
+Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and can't find that capability in your MDM service, contact your MDM provider for assistance. It might be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
-When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](/mem/intune/configuration/custom-settings-configure) to deploy settings. Intune documents [a partial list of settings](/mem/intune/configuration/custom-settings-windows-10) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](/windows/client-management/mdm/configuration-service-provider-reference) to locate that information.
-
-### CSPs in Lockdown XML
-
-## <a href="" id="bkmk-csp-doc"></a>How do you use the CSP documentation?
-
-All CSPs are documented in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
-
-The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP.
-
-:::image type="content" source="images/csptable.png" alt-text="The CSP reference shows the supported Windows editions":::
-
-The documentation for each CSP follows the same structure. After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format.
-
-The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices' root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
-
-The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
-
-:::image type="content" source="images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access CSP tree.":::
-
-The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
-
-```XML
-./Vendor/MSFT/AssignedAccess/KioskModeApp
-```
-
-When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
-
-:::image type="content" source="images/csp-placeholder.png" alt-text="The placeholder in the CSP tree":::
-
-After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
-
-For example, in the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp), the setting is **KioskModeApp**. The documentation tells you that the value for **KioskModeApp** is a JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app.
-
-The documentation for most CSPs will also include an XML example.
-
-## CSP examples
-
-CSPs provide access to many settings useful to enterprises. This section introduces the CSPs that an enterprise might find useful.
-
-- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
-
-    The Policy CSP enables the enterprise to configure policies on Windows client. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
-
-    Some of the settings available in the Policy CSP include the following:
-
-    - **Accounts**, such as whether a non-Microsoft account can be added to the device.
-    - **Application management**, such as whether only Microsoft Store apps are allowed.
-    - **Bluetooth**, such as the services allowed to use it.
-    - **Browser**, such as restricting InPrivate browsing.
-    - **Connectivity**, such as whether the device can be connected to a computer by USB.
-    - **Defender** (for desktop only), such as day and time to scan.
-    - **Device lock**, such as the type of PIN or password required to unlock the device.
-    - **Experience**, such as allowing Cortana.
-    - **Security**, such as whether provisioning packages are allowed.
-    - **Settings**, such as enabling the user to change VPN settings.
-    - **Start**, such as applying a standard Start layout.
-    - **System**, such as allowing the user to reset the device.
-    - **Text input**, such as allowing the device to send anonymized user text input data samples to Microsoft.
-    - **Update**, such as whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
-    - **WiFi**, such as whether Internet sharing is enabled.
-
-Here is a list of CSPs supported on Windows 10 Enterprise:
-
-- [ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
-- [Application CSP](/windows/client-management/mdm/application-csp)
-- [AppLocker CSP](/windows/client-management/mdm/applocker-csp)
-- [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp)
-- [Bootstrap CSP](/windows/client-management/mdm/bootstrap-csp)
-- [BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
-- [CellularSettings CSP](/windows/client-management/mdm/cellularsettings-csp)
-- [CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
-- [ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
-- [CM\_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
-- [CM\_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
-- [CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
-- [Defender CSP](/windows/client-management/mdm/defender-csp)
-- [DevDetail CSP](/windows/client-management/mdm/devdetail-csp)
-- [DeviceInstanceService CSP](/windows/client-management/mdm/deviceinstanceservice-csp)
-- [DeviceLock CSP](/windows/client-management/mdm/devicelock-csp)
-- [DeviceStatus CSP](/windows/client-management/mdm/devicestatus-csp)
-- [DevInfo CSP](/windows/client-management/mdm/devinfo-csp)
-- [DiagnosticLog CSP](/windows/client-management/mdm/diagnosticlog-csp)
-- [DMAcc CSP](/windows/client-management/mdm/dmacc-csp)
-- [DMClient CSP](/windows/client-management/mdm/dmclient-csp)
-- [Email2 CSP](/windows/client-management/mdm/email2-csp)
-- [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-- [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
-- [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
-- [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp)
-- [EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
-- [FileSystem CSP](/windows/client-management/mdm/filesystem-csp)
-- [HealthAttestation CSP](/windows/client-management/mdm/healthattestation-csp)
-- [HotSpot CSP](/windows/client-management/mdm/hotspot-csp)
-- [Maps CSP](/windows/client-management/mdm/maps-csp)
-- [NAP CSP](/windows/client-management/mdm/filesystem-csp)
-- [NAPDEF CSP](/windows/client-management/mdm/napdef-csp)
-- [NodeCache CSP](https://go.microsoft.com/fwlink/p/?LinkId=723265)
-- [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
-- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
-- [PolicyManager CSP](https://go.microsoft.com/fwlink/p/?LinkId=723418)
-- [Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-- [Proxy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723372)
-- [PXLOGICAL CSP](/windows/client-management/mdm/pxlogical-csp)
-- [Registry CSP](/windows/client-management/mdm/registry-csp)
-- [RemoteFind CSP](/windows/client-management/mdm/remotefind-csp)
-- [RemoteWipe CSP](/windows/client-management/mdm/remotewipe-csp)
-- [Reporting CSP](/windows/client-management/mdm/reporting-csp)
-- [RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
-- [SecurityPolicy CSP](/windows/client-management/mdm/securitypolicy-csp)
-- [Storage CSP](/windows/client-management/mdm/storage-csp)
-- [SUPL CSP](/windows/client-management/mdm/supl-csp)
-- [UnifiedWriteFilter CSP](/windows/client-management/mdm/unifiedwritefilter-csp)
-- [Update CSP](/windows/client-management/mdm/update-csp)
-- [VPN CSP](/windows/client-management/mdm/vpn-csp)
-- [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
-- [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp)
-- [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp)
-- [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
+When a CSP is available but isn't explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](/mem/intune/configuration/custom-settings-configure) to deploy settings. Intune documents [a partial list of settings](/mem/intune/configuration/custom-settings-windows-10) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](/windows/client-management/mdm/configuration-service-provider-reference) to locate that information.
diff --git a/windows/configuration/provisioning-packages/images/ICD.png b/windows/configuration/provisioning-packages/images/ICD.png
index 9cfcb845df..c5525201f1 100644
Binary files a/windows/configuration/provisioning-packages/images/ICD.png and b/windows/configuration/provisioning-packages/images/ICD.png differ
diff --git a/windows/configuration/provisioning-packages/images/csp-placeholder.png b/windows/configuration/provisioning-packages/images/csp-placeholder.png
deleted file mode 100644
index fe6bcf4720..0000000000
Binary files a/windows/configuration/provisioning-packages/images/csp-placeholder.png and /dev/null differ
diff --git a/windows/configuration/provisioning-packages/images/csptable.png b/windows/configuration/provisioning-packages/images/csptable.png
deleted file mode 100644
index ee210cad69..0000000000
Binary files a/windows/configuration/provisioning-packages/images/csptable.png and /dev/null differ
diff --git a/windows/configuration/provisioning-packages/images/icd-simple-edit.png b/windows/configuration/provisioning-packages/images/icd-simple-edit.png
deleted file mode 100644
index 3608dc18f3..0000000000
Binary files a/windows/configuration/provisioning-packages/images/icd-simple-edit.png and /dev/null differ
diff --git a/windows/configuration/provisioning-packages/images/policytocsp.png b/windows/configuration/provisioning-packages/images/policytocsp.png
deleted file mode 100644
index 80ca76cb62..0000000000
Binary files a/windows/configuration/provisioning-packages/images/policytocsp.png and /dev/null differ
diff --git a/windows/configuration/provisioning-packages/images/provisioning-csp-assignedaccess.png b/windows/configuration/provisioning-packages/images/provisioning-csp-assignedaccess.png
deleted file mode 100644
index 14d49cdd89..0000000000
Binary files a/windows/configuration/provisioning-packages/images/provisioning-csp-assignedaccess.png and /dev/null differ
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 97dec0c215..80c1a38048 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,63 +1,47 @@
 ---
-title: Provision PCs with common settings
-description: Create a provisioning package to apply common settings to a PC running Windows 10.
+title: Create a provisioning package (desktop wizard)
+description: Create a provisioning package to apply common settings to a PC running Windows.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
-# Provision PCs with common settings for initial deployment (desktop wizard)
+# Create a provisioning package (desktop wizard)
 
-This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows client except Home.
+This article explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows client except Home. You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
 
-You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
+The following wizard options provide a simple interface for configuring common settings for desktop and kiosk devices:
 
-## Advantages
+- [Instructions for the desktop wizard](#start-a-new-project)
+- [Instructions for the kiosk wizard](../assigned-access/overview.md)
+- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#provisioning-package-hololens-wizard)
+- [Instructions for the Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
 
-- You can configure new devices without reimaging
-- Works on desktop devices
-- No network connectivity required
-- Simple to apply
-
-[Learn more about the benefits and uses of provisioning packages.](provisioning-packages.md)
-
-## What does the desktop wizard do?
-
-The desktop wizard helps you configure the following settings in a provisioning package:
+In this example, we use the **Provision desktop devices** option which helps you configure the following settings in a provisioning package:
 
 - Set device name
 - Upgrade product edition
 - Configure the device for shared use
-- Remove pre-installed software
+- Remove preinstalled software
 - Configure Wi-Fi network
 - Enroll device in Active Directory or Microsoft Entra ID
 - Create local administrator account
 - Add applications and certificates
 
->[!WARNING]
->You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
+> [IMPORTANT]
+> You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
 
-Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
+## Start a new project
 
-> [!TIP]
-> Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
->
-> :::image type="content" source="images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor.":::
+1. Open Windows Configuration Designer: From either the Start menu or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut.
 
-## Create the provisioning package
-
-Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
-
-1. Open Windows Configuration Designer (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
-
-1. Click **Provision desktop devices**.
+1. Select **Provision desktop devices**.
 
     :::image type="content" source="images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options.":::
 
-1. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps.
+1. Name your project and select **Finish**. The pages for desktop provisioning walk you through the following steps.
 
     :::image type="content" source="images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning.":::
 
-
 > [!IMPORTANT]
 > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
@@ -74,6 +58,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
     - **Configure devices for shared use**: Select **Yes** or **No** to optimize the Windows client for shared use scenarios.
     - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
 
+    > [!NOTE]
+    > To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
+
 1. Set up the network:
 
     :::image type="content" source="images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
@@ -81,7 +68,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
     If you want to enable network setup, select **Set up network**, and configure the following settings:
 
     - **Set up network**: To enable wireless connectivity, select **On**.
-    - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
+    - **Network SSID**: Enter the Service Set Identifier (SSID) of the network.
     - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
 
 1. Enable account management:
@@ -91,10 +78,11 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
     If you want to enable account management, select **Account Management**, and configure the following settings:
 
     - **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
+
       - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
       - **Microsoft Entra ID**: Before you use a Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment, [set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Microsoft Entra tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
 
-        If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Microsoft Entra ID, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+        If you select this option, enter a friendly name for the bulk token retrieved using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Microsoft Entra ID, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
 
         You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
 
@@ -123,6 +111,11 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     - **Protect your package**: Select **Yes** or **No** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
-After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
+After you're done, select **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
 
- **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
+## Next steps
+
+> [!div class="nextstepaction"]
+> Learn more about applying a provisioning package:
+>
+> [Apply a provisioning package](provisioning-apply-package.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index fd7134875e..3ffeaa9b73 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -2,21 +2,21 @@
 title: Provision PCs with apps
 description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # Provision PCs with apps
 
 You can install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. This article explains the various settings in [Windows Configuration Designer](provisioning-install-icd.md) for app install.
 
-When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
+When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#add-a-windows-desktop-application-using-advanced-editor).
 
->[!IMPORTANT]
->If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Client, and Visio Pro for Microsoft 365 Apps for enterprise). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Microsoft 365 Apps for enterprise 2016 apps using Microsoft Intune.](/intune/apps-add-office365)
+> [!IMPORTANT]
+> If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise. Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to add Microsoft 365 Apps to Windows devices with Microsoft Intune.](/intune/apps-add-office365)
 
 ## Settings for UWP apps
 
-- **License Path**: Specify the license file if it is an app from the Microsoft Store. This is optional if you have a certificate for the app.
+- **License Path**: Specify the license file if it's an app from the Microsoft Store. This is optional if you have a certificate for the app.
 - **Package family name**: Specify the package family name if you don't specify a license. This field will be autopopulated after you specify a license.
 - **Required appx dependencies**: Specify the appx dependency packages that are required for the installation of the app
 
@@ -24,32 +24,23 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 ### MSI installer
 
+- **Command line arguments**: Optionally, append more command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#extract-from-a-cab-example).
+
 > [!NOTE]
 > You can find more information about command-line options for Msiexec.exe [here](/windows/win32/msi/command-line-options).
 
-- **Command line arguments**: Optionally, append more command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE
-
-- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
-
-- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
-
-- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
-
 ### Exe or other installer
 
 - **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append more flags
-
-- **Return Codes**: Specify the return codes for success and success with restart (0 and 3010 by default respectively) Any return code that is not listed will be interpreted as failure. The text boxes are space delimited.
-
+- **Return Codes**: Specify the return codes for success and success with restart (0 and 3010 by default respectively) Any return code that isn't listed is interpreted as failure. The text boxes are space delimited.
 - **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
-
 - **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#extract-from-a-cab-example).
 
-- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
-
-<span id="adv" />
-
-## Add a Windows desktop application using advanced editor in Windows Configuration Designer
+## Add a Windows desktop application using advanced editor
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **PrimaryContext** > **Command**.
 
@@ -61,50 +52,32 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
     ![enter settings for first app.](images/wcd-app-commands.png)
 
-## Add a universal app to your package
+## Add a universal app to your package using advanced editor
 
-Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Microsoft Store for Business apps that you acquire with [offline licensing](/microsoft-store/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Microsoft Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
+Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Microsoft Store for Business apps that you acquire with [offline licensing](/microsoft-store/acquire-apps-windows-store-for-business), or non-Microsoft apps. This procedure assumes you're distributing apps from the Microsoft Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**.
-
 1. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
-
 1. For **ApplicationFile**, select **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
-
 1. For **DependencyAppxFiles**, select **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page.
-
 1. For **DeviceContextAppLicense**, enter the **LicenseProductID**.
-
     - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page.
-
-
-
     - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and select **Add**.
-
-
 1. In the **Available customizations** pane, select the **LicenseProductId** that you just added.
-
 1. For **LicenseInstall**, select **Browse**, navigate to the license file that you renamed *\<file name>*.**ms-windows-store-license**, and select the license file.
 
 [Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
 
-> [!NOTE]
+> [!IMPORTANT]
 > Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
 
-
-
 ## Add a certificate to your package
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**.
-
 1. Enter a **CertificateName** and then select **Add**.
-
 1. Enter the **CertificatePassword**.
-
 1. For **CertificatePath**, browse and select the certificate to be used.
-
 1. Set **ExportCertificate** to **False**.
-
 1. For **KeyLocation**, select **Software only**.
 
 ## Add other settings to your package
@@ -113,15 +86,15 @@ For details about the settings you can customize in provisioning packages, see [
 
 ## Build your package
 
-1. When you are done configuring the provisioning package, on the **File** menu, select **Save**.
+1. After you configure the provisioning package, on the **File** menu, select **Save**.
 
 1. Read the warning that project files may contain sensitive information, and select **OK**.
 
-    When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location, and delete the project files when they're no longer needed.
+    When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files aren't encrypted. Store the project files in a secure location, and delete the project files when they're no longer needed.
 
 1. On the **Export** menu, select **Provisioning package**.
 
-1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+1. Change **Owner** to **IT Admin**, which sets the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 
 1. Set a value for **Package Version**.
 
@@ -130,51 +103,33 @@ For details about the settings you can customize in provisioning packages, see [
 
 1. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
 
-   - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
-
+   - **Enable package encryption** - If you select this option, an autogenerated password is shown on the screen.
    - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select...** and choosing the certificate you want to use to sign the package.
 
     > [!TIP]
     > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store. Any package signed with that certificate can be applied silently.
 
-1. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
-   Optionally, you can select **Browse** to change the default output location.
+1. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location. Optionally, you can select **Browse** to change the default output location.
 
 1. Select **Next**.
 
-1. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.<p>
-   If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+1. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
 
-1. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.<p>
-    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+1. If your build fails, an error message shows up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. If your build is successful, the name of the provisioning package, output directory, and project directory is shown.
 
     - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
-
-
-    - If you are done, select **Finish** to close the wizard and go back to the **Customizations Page**.
+    - If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
 
 1. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
 
     - Shared network folder
-
     - SharePoint site
-
     - Removable media (USB/SD)
-
     - Email
 
-**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
+## Next steps
 
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about applying a provisioning package:
+>
+> [Apply a provisioning package](provisioning-apply-package.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 2f8bb266e1..a5e44cee63 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -2,7 +2,7 @@
 title: Apply a provisioning package
 description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # Apply a provisioning package
@@ -13,22 +13,20 @@ Provisioning packages can be applied to a device during initial setup (out-of-bo
 >
 > - Applying a provisioning package to a desktop device requires administrator privileges on the device.
 > - You can interrupt a long-running provisioning process by pressing ESC.
-
-> [!TIP]
-> In addition to the following methods, you can use the PowerShell cmdlet [Install-ProvisioningPackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
+> - In addition to the following methods, you can use the PowerShell cmdlet [Install-ProvisioningPackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
 
 ## During initial setup
 
 To apply a provisioning package from a USB drive during initial setup:
 
-1. Start with a device on the initial setup screen. If the device has gone past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
+1. Start with a device on the initial setup screen. If the device goes past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
 
    :::image type="content" source="images/oobe.png" alt-text="The first screen when setting up a new PC.":::
 
 1. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
 
    - If there's only one provisioning package on the USB drive, the provisioning package is applied. See step 5.
-   - If there's more than one provisioning package on the USB drive, Windows setup recognizes the drive and ask how you want to provision the device. Select **Install provisioning package** and select **Next**.
+   - If there's more than one provisioning package on the USB drive, Windows setup recognizes the drive and asks how you want to provision the device. Select **Install provisioning package** and select **Next**.
 
    :::image type="content" source="images/provisioning-oobe-choice.png" alt-text="What would you like to do?":::
 
@@ -36,11 +34,11 @@ To apply a provisioning package from a USB drive during initial setup:
 
     :::image type="content" source="images/provisioning-oobe-choose-package.png" alt-text="Choose a package.":::
 
-1. The selected provisioning package will install and apply to the device.
+1. The selected provisioning package is applied to the device.
 
    :::image type="content" source="images/provisioning-oobe-installing.png" alt-text="Setting up your PC.":::
 
-1. Wait for the device to load and begin applying the provisioning package. Once you see "You can remove your removable media now!" you can remove your USB drive. Windows will continue provisioning the device.
+1. Wait for the device to load and begin applying the provisioning package. After you see "You can remove your removable media now!" you can remove your USB drive. Windows continues to provision the device.
 
 ## After initial setup
 
@@ -60,7 +58,7 @@ Provisioning packages can be applied after initial setup through Windows setting
 
    :::image type="content" source="images/provisioning-runtime-add-package.png" alt-text="Select and add a package.":::
 
-1. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you're installing before accepting the UAC prompt. Select **Yes**.
+1. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you're installing before accepting the User Account Control (UAC) prompt. Select **Yes**.
 
    :::image type="content" source="images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
 
@@ -83,16 +81,3 @@ To apply a provisioning package directly, such as from a USB drive, folder, netw
 1. The provisioning runtime asks if the package is from a source you trust. Verify that you're applying the correct package and that it's trusted. Select **Yes, add it**.
 
    :::image type="content" source="images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 12a10ae502..5ff3a5cf1d 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,20 +1,17 @@
 ---
 title: Windows Configuration Designer command line interface
-description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command line interface for Windows10/11 client devices.
+description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command line interface for Windows devices.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
-# Windows Configuration Designer command line interface (reference)
+# Windows Configuration Designer command line interface
 
 You can use the Windows Configuration Designer command line interface (CLI) to automate the building of provisioning packages.
 
 - IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
-
 - You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
 
-
-
 ## Syntax
 
 ``` cmd
@@ -29,25 +26,9 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:
 | Switch | Required? | Arguments |
 | --- | --- | --- |
 | /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
-| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
+| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package is saved. |
 | /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions is loaded by Windows Configuration Designer.</br></br></br>**Important**  If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
 | /Variables | No | Specifies a semicolon separated `<name>` and `<value>` macro pair. The format for the argument must be `<name>=<value>`. |
 | Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output. <br></br>Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
 | Overwrite | No | Denotes whether to overwrite an existing provisioning package. </br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
 | /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
-
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 0824710f19..b239dfb3d5 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,16 +1,14 @@
 ---
-title: Create a provisioning package
-description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
+title: Create a provisioning package (advanced)
+description: Learn how to create a provisioning package for Windows, which lets you quickly configure a device without having to install a new image.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
-# Create a provisioning package
+# Create a provisioning package (advanced)
 
 You can use Windows Configuration Designer to create a provisioning package (`.ppkg`) that contains customization settings, and then apply the provisioning package to a device running Windows client.
 
->[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
-
 > [!TIP]
 > We recommend creating a local admin account when you develop and test your provisioning package. We also recommend using a *least privileged* domain user account to join devices to the Active Directory domain.
 
@@ -18,29 +16,14 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
 
 1. Open Windows Configuration Designer: From either the Start menu or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut.
 
-1. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
+1. Select **Advanced provisioning** on the start page, which offers multiple options for creating a provisioning package, as shown in the following image:
 
     ![Configuration Designer wizards.](images/icd-create-options-1703.png)
 
-    - The following wizard options provide a simple interface for configuring common settings for desktop and kiosk devices:
-
-        - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-        - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
-        - [Instructions for HoloLens wizard](/hololens/hololens-provisioning)
-        - [Instructions for Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
-
-      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
-
-
-      >[!NOTE]
-      >To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
-
-    - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
-
-        >[!TIP]
-        > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
-        >
-        > ![Switch to advanced editor.](images/icd-switch.png)
+    > [!TIP]
+    > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
+    >
+    > ![Switch to advanced editor.](images/icd-switch.png)
 
 1. Enter a name for your project, and then select **Next**.
 
@@ -48,7 +31,7 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
 
     | Windows edition | Settings available for customization | Provisioning package can apply to |
     |---|---|---|
-    |  All Windows editions | Common settings  | All Windows client devices |
+    | All Windows editions | Common settings  | All Windows client devices |
     | All Windows desktop editions    |    Common settings and settings specific to desktop devices |  All Windows client desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) |
     | Windows 10 IoT Core        |  Common settings and settings specific to Windows 10 IoT Core   | All Windows 10 IoT Core devices |
     | Windows 10 Holographic       | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](/hololens/hololens-provisioning) |
@@ -67,7 +50,10 @@ For an advanced provisioning project, Windows Configuration Designer opens the *
 
 ![What the ICD interface looks like.](images/icd-runtime.png)
 
-The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](./how-it-pros-can-use-configuration-service-providers.md).
+The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](how-it-pros-can-use-configuration-service-providers.md).
+
+> [!NOTE]
+> To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
 
 The process for configuring settings is similar for all settings. The following table shows an example.
 
@@ -83,11 +69,11 @@ The process for configuring settings is similar for all settings. The following
 
     :::image type="content" source="images/icd-step3.png" alt-text="In Windows Configuration Designer, enter a name for the certificate.":::
 
-1. Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and more settings are displayed:
+1. Some settings, such as this example, require additional information. In **Available customizations**, select the value you created, and more settings are displayed:
 
     :::image type="content" source="images/icd-step4.png" alt-text="In Windows Configuration Designer, additional settings for client certificate are available.":::
 
-1. When the setting is configured, it is displayed in the **Selected customizations** pane:
+1. When the setting is configured, it's displayed in the **Selected customizations** pane:
 
     :::image type="content" source="images/icd-step5.png" alt-text="In Windows Configuration Designer, the selected customizations pane shows your settings.":::
 
@@ -97,27 +83,26 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
  ## Build package
 
-1. After you're done configuring your customizations, select **Export**, and then select **Provisioning Package**.
+1. After you configure your customizations, select **Export**, and then select **Provisioning Package**.
 
     ![Export on top bar.](images/icd-export-menu.png)
 
 1. In the **Describe the provisioning package** window, enter the following information, and then select **Next**:
-    - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
-    - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field.
 
+    - **Name** - This field is prepopulated with the project name. You can change this value by entering a different name in the **Name** field.
+    - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field.
     - **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
     - **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
 
 1. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
 
-   - **Encrypt package** -  If you select this option, an autogenerated password will be shown on the screen.
-   - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
+    - **Encrypt package** -  If you select this option, an autogenerated password is shown on the screen.
+    - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
 
-     >[!NOTE]
-     >You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
-
-     >
-     >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
+    > [!NOTE]
+    > You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
+    >
+    > If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
 
 1. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then select **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
 
@@ -125,29 +110,17 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
     If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations** page.
 
-1. If your build fails, an error message will appear that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+1. If your build fails, an error message appears that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
 
-    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+    If your build is successful, the name of the provisioning package, output directory, and project directory is shown.
 
     If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
 
-1. When you are done, select **Finish** to close the wizard and go back to the **Customizations** page.
+1. When you're done, select **Finish** to close the wizard and go back to the **Customizations** page.
 
-**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
+## Next steps
 
-## Learn more
-
-- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about applying a provisioning package:
+>
+> [Apply a provisioning package](provisioning-apply-package.md)
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 24c02a6557..ec61311214 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,13 +1,13 @@
 ---
-title: How provisioning works in Windows 10/11
+title: How provisioning works in Windows
 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
 ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # How provisioning works in Windows
 
-Provisioning packages in Windows client provide IT administrators with a simplified way to apply configuration settings to Windows client devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from <!-- the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the --> Microsoft Store.
+Provisioning packages in Windows client provide IT administrators with a simplified way to apply configuration settings to Windows client devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from the Microsoft Store.
 
 ## Provisioning packages
 
@@ -30,15 +30,10 @@ You can  use provisioning packages for runtime device provisioning by accessing
 When multiple provisioning packages are available for device provisioning, the combination of package owner type and package rank level defined in the package manifest is used to resolve setting conflicts. The pre-defined package owner types are listed below in the order of lowest to highest owner type precedence:
 
 1. Microsoft
-
 1. Silicon Vendor
-
 1. OEM
-
 1. System Integrator
-
 1. Mobile Operator
-
 1. IT Admin
 
 The valid value range of package rank level is 0 to 99.
@@ -130,16 +125,3 @@ When applying provisioning packages from a removable media attached to the devic
 When applying multiple provisioning packages to a device, the provisioning engine resolves settings with conflicting configuration values from different packages by evaluating the package ranking using the combination of package owner type and package rank level defined in the package metadata. A configuration setting applied from a provisioning package with the highest package ranking will be the final value applied to the device.
 
 After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**.
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 9b572cde75..3b4fddb9b4 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,15 +1,17 @@
 ---
 title: Install Windows Configuration Designer
-description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows.
 ms.topic: how-to
 ms.reviewer: kevinsheehan
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
-# Install Windows Configuration Designer, and learn about any limitations
+# Install Windows Configuration Designer
 
 Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily used by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
 
+On devices running Windows client, you can install [the Windows Configuration Designer app](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
+
 ## Supported platforms
 
 Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, Microsoft Surface Hub, and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
@@ -18,32 +20,22 @@ Windows Configuration Designer can create provisioning packages for Windows clie
 
 - Windows 11
 - Windows 10 - x86 and amd64
-- Windows 8.1 Update - x86 and amd64
-- Windows 8.1 - x86 and amd64
-- Windows 8 - x86 and amd64
-- Windows 7 - x86 and amd64
 
 **Server OS**:
 
+- Windows Server 2022
+- Windows Server 2019
 - Windows Server 2016
-- Windows Server 2012 R2 Update
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
 
->[!WARNING]
->You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
-
-## Install Windows Configuration Designer
-
-On devices running Windows client, you can install [the Windows Configuration Designer app](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
+> [!WARNING]
+> You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
 
 ## Current Windows Configuration Designer limitations
 
-- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens.  You may see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](/troubleshoot/azure/active-directory/enable-support-tls-environment#enable-tls-12-on-client-or-server-operating-systems-).
+- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens. You may see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](/troubleshoot/azure/active-directory/enable-support-tls-environment#enable-tls-12-on-client-or-server-operating-systems-).
 
 
-- Windows Configuration Designer doesn't work properly when the Group Policy setting **Policies** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Zones: Use only machine settings** is enabled. When this policy is set, each step will display oversized buttons that fill the **Windows Configuration Designer** window. Additionally, the various options and descriptions that are normally to the right of the buttons won't be displayed because the buttons take up all of the space in the **Windows Configuration Designer** window. To resolve the problem, run Windows Configuration Designer on a device that doesn't have this policy enabled.
+- Windows Configuration Designer doesn't work properly when the Group Policy setting **Policies** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Zones: Use only machine settings** is enabled. When this policy is set, each step displays oversized buttons that fill the **Windows Configuration Designer** window. Additionally, the various options and descriptions that are normally to the right of the buttons aren't displayed because the buttons take up all of the space in the **Windows Configuration Designer** window. To resolve the problem, run Windows Configuration Designer on a device that doesn't have this policy enabled.
 
 - You can only run one instance of Windows Configuration Designer on your computer at a time.
 
@@ -68,17 +60,10 @@ On devices running Windows client, you can install [the Windows Configuration De
 
 - **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer. Don't use external sources, like network shares or removable drives. Using local files reduces the risk of interrupting the build process from a network issue, or from disconnecting the USB device.
 
-**Next step**: [How to create a provisioning package](provisioning-create-package.md)
+## Next steps
 
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about creating a provisioning package:
+>
+> [Create a provisioning package (desktop wizard)](provision-pcs-for-initial-deployment.md)
+> [Create a provisioning package (advanced)](provisioning-create-package.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 6ecb125be7..01be2943f7 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -2,18 +2,18 @@
 title: Create a provisioning package with multivariant settings
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # Create a provisioning package with multivariant settings
 
-In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese.
+In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that apply to devices set up for French and a different set of customization settings for devices set up for Japanese.
 
 To provision multivariant settings, you use Windows Configuration Designer to create a provisioning package that contains all of the customization settings that you want to apply to any of your devices. Next, you manually edit the .XML file for that project to define each set of devices (a **Target**). For each **Target**, you specify at least one **Condition** with a value, which identifies the devices to receive the configuration. Finally, for each **Target**, you provide the customization settings to be applied to those devices.
 
 Let's begin by learning how to define a **Target**.
 
-## Define a target
+## Target
 
 In the XML file, you provide an **Id**, or friendly name, for each **Target**. Each **Target** is defined by at least one **TargetState** which contains at least one **Condition**. A **Condition** element defines the matching type between the condition and the specified value.
 
@@ -43,9 +43,9 @@ The following table shows the conditions supported in Windows client provisionin
 | PNN | P0 |  Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
 | GID1 | P0 | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
 | ICCID | P0 | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
-| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). |
-| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
-| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
+| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (nonroaming). |
+| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of these values:<br>0 - Empty<br>1 - Ready<br>2 - Locked |
+| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of these values:<br>0 - Slot 0<br>1 - Slot 1 |
 | ProcessorType | P1 | Supported | String | Use to target settings based on the processor type. |
 | ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. |
 | AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
@@ -53,17 +53,16 @@ The following table shows the conditions supported in Windows client provisionin
 | SocIdentifier | P1 | Supported | String | Use to target settings based on the Soc Identifier. Available since 25301 OS build version. |
 | Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
 | Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
-| Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
-| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
+| Region | P1 | Supported | Enumeration | Use to target settings based on region, using the two digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
+| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the two digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
 
 The matching types supported in Windows client are:
 
-| Matching type | Syntax | Example |
-| --- | --- | --- |
-| Straight match | Matching type is specified as-is | &lt;Condition Name="ProcessorName" Value="Barton" /&gt; |
-| Regular expression (Regex) match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
-| Numeric range match | Matching type is prefixed by "!Range:" | &lt;Condition Name="MNC" Value="!Range:400, 550" /&gt; |
-
+| Matching type                     | Syntax                                    | Example                                                                |
+|-----------------------------------|-------------------------------------------|------------------------------------------------------------------------|
+| Straight match                    | Matching type is specified as-is          | `&lt;Condition Name="ProcessorName" Value="Barton" /&gt;`              |
+| Regular expressions (Regex) match | Matching type is prefixed with `Pattern:` | `&lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt;` |
+| Numeric range match               | Matching type is prefixed with `!Range:`  | `&lt;Condition Name="MNC" Value="!Range:400, 550" /&gt;`               |
 
 ### TargetState priorities
 
@@ -76,27 +75,18 @@ Settings that match more than one **TargetState** with equal priority are applie
 The **TargetState** priority is assigned based on the condition's priority (see the [Conditions table](#conditions) for priorities). The priority evaluation rules are as followed:
 
 1. A **TargetState** with P0 conditions is higher than a **TargetState** without P0 conditions.
-
 1. A **TargetState** with both P0 and P1 conditions is higher than a **TargetState** with only P0 conditions.
-
 1. A **TargetState** with a greater number of matched P0 conditions is higher than **TargetState** with fewer matched P0 conditions, regardless of the number of P1 conditions matched.
-
-1. If the number of P0 conditions matched are equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
-
+1. If the number of P0 conditions matched is equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
 1. If both P0 and P1 conditions are equally matched, then the **TargetState** with the greatest total number of matched conditions has highest priority.
 
-
-
 ## Create a provisioning package with multivariant settings
 
 Follow these steps to create a provisioning package with multivariant capabilities.
 
 1. Build a provisioning package and configure the customizations you want to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
-
-1. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
-
+1. After you [configure the settings](provisioning-create-package.md#configure-settings), save the project.
 1. Open the project folder and copy the customizations.xml file to any local location.
-
 1. Use an XML or text editor to open the customizations.xml file.
 
     The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The **Customizations** node of the file contains a **Common** section, which contains the customization settings.
@@ -131,10 +121,9 @@ Follow these steps to create a provisioning package with multivariant capabiliti
 
     ```
 
-1. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings.
-
-    The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
+1. Edit the customizations.xml file to create a **Targets** section to describe the conditions that handle your multivariant settings.
 
+    The following example shows the customizations.xml, which is modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
 
     ```XML
    <?xml version="1.0" encoding="utf-8"?>
@@ -185,18 +174,15 @@ Follow these steps to create a provisioning package with multivariant capabiliti
 1. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
 
     a. Define a child **TargetRefs** element.
-
-
     b. Within the **TargetRefs** element, define a **TargetRef** element. You can define multiple **TargetRef** elements for each **Id** that you need to apply to customized settings.
-
     c. Move compliant settings from the **Common** section to the **Variant** section.
 
     If any of the **TargetRef** elements matches the **Target**, all settings in the **Variant** are applied.
 
-    >[!NOTE]
-    >You can define multiple **Variant** sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
+    > [!NOTE]
+    > You can define multiple **Variant** sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
 
-    The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
+    The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that are applied if the conditions for the variant are met.
 
     ```XML
    <?xml version="1.0" encoding="utf-8"?>
@@ -249,10 +235,9 @@ Follow these steps to create a provisioning package with multivariant capabiliti
        </Customizations>
      </Settings>
    </WindowsCustomizations>
-
     ```
 
-1. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
+1. Save the updated customizations.xml file and note the path to this updated file. You'll need the path as one of the values for the next step.
 
 1. Use the [Windows Configuration Designer command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml.
 
@@ -262,13 +247,10 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     icd.exe /Build-ProvisioningPackage /CustomizationXML:"C:\CustomProject\customizations.xml" /PackagePath:"C:\CustomProject\output.ppkg" /StoreFile:C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\Microsoft-Common-Provisioning.dat"
     ```
 
+In this example, the **StoreFile** corresponds to the location of the settings store that is used to create the package for the required Windows edition.
 
-In this example, the **StoreFile** corresponds to the location of the settings store that will be used to create the package for the required Windows edition.
-
->[!NOTE]
->The provisioning package created during this step will contain the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
-
-
+> [!NOTE]
+> The provisioning package created during this step contains the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
 
 ## Events that trigger provisioning
 
@@ -276,26 +258,11 @@ When you install the multivariant provisioning package on a Windows client devic
 
 The following events trigger provisioning on Windows client devices:
 
-| Event | Windows client for desktop editions |
-| --- | --- |
-| System boot | Supported |
-| Operating system update | Planned |
-| Package installation during device first run experience | Supported |
-| Detection of SIM presence or update | Supported |
-| Package installation at runtime | Supported |
-| Roaming detected | Not supported |
-
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-
+| Event                                                   | Windows client for desktop editions |
+|---------------------------------------------------------|-------------------------------------|
+| System boot                                             | Supported                           |
+| Operating system update                                 | Planned                             |
+| Package installation during device first run experience | Supported                           |
+| Detection of SIM presence or update                     | Supported                           |
+| Package installation at runtime                         | Supported                           |
+| Roaming detected                                        | Not supported                       |
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 050fc24beb..a226b877f3 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,9 +1,9 @@
 ---
 title: Provisioning packages overview
-description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
+description: With Windows, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages are and what they do.
 ms.reviewer: kevinsheehan
 ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 07/08/2024
 ---
 
 # Provisioning packages for Windows
@@ -12,29 +12,17 @@ Windows provisioning makes it easy for IT administrators to configure end-user d
 
 A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 
-Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. It can result in a significant reduction in the time required to configure multiple devices in your organization.
-
-<!-- The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages.-->
+Provisioning packages are simple enough that with a short set of written instructions, a student, or nontechnical users can use them to configure their device. It can result in a significant reduction in the time required to configure multiple devices in your organization.
 
 Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
 
-<!--## New in Windows 10, version 1703-->
-
-<!-- - The tool for creating provisioning packages is renamed Windows Configuration Designer, replacing the Windows Configuration Designer (WCD) tool. The components for creating images have been removed from Windows Configuration Designer, which now provides access to runtime settings only. -->
-<!-- - Windows Configuration Designer can still be installed from the Windows ADK. You can also install it from the Microsoft Store. -->
-<!-- - Windows Configuration Designer adds more wizards to make it easier to create provisioning packages for specific scenarios. See [What you can configure](#configuration-designer-wizards) for wizard descriptions. -->
-<!-- - The  Provision desktop devices wizard (previously called Simple provisioning) now enables joining Azure Active Directory (Azure AD) domains and also allows you to remove non-Microsoft software from Windows desktop devices during provisioning. -->
-<!-- - When provisioning packages are applied to a device, a status screen indicates successful or failed provisioning. -->
-<!-- - Windows 10 includes PowerShell cmdlets that simplify scripted provisioning. Using these cmdlets, you can add provisioning packages, remove provisioning packages and generate log files to investigate provisioning errors.-->
-<!-- - The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the [Setup School PCs app](https://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) from the Microsoft Store. -->
-
 ## Benefits of provisioning packages
 
 Provisioning packages let you:
 
 - Quickly configure a new device without going through the process of installing a new image.
 - Save time by configuring multiple devices using one provisioning package.
-- Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.
+- Quickly configure user-owned devices in an organization without a mobile device management (MDM) infrastructure.
 - Set up a device without the device having network connectivity.
 
 Provisioning packages can be:
@@ -44,57 +32,7 @@ Provisioning packages can be:
 - Downloaded from a network share.
 - Deployed in NFC tags or barcodes.
 
-## What you can configure
-
-### Configuration Designer wizards
-
-The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
-
-| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
-| --- | --- | --- | --- | --- |
-| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✅ | ✅ | ✅ |
-| Set up network | Connect to a Wi-Fi network | ✅ | ✅ | ✅ |
-| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✅ | ✅ | ✅ |
-| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token</br></br> [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✅ | ✅ | ✅ |
-| Add applications | Install applications using the provisioning package.  | ✅ | ✅ | ❌ |
-| Add certificates | Include a certificate file in the provisioning package. | ✅ | ✅ | ✅ |
-| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✅ | ❌ |
-| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✅ | ❌ |
-| Developer Setup | Enable Developer Mode  | ❌ | ❌ | ✅ |
-
-- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
-- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
-
->[!NOTE]
->After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
-
-### Configuration Designer advanced editor
-
-The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
-
-| Customization options |  Examples  |
-|---|---|
-| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
-| Applications  |   Windows apps, line-of-business applications  |
-| Bulk enrollment into MDM  | Automatic enrollment into a third-party MDM service <br/><br/>Using a provisioning package for auto-enrollment to Microsoft Intune isn't supported. To enroll devices, use the Configuration Manager console. |
-| Certificates | Root certification authority (CA), client certificates |
-| Connectivity profiles | Wi-Fi, proxy settings, Email   |
-| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
-| Data assets | Documents, music, videos, pictures  |
-| Start menu customization | Start menu layout, application pinning  |
-| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on  |
-
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
-
-<!-- ## Changes to provisioning in Windows 10, version 1607 -->
-
-<!-- > [!NOTE] -->
-<!-- > This section is retained for customers using Windows 10, version 1607, on the Current Branch for Business. Some of this information is not applicable in Windows 10, version 1701. -->
-
-WCD, simplified common provisioning scenarios.
-
-:::image type="content" source="images/icd.png" alt-text="Configuration Designer options":::
+## Provisioning scenarios
 
 WCD supports the following scenarios for IT administrators:
 
@@ -111,8 +49,54 @@ WCD supports the following scenarios for IT administrators:
   - MobileIron (password-string based enrollment)
   - Other MDMs (cert-based enrollment)
 
-<!--  > [!NOTE] -->
-<!--  > Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](/education/windows/). -->
+> [!NOTE]
+> The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the [Setup School PCs app](https://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) from the Microsoft Store.
+
+:::image type="content" source="images/icd.png" alt-text="Configuration Designer options":::
+
+## What you can configure
+
+Windows Configuration Designer provides the following simple provisioning scenarios:
+
+- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
+- [Instructions for the kiosk wizard](../assigned-access/overview.md)
+- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#provisioning-package-hololens-wizard)
+- [Instructions for the Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
+
+The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
+
+| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
+| --- | --- | --- | --- | --- |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove preinstalled software | ✅ | ✅ | ✅ |
+| Set up network | Connect to a Wi-Fi network | ✅ | ✅ | ✅ |
+| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✅ | ✅ | ✅ |
+| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token</br></br> [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✅ | ✅ | ✅ |
+| Add applications | Install applications using the provisioning package.  | ✅ | ✅ | ❌ |
+| Add certificates | Include a certificate file in the provisioning package. | ✅ | ✅ | ✅ |
+| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✅ | ❌ |
+| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✅ | ❌ |
+| Developer Setup | Enable Developer Mode  | ❌ | ❌ | ✅ |
+
+> [!TIP]
+> After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
+
+## Configuration Designer advanced editor
+
+The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
+
+| Customization options |  Examples  |
+|---|---|
+| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
+| Applications  |   Windows apps, line-of-business applications  |
+| Bulk enrollment into MDM  | Automatic enrollment into a third-party MDM service <br/><br/>Using a provisioning package for autoenrollment to Microsoft Intune isn't supported. To enroll devices, use the Configuration Manager console. |
+| Certificates | Root certification authority (CA), client certificates |
+| Connectivity profiles | Wi-Fi, proxy settings, Email   |
+| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
+| Data assets | Documents, music, videos, pictures  |
+| Start menu customization | Start menu layout, application pinning  |
+| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on  |
+
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Related articles
 
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index e5e7ea6019..d8292d3413 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,17 +1,14 @@
 ---
-title: PowerShell cmdlets for provisioning Windows 10/11
-description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
+title: PowerShell cmdlets for provisioning packages in Windows
+description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows devices.
 ms.topic: conceptual
-
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
-# PowerShell cmdlets for provisioning Windows client (reference)
+# PowerShell cmdlets for provisioning Windows client
 
 Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
 
-## cmdlets
-
 - **Add-ProvisioningPackage**: Applies a provisioning package.
 
   Syntax:
@@ -59,7 +56,7 @@ Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it e
 
   - `Uninstall-TrustedProvisioningCertificate <thumbprint>`
 
->[!NOTE]
+> [!NOTE]
 > You can use Get-Help to get usage help on any command. For example: `Get-Help Add-ProvisioningPackage`
 
 Trace logs are captured when using cmdlets. The following logs are available in the logs folder after the cmdlet completes:
@@ -69,20 +66,5 @@ Trace logs are captured when using cmdlets. The following logs are available in
 - ProvTrace.&lt;timestamp&gt;.TXT - TEXT file containing trace output formatted for easy reading, filtered to only show events logged by providers in the WPRP file
 - ProvLogReport.&lt;timestamp&gt;.XLS - Excel file containing trace output, filtered to only show events logged by providers in WPRP file
 
-
-
->[!NOTE]
->When applying provisioning packages using Powershell cmdlets, the default behavior is to suppress the prompt that appears when applying an unsigned provisioning package. This is by design so that provisioning packages can be applied as part of existing scripts.
-
-## Related articles
-
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
+> [!NOTE]
+> When applying provisioning packages using Powershell cmdlets, the default behavior is to suppress the prompt that appears when applying an unsigned provisioning package. This is by design so that provisioning packages can be applied as part of existing scripts.
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index c9aff98df4..970ed67763 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -1,8 +1,8 @@
 ---
 title: Use a script to install a desktop app in provisioning packages
-description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+description: With Windows, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # Use a script to install a desktop app in provisioning packages
@@ -57,14 +57,14 @@ Create a script to perform whatever work is needed to install the application(s)
 
 You don't need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package).
 
->[!NOTE]
->All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
+> [!NOTE]
 >
->The scripts will be run on the device in system context.
+> - All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
+> - The scripts will be run on the device in system context.
 
 ### Debugging example
 
-Granular logging isn't built in, so the logging must be built into the script itself. Here's an example script that logs 'Hello World' to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you'll see in the following examples, it's recommended that you log each action that your script performs.
+Granular logging isn't built in, so the logging must be built into the script itself. Here's an example script that logs `Hello World` to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you'll see in the following examples, it's recommended that you log each action that your script performs.
 
 ```log
 set LOGFILE=%SystemDrive%\HelloWorld.log
@@ -105,8 +105,6 @@ PsExec.exe -accepteula -i -s cmd.exe /c 'powershell.exe my_powershell_script.ps1
 echo result: %ERRORLEVEL% >> %LOGFILE%
 ```
 
-<span id="cab-extract" />
-
 ### Extract from a .CAB example
 
 This example script shows expansion of a .cab from the provisioning commands script, and installation of the expanded setup.exe
@@ -178,20 +176,14 @@ When you're done, [build the package](provisioning-create-package.md#build-packa
 1. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
 1. The runtime provisioning component will attempt to run the scripts from the provisioning package at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the out of box experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and "please wait" will be displayed on the screen.
 
-    >[!NOTE]
-    >There is a timeout of 30 minutes for the provisioning process at this point. All scripts and installs need to complete within this time.
+    > [!NOTE]
+    > There is a timeout of 30 minutes for the provisioning process at this point. All scripts and installs need to complete within this time.
 
 1. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there's no notification that provisioning or script execution has completed
 
-## Related articles
+## Next steps
 
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about applying a provisioning package:
+>
+> [Apply a provisioning package](provisioning-apply-package.md)
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 6615407051..a4f68379ee 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,19 +1,18 @@
 ---
-title: Uninstall a provisioning package - reverted settings
-description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
+title: Settings changed when you uninstall a provisioning package
+description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows desktop client devices.
 ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 07/09/2024
 ---
 
 # Settings changed when you uninstall a provisioning package
 
-When you uninstall a provisioning package, only certain settings are revertible. This article lists the settings that are reverted when you uninstall a provisioning package.
-
-As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
+When you uninstall a provisioning package, only certain settings are revertible. This article lists the settings that are reverted when you uninstall a provisioning package. As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
 
 When a provisioning package is uninstalled, some of its settings are reverted, which means the value for the setting is changed to the next available or default value. Not all settings, however, are revertible.
 
-Only settings in the following lists are revertible.
+> [!IMPORTANT]
+> Only settings in the following lists are revertible.
 
 ## Registry-based settings
 
@@ -21,8 +20,8 @@ The registry-based settings that are revertible when a provisioning package is u
 
 - [Wi-Fi Sense](../wcd/wcd-connectivityprofiles.md#wifisense)
 - [CountryAndRegion](../wcd/wcd-countryandregion.md)
-- DeviceManagement / PGList/ LogicalProxyName
-- UniversalAppInstall / LaunchAppAtLogin
+- [DeviceManagement / PGList / LogicalProxyName](../wcd/wcd-devicemanagement.md#pglist)
+- [UniversalAppInstall](../wcd/wcd-universalappinstall.md) / LaunchAppAtLogin
 - [Power](/previous-versions//dn953704(v=vs.85))
 - [TabletMode](../wcd/wcd-tabletmode.md)
 - [Maps](../wcd/wcd-maps.md)
@@ -33,26 +32,26 @@ The registry-based settings that are revertible when a provisioning package is u
 
 ## CSP-based settings
 
-Here is the list of revertible settings based on configuration service providers (CSPs).
+Here's the list of revertible settings based on configuration service providers (CSPs).
 
-[ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
-[AppLocker CSP](/windows/client-management/mdm/applocker-csp)
-[BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
-[CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
-[ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
-[RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
-[CM_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
-[CM_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
-[CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
-[CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp)
-[EMAIL2 CSP](/windows/client-management/mdm/email2-csp)
-[EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-[EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
-[EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
-[NAP CSP](/windows/client-management/mdm/nap-csp)
-[PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
-[Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-[SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp)
-[VPN CSP](/windows/client-management/mdm/vpn-csp)
-[VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
-[WiFi CSP](/windows/client-management/mdm/wifi-csp)
+- [ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
+- [AppLocker CSP](/windows/client-management/mdm/applocker-csp)
+- [BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
+- [CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
+- [ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
+- [RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
+- [CM_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
+- [CM_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
+- [CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
+- [CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp)
+- [EMAIL2 CSP](/windows/client-management/mdm/email2-csp)
+- [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
+- [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
+- [EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
+- [NAP CSP](/windows/client-management/mdm/nap-csp)
+- [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
+- [Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
+- [SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp)
+- [VPN CSP](/windows/client-management/mdm/vpn-csp)
+- [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
+- [WiFi CSP](/windows/client-management/mdm/wifi-csp)
diff --git a/windows/configuration/provisioning-packages/toc.yml b/windows/configuration/provisioning-packages/toc.yml
index afd0f1f158..2e5266898d 100644
--- a/windows/configuration/provisioning-packages/toc.yml
+++ b/windows/configuration/provisioning-packages/toc.yml
@@ -1,29 +1,35 @@
 items:
   - name: Overview
     href: provisioning-packages.md
-  - name: How provisioning works in Windows client
+  - name: How provisioning works
     href: provisioning-how-it-works.md
-  - name: Introduction to configuration service providers (CSPs)
-    href: how-it-pros-can-use-configuration-service-providers.md
-  - name: Install Windows Configuration Designer
-    href: provisioning-install-icd.md
-  - name: Create a provisioning package
-    href: provisioning-create-package.md
-  - name: Apply a provisioning package
-    href: provisioning-apply-package.md
-  - name: Settings changed when you uninstall a provisioning package
-    href: provisioning-uninstall-package.md
-  - name: Provision PCs with common settings for initial deployment (desktop wizard)
-    href: provision-pcs-for-initial-deployment.md
-  - name: Provision PCs with apps
-    href: provision-pcs-with-apps.md
-  - name: Use a script to install a desktop app in provisioning packages
-    href: provisioning-script-to-install-app.md
+  - name: Quickstarts
+    items:
+    - name: Install Windows Configuration Designer
+      href: provisioning-install-icd.md
+    - name: Create a provisioning package (desktop wizard)
+      href: provision-pcs-for-initial-deployment.md
+    - name: Create a provisioning package (advanced)
+      href: provisioning-create-package.md
+    - name: Apply a provisioning package
+      href: provisioning-apply-package.md
+  - name: Provision apps
+    items:
+    - name: Provision apps
+      href: provision-pcs-with-apps.md
+    - name: Use a script to install a desktop app
+      href: provisioning-script-to-install-app.md
   - name: Create a provisioning package with multivariant settings
     href: provisioning-multivariant.md
-  - name: PowerShell cmdlets for provisioning Windows client (reference)
-    href: provisioning-powershell.md
   - name: Diagnose provisioning packages
     href: diagnose-provisioning-packages.md
-  - name: Windows Configuration Designer command-line interface (reference)
-    href: provisioning-command-line.md
\ No newline at end of file
+  - name: Settings changed when you uninstall a provisioning package
+    href: provisioning-uninstall-package.md
+  - name: Reference
+    items:
+    - name: Introduction to configuration service providers (CSPs)
+      href: how-it-pros-can-use-configuration-service-providers.md
+    - name: Windows Configuration Designer command-line interface
+      href: provisioning-command-line.md
+    - name: PowerShell cmdlets for provisioning Windows client
+      href: provisioning-powershell.md
\ No newline at end of file
diff --git a/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md b/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
index 7513c63f7b..15c139b82e 100644
--- a/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
@@ -1,7 +1,7 @@
 ---
 title: Configure a shared or guest Windows device
 description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios.
-ms.date: 11/08/2023
+ms.date: 09/06/2024
 ms.topic: how-to
 ---
 
@@ -25,9 +25,7 @@ Shared PC can be configured using the following methods:
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 
-#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
-
-
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
 
 To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Shared PC`**:
 
diff --git a/windows/configuration/start/images/windows-10-secondary-tile.png b/windows/configuration/start/images/windows-10-secondary-tile.png
deleted file mode 100644
index 01e25ef3bc..0000000000
Binary files a/windows/configuration/start/images/windows-10-secondary-tile.png and /dev/null differ
diff --git a/windows/configuration/start/images/windows-11-secondary-tile.png b/windows/configuration/start/images/windows-11-secondary-tile.png
deleted file mode 100644
index 7e7600dcc3..0000000000
Binary files a/windows/configuration/start/images/windows-11-secondary-tile.png and /dev/null differ
diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md
new file mode 100644
index 0000000000..a914eb1c31
--- /dev/null
+++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md
@@ -0,0 +1,20 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 07/11/2024
+ms.topic: include
+---
+
+### Hide entry points for Fast User Switching
+
+With this policy setting you can prevent multiple users to sign in at the same time, using the Fast User Switching feature.
+
+- If enabled, only one user can sign in at a time. The Fast User Switching entry points are hidden from the sign-in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first
+- If disabled or not configured, multiple users can sign in at the same time. The Fast User Switching entry points are available from the sign-in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in
+
+|  | Path |
+|--|--|
+| **CSP** | `./Device/Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) |
+| **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **Logon** > **Hide entry points for Fast User Switching** |
+
+To learn more, see [Fast User Switching](/windows/win32/shell/fast-user-switching).
diff --git a/windows/configuration/start/includes/hide-lock.md b/windows/configuration/start/includes/hide-lock.md
index e43dff0cfa..52a8be809e 100644
--- a/windows/configuration/start/includes/hide-lock.md
+++ b/windows/configuration/start/includes/hide-lock.md
@@ -9,5 +9,5 @@ ms.topic: include
 
 |  | Path |
 |--|--|
-| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideSignOut](/windows/client-management/mdm/policy-csp-start#hidelock) |
+| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideLock](/windows/client-management/mdm/policy-csp-start#hidelock) |
 | **GPO** | Not available. |
diff --git a/windows/configuration/start/includes/hide-switch-account.md b/windows/configuration/start/includes/hide-switch-user.md
similarity index 53%
rename from windows/configuration/start/includes/hide-switch-account.md
rename to windows/configuration/start/includes/hide-switch-user.md
index 5bbe1c5e7a..49188235e2 100644
--- a/windows/configuration/start/includes/hide-switch-account.md
+++ b/windows/configuration/start/includes/hide-switch-user.md
@@ -5,7 +5,12 @@ ms.date: 04/10/2024
 ms.topic: include
 ---
 
-### Hide Switch account
+### Hide Switch user
+
+With this policy setting you can hide the **Switch user** option from the user tile in the start menu:
+
+- If enabled, the **Switch user** option is hidden
+- If disabled or not configured, the **Switch user** option is available
 
 |  | Path |
 |--|--|
diff --git a/windows/configuration/start/index.md b/windows/configuration/start/index.md
index c78ef0401d..0627e33663 100644
--- a/windows/configuration/start/index.md
+++ b/windows/configuration/start/index.md
@@ -4,6 +4,8 @@ description: Learn how to configure the Windows Start menu to provide quick acce
 ms.topic: overview
 ms.date: 04/10/2024
 zone_pivot_groups: windows-versions-11-10
+ms.collection:
+- essentials-manage
 appliesto:
 ---
 
diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md
index 9dd5437ffc..5d0b4b6bf0 100644
--- a/windows/configuration/start/policy-settings.md
+++ b/windows/configuration/start/policy-settings.md
@@ -2,7 +2,7 @@
 title: Start policy settings
 description: Learn about the policy settings to configure the Windows Start menu.
 ms.topic: reference
-ms.date: 04/10/2024
+ms.date: 07/10/2024
 appliesto:
 zone_pivot_groups: windows-versions-11-10
 ---
@@ -132,19 +132,37 @@ Select one of the tabs to see the list of available settings:
 
 #### [:::image type="icon" source="../images/icons/user.svg"::: **Account options**](#tab/user)
 
+::: zone pivot="windows-11"
+|Policy name| CSP | GPO |
+|-|-|-|
+|[Hide **Change account settings**](#hide-change-account-settings)|✅|❌|
+|[Hide **Sign out**](#hide-sign-out)|✅|✅|
+|[Hide **Switch user**](#hide-switch-user)|✅|❌|
+|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅|
+|[Hide user tile](#hide-user-tile)|✅|❌|
+::: zone-end
+
+::: zone pivot="windows-10"
 |Policy name| CSP | GPO |
 |-|-|-|
 |[Hide **Change account settings**](#hide-change-account-settings)|✅|❌|
 |[Hide **Lock**](#hide-lock)|✅|❌|
 |[Hide **Sign out**](#hide-sign-out)|✅|✅|
-|[Hide **Switch account**](#hide-switch-account)|✅|❌|
+|[Hide **Switch user**](#hide-switch-user)|✅|❌|
+|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅|
 |[Hide user tile](#hide-user-tile)|✅|❌|
+::: zone-end
 
 [!INCLUDE [hide-change-account-settings](includes/hide-change-account-settings.md)]
+
+::: zone pivot="windows-10"
 [!INCLUDE [hide-lock](includes/hide-lock.md)]
+::: zone-end
+
 [!INCLUDE [hide-signout](includes/hide-signout.md)]
-[!INCLUDE [hide-switch-user](includes/hide-switch-account.md)]
-[!INCLUDE [hide-switch-user](includes/hide-user-tile.md)]
+[!INCLUDE [hide-switch-user](includes/hide-switch-user.md)]
+[!INCLUDE [hide-lock](includes/hide-entry-points-for-fast-user-switching.md)]
+[!INCLUDE [hide-user-tile](includes/hide-user-tile.md)]
 
 #### [:::image type="icon" source="../images/icons/folder.svg"::: **Pinned folders**](#tab/folders)
 
@@ -174,6 +192,21 @@ Select one of the tabs to see the list of available settings:
 
 #### [:::image type="icon" source="../images/icons/power.svg"::: **Power options**](#tab/power)
 
+
+::: zone pivot="windows-11"
+|Policy name| CSP | GPO |
+|-|-|-|
+|[Hide **Hibernate** ](#hide-hibernate)|✅|❌|
+|[Hide **Lock**](#hide-lock)|✅|❌|
+|[Hide **Power** button](#hide-power-button)|✅|❌|
+|[Hide **Restart**](#hide-restart)|✅|❌|
+|[Hide **Shut down**](#hide-shut-down)|✅|❌|
+|[Hide **Sleep**](#hide-sleep)|✅|❌|
+|[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅|
+::: zone-end
+
+::: zone pivot="windows-10"
+
 |Policy name| CSP | GPO |
 |-|-|-|
 |[Hide **Hibernate** ](#hide-hibernate)|✅|❌|
@@ -183,7 +216,12 @@ Select one of the tabs to see the list of available settings:
 |[Hide **Sleep**](#hide-sleep)|✅|❌|
 |[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅|
 
+::: zone-end
+
 [!INCLUDE [hide-hibernate](includes/hide-hibernate.md)]
+::: zone pivot="windows-11"
+[!INCLUDE [hide-lock](includes/hide-lock.md)]
+::: zone-end
 [!INCLUDE [hide-power-button](includes/hide-power-button.md)]
 [!INCLUDE [hide-restart](includes/hide-restart.md)]
 [!INCLUDE [hide-shut-down](includes/hide-shut-down.md)]
diff --git a/windows/configuration/taskbar/index.md b/windows/configuration/taskbar/index.md
index 68edd41929..6ef2fe06f6 100644
--- a/windows/configuration/taskbar/index.md
+++ b/windows/configuration/taskbar/index.md
@@ -3,6 +3,8 @@ title: Configure the Windows taskbar
 description: Learn how to configure the Windows taskbar to provide quick access to the tools and applications that users need most.
 ms.topic: how-to
 ms.date: 04/17/2024
+ms.collection:
+- essentials-manage
 appliesto:
 zone_pivot_groups: windows-versions-11-10
 ---
diff --git a/windows/configuration/toc.yml b/windows/configuration/toc.yml
index 97c229350a..45b8217fab 100644
--- a/windows/configuration/toc.yml
+++ b/windows/configuration/toc.yml
@@ -21,5 +21,3 @@ items:
   href: provisioning-packages/toc.yml
 - name: Windows Configuration Designer
   href: wcd/toc.yml
-- name: User Experience Virtualization (UE-V)
-  href: /microsoft-desktop-optimization-pack/ue-v/uev-for-windows
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 68c83b8121..dda5503d8b 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -455,7 +455,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
 | DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✅ |  |  |  |
 | DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✅ |  |  |  |
 | [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✅ | |  |  |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.  | ✅ |  |  |  |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.  | ✅ |  |  |  |
 
 ## TextInput
 
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 2afe56cfb4..7c0064dc3f 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -34,7 +34,7 @@ For each app that you add to the package, configure the settings in the followin
 | Setting | Value | Description |
 |--|--|--|
 | ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
-| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
+| DependencyAppxFiles | Any required frameworks | Typically, dependencies for the app are listed undere **Required frameworks**. |
 | DeploymentOptions | - None</br>-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. </br>- Development mode: Don't use. </br>- Install all resources: When you set this option, the app is instructed to skip resource applicability checks.</br>- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
 | LaunchAppAtLogin | - Don't launch app</br>- Launch app | Set the value for app behavior when a user signs in. |
 | OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index ce71f48060..99c636d922 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -1,9 +1,10 @@
-- name: Deploy and update Windows client
+items:
+- name: Deploy and update Windows
   href: index.yml
   items:
     - name: Get started
       items:
-        - name: Windows client deployment scenarios
+        - name: Windows deployment scenarios
           href: windows-deployment-scenarios.md
         - name: Quick guide to Windows as a service
           href: update/waas-quick-start.md
@@ -15,113 +16,73 @@
           href: update/get-started-updates-channels-tools.md
         - name: Defining Windows update-managed devices
           href: update/update-managed-unmanaged-devices.md
-        - name: Prepare servicing strategy for Windows client updates
+        - name: Prepare servicing strategy for Windows updates
           href: update/waas-servicing-strategy-windows-10-updates.md
-        - name: Deployment proof of concept
-          items:
-            - name: 'Step by step guide: Configure a test lab to deploy Windows 10'
-              href: windows-10-poc.md
-            - name: Deploy Windows 10 in a test lab using Configuration Manager
-              href: windows-10-poc-sc-config-mgr.md
-        - name: Deployment process posters
-          href: windows-10-deployment-posters.md
 
     - name: Plan
       items:
         - name: Plan for Windows 11
-          href: /windows/whats-new/windows-11-plan?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+          href: /windows/whats-new/windows-11-plan?context=/windows/deployment/context/context
         - name: Create a deployment plan
           href: update/create-deployment-plan.md
         - name: Define readiness criteria
           href: update/plan-define-readiness.md
         - name: Evaluate infrastructure and tools
           href: update/eval-infra-tools.md
-        - name: Determine application readiness
-          href: update/plan-determine-app-readiness.md
         - name: Define your servicing strategy
           href: update/plan-define-strategy.md
-        - name: Delivery Optimization for Windows client updates
-          href: do/waas-delivery-optimization.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-          items:
-            - name: Using a proxy with Delivery Optimization
-              href: do/delivery-optimization-proxy.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-            - name: Delivery Optimization client-service communication
-              href: do/delivery-optimization-workflow.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Windows 10 deployment considerations
-          href: planning/windows-10-deployment-considerations.md
-        - name: Windows 10 infrastructure requirements
-          href: planning/windows-10-infrastructure-requirements.md
-        - name: Plan for volume activation
-          href: volume-activation/plan-for-volume-activation-client.md
-        - name: Features removed or planned for replacement
-          items:
-            - name: Windows client features lifecycle
-              href: /windows/whats-new/feature-lifecycle?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-            - name: Deprecated features
-              href: /windows/whats-new/deprecated-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-            - name: Resources for deprecated features
-              href: /windows/whats-new/deprecated-features-resources?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-            - name: Removed features
-              href: /windows/whats-new/removed-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: Windows Update security
+          href: update/windows-update-security.md
+        - name: Windows upgrade and migration considerations
+          href: upgrade/windows-upgrade-and-migration-considerations.md
+        - name: Delivery Optimization for Windows updates
+          href: do/waas-delivery-optimization.md?context=/windows/deployment/context/context
+        - name: Windows compatibility cookbook
+          href: /windows/compatibility/
     - name: Prepare
       items:
         - name: Prepare for Windows 11
-          href: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Prepare to deploy Windows client updates
+          href: /windows/whats-new/windows-11-prepare?context=/windows/deployment/context/context
+        - name: Prepare to deploy Windows updates
           href: update/prepare-deploy-windows.md
         - name: Evaluate and update infrastructure
           href: update/update-policies.md
-        - name: Update Baseline
+        - name: Update baseline
           href: update/update-baseline.md
-        - name: Set up Delivery Optimization for Windows client updates
-          href: do/waas-delivery-optimization-setup.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Configure BranchCache for Windows client updates
+        - name: Set up Delivery Optimization for Windows updates
+          href: do/delivery-optimization-configure.md?context=/windows/deployment/context/context
+        - name: Configure BranchCache for Windows updates
           href: update/waas-branchcache.md
         - name: Prepare for deployment with Configuration Manager
-          href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
-        - name: Build a successful servicing strategy
-          items:
-            - name: Check release health
-              href: update/check-release-health.md
-            - name: Prepare updates using Windows Update for Business
-              href: update/waas-manage-updates-wufb.md
-            - name: Prepare updates using WSUS
-              href: update/waas-manage-updates-wsus.md
-
+          href: /previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager
+        - name: Check release health
+          href: update/check-release-health.md
     - name: Deploy
       items:
-        - name: Deploy Windows client
+        - name: Deploy Windows
           items:
-            - name: Deploy Windows client with Autopilot
+            - name: Deploy Windows with Autopilot
               href: /autopilot/
             - name: Windows deployment scenarios and tools
               href: windows-deployment-scenarios-and-tools.md
-            - name: Deploy Windows client with Configuration Manager
-              items:
-                - name: Deploy to a new device
-                  href: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
-                - name: Refresh a device
-                  href: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
-                - name: Replace a device
-                  href: deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
-                - name: In-place upgrade
-                  href: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
-        - name: Deploy Windows client updates
+        - name: Deploy Windows updates
           items:
             - name: Assign devices to servicing channels
               href: update/waas-servicing-channels-windows-10-updates.md
             - name: Deploy updates with WSUS
               href: update/waas-manage-updates-wsus.md
-            - name: Deploy updates with Group Policy
-              href: update/waas-wufb-group-policy.md
-            - name: Deploy updates using CSPs and MDM
-              href: update/waas-wufb-csp-mdm.md
-            - name: Update Windows client media with Dynamic Update
+            - name: Update Windows media with dynamic update
               href: update/media-dynamic-update.md
             - name: Migrating and acquiring optional Windows content
               href: update/optional-content.md
+            - name: Deploy feature updates for user-initiated installations
+              href: update/feature-update-user-install.md
             - name: Safeguard holds
-              href: update/safeguard-holds.md
+              items:
+                - name: Safeguard holds
+                  href: update/safeguard-holds.md
+                - name: Opt out of safeguard holds
+                  href: update/safeguard-opt-out.md
             - name: Manage the Windows client update experience
               items:
                 - name: Manage device restarts after updates
@@ -140,26 +101,10 @@
               href: update/wufb-compliancedeadlines.md
             - name: Integrate Windows Update for Business with management solutions
               href: update/waas-integrate-wufb.md
-            - name: 'Walkthrough: use Group Policy to configure Windows Update for Business'
+            - name: Use group policy to configure Windows Update for Business
               href: update/waas-wufb-group-policy.md
             - name: Deploy updates using CSPs and MDM
               href: update/waas-wufb-csp-mdm.md
-        - name: Windows Update for Business deployment service
-          items:
-          - name: Windows Update for Business deployment service overview
-            href: update/deployment-service-overview.md
-          - name: Prerequisites for Windows Update for Business deployment service
-            href: update/deployment-service-prerequisites.md
-          - name: Deploy updates with the deployment service
-            items:
-            - name: Deploy feature updates using Graph Explorer
-              href: update/deployment-service-feature-updates.md
-            - name: Deploy expedited updates using Graph Explorer
-              href: update/deployment-service-expedited-updates.md
-            - name: Deploy driver and firmware updates using Graph Explorer
-              href: update/deployment-service-drivers.md
-          - name: Troubleshoot Windows Update for Business deployment service
-            href: update/deployment-service-troubleshoot.md
     - name: Activate
       items:
       - name: Windows subscription activation
@@ -186,175 +131,152 @@
           href: volume-activation/monitor-activation-client.md
         - name: Use the Volume Activation Management Tool
           href: volume-activation/use-the-volume-activation-management-tool-client.md
-        href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+        - name: Information sent to Microsoft during activation
+          href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
       - name: Volume Activation Management Tool (VAMT)
         items:
         - name: VAMT technical reference
           href: volume-activation/volume-activation-management-tool.md
         - name: Introduction to VAMT
           href: volume-activation/introduction-vamt.md
-        - name: Active Directory-Based Activation Overview
+        - name: Active Directory-Based activation overview
           href: volume-activation/active-directory-based-activation-overview.md
-        - name: Install and Configure VAMT
+        - name: Install and configure VAMT
           items:
-          - name: Overview
-            href: volume-activation/install-configure-vamt.md
-          - name: VAMT Requirements
+          - name: VAMT requirements
             href: volume-activation/vamt-requirements.md
           - name: Install VAMT
             href: volume-activation/install-vamt.md
-          - name: Configure Client Computers
+          - name: Configure client computers
             href: volume-activation/configure-client-computers-vamt.md
-        - name: Add and Manage Products
+        - name: Add and manage products
           items:
-          - name: Overview
-            href: volume-activation/add-manage-products-vamt.md
-          - name: Add and Remove Computers
+          - name: Add and remove computers
             href: volume-activation/add-remove-computers-vamt.md
-          - name: Update Product Status
+          - name: Update product status
             href: volume-activation/update-product-status-vamt.md
-          - name: Remove Products
+          - name: Remove products
             href: volume-activation/remove-products-vamt.md
-        - name: Manage Product Keys
+        - name: Manage product keys
           items:
-          - name: Overview
-            href: volume-activation/manage-product-keys-vamt.md
-          - name: Add and Remove a Product Key
+          - name: Add and remove a product key
             href: volume-activation/add-remove-product-key-vamt.md
-          - name: Install a Product Key
+          - name: Install a product key
             href: volume-activation/install-product-key-vamt.md
-          - name: Install a KMS Client Key
+          - name: Install a KMS client key
             href: volume-activation/install-kms-client-key-vamt.md
-        - name: Manage Activations
+        - name: Manage activations
           items:
-          - name: Overview
-            href: volume-activation/manage-activations-vamt.md
-          - name: Run Online Activation
+          - name: Run online activation
             href: volume-activation/online-activation-vamt.md
-          - name: Run Proxy Activation
+          - name: Run proxy activation
             href: volume-activation/proxy-activation-vamt.md
-          - name: Run KMS Activation
+          - name: Run KMS activation
             href: volume-activation/kms-activation-vamt.md
-          - name: Run Local Reactivation
+          - name: Run local reactivation
             href: volume-activation/local-reactivation-vamt.md
-          - name: Activate an Active Directory Forest Online
+          - name: Activate an Active Directory forest online
             href: volume-activation/activate-forest-vamt.md
-          - name: Activate by Proxy an Active Directory Forest
+          - name: Activate by proxy an Active Directory forest
             href: volume-activation/activate-forest-by-proxy-vamt.md
-        - name: Manage VAMT Data
+        - name: Manage VAMT data
           items:
-          - name: Overview
-            href: volume-activation/manage-vamt-data.md
-          - name: Import and Export VAMT Data
+          - name: Import and export VAMT data
             href: volume-activation/import-export-vamt-data.md
           - name: Use VAMT in Windows PowerShell
             href: volume-activation/use-vamt-in-windows-powershell.md
-          - name: VAMT Step-by-Step Scenarios
-            items:
-            - name: Overview
-              href: volume-activation/vamt-step-by-step.md
-            - name: "Scenario 1: Online Activation"
-              href: volume-activation/scenario-online-activation-vamt.md
-            - name: "Scenario 2: Proxy Activation"
-              href: volume-activation/scenario-proxy-activation-vamt.md
-            - name: "Scenario 3: KMS Client Activation"
-              href: volume-activation/scenario-kms-activation-vamt.md
-          - name: VAMT Known Issues
-            href: volume-activation/vamt-known-issues.md
-      - name: Information sent to Microsoft during activation
-        href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+        - name: VAMT step-by-step scenarios
+          items:
+          - name: "Scenario 1: online activation"
+            href: volume-activation/scenario-online-activation-vamt.md
+          - name: "Scenario 2: proxy activation"
+            href: volume-activation/scenario-proxy-activation-vamt.md
+          - name: "Scenario 3: KMS client activation"
+            href: volume-activation/scenario-kms-activation-vamt.md
+        - name: VAMT known issues
+          href: volume-activation/vamt-known-issues.md
     - name: Monitor
       items:
-      - name: Windows Update for Business reports
+      - name: Windows Update for Business reports overview
+        href: update/wufb-reports-overview.md
+      - name: Enable Windows Update for Business reports
         items:
-        - name: Windows Update for Business reports overview
-          href: update/wufb-reports-overview.md
+        - name: Windows Update for Business reports prerequisites
+          href: update/wufb-reports-prerequisites.md
         - name: Enable Windows Update for Business reports
-          items:
-          - name: Windows Update for Business reports prerequisites
-            href: update/wufb-reports-prerequisites.md
-          - name: Enable Windows Update for Business reports
-            href: update/wufb-reports-enable.md
-          - name: Configure clients with a script
-            href: update/wufb-reports-configuration-script.md
-          - name: Configure clients manually
-            href: update/wufb-reports-configuration-manual.md
-          - name: Configure clients with Microsoft Intune
-            href: update/wufb-reports-configuration-intune.md
-        - name: Use Windows Update for Business reports
-          items:
-          - name: Windows Update for Business reports workbook
-            href: update/wufb-reports-workbook.md
-          - name: Delivery Optimization data in reports
-            href: update/wufb-reports-do.md
-          - name: Software updates in the Microsoft 365 admin center
-            href: update/wufb-reports-admin-center.md
-          - name: Use Windows Update for Business reports data
-            href: update/wufb-reports-use.md
-          - name: FAQ for Windows Update for Business reports
-            href: update/wufb-reports-faq.yml
-          - name: Feedback and support
-            href: update/wufb-reports-help.md
+          href: update/wufb-reports-enable.md
+        - name: Configure clients with a script
+          href: update/wufb-reports-configuration-script.md
+        - name: Configure clients manually
+          href: update/wufb-reports-configuration-manual.md
+        - name: Configure clients with Microsoft Intune
+          href: update/wufb-reports-configuration-intune.md
+      - name: Use Windows Update for Business reports
+        items:
+        - name: Windows Update for Business reports workbook
+          href: update/wufb-reports-workbook.md
+        - name: Delivery Optimization data in reports
+          href: update/wufb-reports-do.md
+        - name: Software updates in the Microsoft 365 admin center
+          href: update/wufb-reports-admin-center.md
+        - name: Use Windows Update for Business reports data
+          href: update/wufb-reports-use.md
+        - name: FAQ for Windows Update for Business reports
+          href: update/wufb-reports-faq.yml
+        - name: Feedback and support
+          href: update/wufb-reports-help.md
+      - name: Windows Update for Business reports schema reference
+        items:
         - name: Windows Update for Business reports schema reference
-          items:
-          - name: Windows Update for Business reports schema reference
-            href: update/wufb-reports-schema.md
-          - name: UCClient
-            href: update/wufb-reports-schema-ucclient.md
-          - name: UCClientReadinessStatus
-            href: update/wufb-reports-schema-ucclientreadinessstatus.md
-          - name: UCClientUpdateStatus
-            href: update/wufb-reports-schema-ucclientupdatestatus.md
-          - name: UCDeviceAlert
-            href: update/wufb-reports-schema-ucdevicealert.md
-          - name: UCDOAggregatedStatus
-            href: update/wufb-reports-schema-ucdoaggregatedstatus.md
-          - name: UCDOStatus
-            href: update/wufb-reports-schema-ucdostatus.md
-          - name: UCServiceUpdateStatus
-            href: update/wufb-reports-schema-ucserviceupdatestatus.md
-          - name: UCUpdateAlert
-            href: update/wufb-reports-schema-ucupdatealert.md
-          - name: Enumerated types
-            href: update/wufb-reports-schema-enumerated-types.md
-    - name: Troubleshooting
+          href: update/wufb-reports-schema.md
+        - name: UCClient
+          href: update/wufb-reports-schema-ucclient.md
+        - name: UCClientReadinessStatus
+          href: update/wufb-reports-schema-ucclientreadinessstatus.md
+        - name: UCClientUpdateStatus
+          href: update/wufb-reports-schema-ucclientupdatestatus.md
+        - name: UCDeviceAlert
+          href: update/wufb-reports-schema-ucdevicealert.md
+        - name: UCDOAggregatedStatus
+          href: update/wufb-reports-schema-ucdoaggregatedstatus.md
+        - name: UCDOStatus
+          href: update/wufb-reports-schema-ucdostatus.md
+        - name: UCServiceUpdateStatus
+          href: update/wufb-reports-schema-ucserviceupdatestatus.md
+        - name: UCUpdateAlert
+          href: update/wufb-reports-schema-ucupdatealert.md
+        - name: Enumerated types
+          href: update/wufb-reports-schema-enumerated-types.md
+    - name: Troubleshoot
       items:
       - name: Resolve upgrade errors
         items:
         - name: Resolve Windows upgrade errors
           href: upgrade/resolve-windows-upgrade-errors.md
         - name: Quick fixes
-          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?context=/windows/deployment/context/context
         - name: SetupDiag
           href: upgrade/setupdiag.md
         - name: Troubleshooting upgrade errors
-          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?context=/windows/deployment/context/context
         - name: Windows error reporting
           href: upgrade/windows-error-reporting.md
         - name: Upgrade error codes
-          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Log files
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?context=/windows/deployment/context/context
+        - name: Upgrade log files
           href: upgrade/log-files.md
         - name: Resolution procedures
-          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Submit Windows client upgrade errors
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?context=/windows/deployment/context/context
+        - name: Submit Windows upgrade errors
           href: upgrade/submit-errors.md
       - name: Troubleshoot Windows Update
         items:
         - name: How to troubleshoot Windows Update
-          href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Opt out of safeguard holds
-          href: update/safeguard-opt-out.md
-        - name: Determine the source of Windows Updates
-          href: ./update/how-windows-update-works.md
-        - name: Windows Update security
-          href: ./update/windows-update-security.md
+          href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?context=/windows/deployment/context/context
         - name: Common Windows Update errors
-          href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+          href: /troubleshoot/windows-client/deployment/common-windows-update-errors?context=/windows/deployment/context/context
         - name: Windows Update error code reference
           href: update/windows-update-error-reference.md
-        - name: Troubleshoot the Windows Update for Business deployment service
-          href: update/deployment-service-troubleshoot.md
 
     - name: Reference
       items:
@@ -368,202 +290,138 @@
           href: deploy-m365.md
         - name: Understand the Unified Update Platform
           href: update/windows-update-overview.md
+        - name: Windows Update log files
+          href: update/windows-update-logs.md
         - name: Servicing stack updates
           href: update/servicing-stack-updates.md
         - name: Update CSP policies
-          href: /windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: Additional Windows Update settings
-          href: update/waas-wu-settings.md
+          href: /windows/client-management/mdm/policy-csp-update?context=/windows/deployment/context/context
         - name: Update other Microsoft products
           href: update/update-other-microsoft-products.md
         - name: Delivery Optimization reference
-          href: do/waas-delivery-optimization-reference.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - name: FoD and language packs for WSUS and Configuration Manager
+          href: do/waas-delivery-optimization-reference.md?context=/windows/deployment/context/context
+        - name: Features on Demand and language packs
           href: update/fod-and-lang-packs.md
-        - name: Windows client in S mode
-          href: s-mode.md
-        - name: Switch to Windows client Pro or Enterprise from S mode
-          href: windows-10-pro-in-s-mode.md
-        - name: Windows client deployment tools
-          items:
-            - name: Windows client deployment scenarios and tools
-              items:
-                - name: Windows Deployment Services (WDS) boot.wim support
-                  href: wds-boot-support.md
-                - name: Convert MBR partition to GPT
-                  href: mbr-to-gpt.md
-                - name: Configure a PXE server to load Windows PE
-                  href: configure-a-pxe-server-to-load-windows-pe.md
-                - name: Windows ADK for Windows 10 scenarios for IT Pros
-                  href: windows-adk-scenarios-for-it-pros.md
-                - name: User State Migration Tool (USMT) technical reference
-                  items:
-                    - name: USMT overview articles
-                      items:
-                        - name: USMT overview
-                          href: usmt/usmt-overview.md
-                        - name: Getting started with the USMT
-                          href: usmt/getting-started-with-the-user-state-migration-tool.md
-                        - name: Windows upgrade and migration considerations
-                          href: upgrade/windows-upgrade-and-migration-considerations.md
-                    - name: USMT How-to articles
-                      items:
-                        - name: Exclude Files and Settings
-                          href: usmt/usmt-exclude-files-and-settings.md
-                        - name: Extract Files from a Compressed USMT Migration Store
-                          href: usmt/usmt-extract-files-from-a-compressed-migration-store.md
-                        - name: Include Files and Settings
-                          href: usmt/usmt-include-files-and-settings.md
-                        - name: Migrate Application Settings
-                          href: usmt/migrate-application-settings.md
-                        - name: Migrate EFS Files and Certificates
-                          href: usmt/usmt-migrate-efs-files-and-certificates.md
-                        - name: Migrate User Accounts
-                          href: usmt/usmt-migrate-user-accounts.md
-                        - name: Reroute Files and Settings
-                          href: usmt/usmt-reroute-files-and-settings.md
-                        - name: Verify the Condition of a Compressed Migration Store
-                          href: usmt/verify-the-condition-of-a-compressed-migration-store.md
-
-                    - name: USMT Reference
-                      items:
-                        - name: USMT Requirements
-                          href: usmt/usmt-requirements.md
-                        - name: USMT Best Practices
-                          href: usmt/usmt-best-practices.md
-                        - name: How USMT Works
-                          href: usmt/usmt-how-it-works.md
-                        - name: Plan Your Migration
-                          href: usmt/usmt-plan-your-migration.md
-                        - name: Common Migration Scenarios
-                          href: usmt/usmt-common-migration-scenarios.md
-                        - name: What Does USMT Migrate?
-                          href: usmt/usmt-what-does-usmt-migrate.md
-                        - name: Choose a Migration Store Type
-                          href: usmt/usmt-choose-migration-store-type.md
-                        - name: Migration Store Types Overview
-                          href: usmt/migration-store-types-overview.md
-                        - name: Estimate Migration Store Size
-                          href: usmt/usmt-estimate-migration-store-size.md
-                        - name: Hard-Link Migration Store
-                          href: usmt/usmt-hard-link-migration-store.md
-                        - name: Migration Store Encryption
-                          href: usmt/usmt-migration-store-encryption.md
-                        - name: Determine What to Migrate
-                          href: usmt/usmt-determine-what-to-migrate.md
-                        - name: Identify users
-                          href: usmt/usmt-identify-users.md
-                        - name: Identify Applications Settings
-                          href: usmt/usmt-identify-application-settings.md
-                        - name: Identify Operating System Settings
-                          href: usmt/usmt-identify-operating-system-settings.md
-                        - name: Identify File Types, Files, and Folders
-                          href: usmt/usmt-identify-file-types-files-and-folders.md
-                        - name: Test Your Migration
-                          href: usmt/usmt-test-your-migration.md
-                        - name: USMT Command-line Syntax
-                          href: usmt/usmt-command-line-syntax.md
-                        - name: ScanState Syntax
-                          href: usmt/usmt-scanstate-syntax.md
-                        - name: LoadState Syntax
-                          href: usmt/usmt-loadstate-syntax.md
-                        - name: UsmtUtils Syntax
-                          href: usmt/usmt-utilities.md
-                        - name: USMT XML Reference
-                          href: usmt/usmt-xml-reference.md
-                        - name: Understanding Migration XML Files
-                          href: usmt/understanding-migration-xml-files.md
-                        - name: Config.xml File
-                          href: usmt/usmt-configxml-file.md
-                        - name: Customize USMT XML Files
-                          href: usmt/usmt-customize-xml-files.md
-                        - name: Custom XML Examples
-                          href: usmt/usmt-custom-xml-examples.md
-                        - name: Conflicts and Precedence
-                          href: usmt/usmt-conflicts-and-precedence.md
-                        - name: General Conventions
-                          href: usmt/usmt-general-conventions.md
-                        - name: XML File Requirements
-                          href: usmt/xml-file-requirements.md
-                        - name: Recognized Environment Variables
-                          href: usmt/usmt-recognized-environment-variables.md
-                        - name: XML Elements Library
-                          href: usmt/usmt-xml-elements-library.md
-                        - name: Offline Migration Reference
-                          href: usmt/offline-migration-reference.md
-
-                    - name: Troubleshoot USMT
-                      items:
-                        - name: USMT Troubleshooting
-                          href: usmt/usmt-troubleshooting.md
-                        - name: USMT Common Issues
-                          href: /troubleshoot/windows-client/deployment/usmt-common-issues
-                        - name: USMT Frequently Asked Questions
-                          href: usmt/usmt-faq.yml
-                        - name: USMT Log Files
-                          href: usmt/usmt-log-files.md
-                        - name: USMT Return Codes
-                          href: /troubleshoot/windows-client/deployment/usmt-return-codes
-                        - name: USMT Resources
-                          href: usmt/usmt-resources.md
-
-            - name: Application Compatibility Toolkit (ACT) Technical Reference
-              items:
-                - name: SUA User's Guide
-                  items:
-                  - name: Overview
-                    href: planning/sua-users-guide.md
-                  - name: Use the SUA Wizard
-                    href: planning/using-the-sua-wizard.md
-                  - name: Use the SUA Tool
-                    href: planning/using-the-sua-tool.md
-                  - name: Tabs on the SUA Tool Interface
-                    href: planning/tabs-on-the-sua-tool-interface.md
-                  - name: Show Messages Generated by the SUA Tool
-                    href: planning/showing-messages-generated-by-the-sua-tool.md
-                  - name: Apply Filters to Data in the SUA Tool
-                    href: planning/applying-filters-to-data-in-the-sua-tool.md
-                  - name: Fix apps using the SUA Tool
-                    href: planning/fixing-applications-by-using-the-sua-tool.md
-                - name: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
-                  href: planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
-                - name: Compatibility Administrator User's Guide
-                  items:
-                  - name: Overview
-                    href: planning/compatibility-administrator-users-guide.md
-                  - name: Use the Compatibility Administrator Tool
-                    href: planning/using-the-compatibility-administrator-tool.md
-                  - name: Available Data Types and Operators in Compatibility Administrator
-                    href: planning/available-data-types-and-operators-in-compatibility-administrator.md
-                  - name: Search for Fixed Applications in Compatibility Administrator
-                    href: planning/searching-for-fixed-applications-in-compatibility-administrator.md
-                  - name: Search for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
-                    href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
-                  - name: Create a Custom Compatibility Fix in Compatibility Administrator
-                    href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
-                  - name: Create a Custom Compatibility Mode in Compatibility Administrator
-                    href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
-                  - name: Create an AppHelp Message in Compatibility Administrator
-                    href: planning/creating-an-apphelp-message-in-compatibility-administrator.md
-                  - name: View the Events Screen in Compatibility Administrator
-                    href: planning/viewing-the-events-screen-in-compatibility-administrator.md
-                  - name: Enable and Disable Compatibility Fixes in Compatibility Administrator
-                    href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
-                  - name: Install and Uninstall Custom Compatibility Databases in Compatibility Administrator
-                    href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
-                - name: Manage Application-Compatibility Fixes and Custom Fix Databases
-                  items:
-                  - name: Overview
-                    href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
-                  - name: Understand and Use Compatibility Fixes
-                    href: planning/understanding-and-using-compatibility-fixes.md
-                  - name: Compatibility Fix Database Management Strategies and Deployment
-                    href: planning/compatibility-fix-database-management-strategies-and-deployment.md
-                  - name: Test Your Application Mitigation Packages
-                    href: planning/testing-your-application-mitigation-packages.md
-                  - name: Use the Sdbinst.exe Command-Line Tool
-                    href: planning/using-the-sdbinstexe-command-line-tool.md
         - name: Add fonts in Windows
           href: windows-missing-fonts.md
+        - name: Windows Updates using forward and reverse differentials
+          href: update/forward-reverse-differentials.md
+
+    - name: Deployment tools
+      items:
         - name: Customize Windows PE boot images
-          href: customize-boot-image.md
\ No newline at end of file
+          href: customize-boot-image.md
+        - name: Convert MBR partition to GPT
+          href: mbr-to-gpt.md
+        - name: Configure a PXE server to load Windows PE
+          href: configure-a-pxe-server-to-load-windows-pe.md
+        - name: Windows Deployment Services (WDS) boot.wim support
+          href: wds-boot-support.md
+        - name: Windows ADK for Windows 10 scenarios for IT Pros
+          href: windows-adk-scenarios-for-it-pros.md
+        - name: User State Migration Tool (USMT) technical reference
+          items:
+            - name: USMT overview articles
+              items:
+                - name: USMT overview
+                  href: usmt/usmt-overview.md
+                - name: Getting started with the USMT
+                  href: usmt/getting-started-with-the-user-state-migration-tool.md
+            - name: USMT How-to articles
+              items:
+                - name: Exclude Files and Settings
+                  href: usmt/usmt-exclude-files-and-settings.md
+                - name: Extract Files from a Compressed USMT Migration Store
+                  href: usmt/usmt-extract-files-from-a-compressed-migration-store.md
+                - name: Include Files and Settings
+                  href: usmt/usmt-include-files-and-settings.md
+                - name: Migrate Application Settings
+                  href: usmt/migrate-application-settings.md
+                - name: Migrate EFS Files and Certificates
+                  href: usmt/usmt-migrate-efs-files-and-certificates.md
+                - name: Migrate User Accounts
+                  href: usmt/usmt-migrate-user-accounts.md
+                - name: Reroute Files and Settings
+                  href: usmt/usmt-reroute-files-and-settings.md
+                - name: Verify the Condition of a Compressed Migration Store
+                  href: usmt/verify-the-condition-of-a-compressed-migration-store.md
+            - name: USMT Reference
+              items:
+                - name: USMT Requirements
+                  href: usmt/usmt-requirements.md
+                - name: USMT Best Practices
+                  href: usmt/usmt-best-practices.md
+                - name: How USMT Works
+                  href: usmt/usmt-how-it-works.md
+                - name: Plan Your Migration
+                  href: usmt/usmt-plan-your-migration.md
+                - name: Common Migration Scenarios
+                  href: usmt/usmt-common-migration-scenarios.md
+                - name: What Does USMT Migrate?
+                  href: usmt/usmt-what-does-usmt-migrate.md
+                - name: Choose a Migration Store Type
+                  href: usmt/usmt-choose-migration-store-type.md
+                - name: Migration Store Types Overview
+                  href: usmt/migration-store-types-overview.md
+                - name: Estimate Migration Store Size
+                  href: usmt/usmt-estimate-migration-store-size.md
+                - name: Hard-Link Migration Store
+                  href: usmt/usmt-hard-link-migration-store.md
+                - name: Migration Store Encryption
+                  href: usmt/usmt-migration-store-encryption.md
+                - name: Determine What to Migrate
+                  href: usmt/usmt-determine-what-to-migrate.md
+                - name: Identify users
+                  href: usmt/usmt-identify-users.md
+                - name: Identify Applications Settings
+                  href: usmt/usmt-identify-application-settings.md
+                - name: Identify Operating System Settings
+                  href: usmt/usmt-identify-operating-system-settings.md
+                - name: Identify File Types, Files, and Folders
+                  href: usmt/usmt-identify-file-types-files-and-folders.md
+                - name: Test Your Migration
+                  href: usmt/usmt-test-your-migration.md
+                - name: USMT Command-line Syntax
+                  href: usmt/usmt-command-line-syntax.md
+                - name: ScanState Syntax
+                  href: usmt/usmt-scanstate-syntax.md
+                - name: LoadState Syntax
+                  href: usmt/usmt-loadstate-syntax.md
+                - name: UsmtUtils Syntax
+                  href: usmt/usmt-utilities.md
+                - name: USMT XML Reference
+                  href: usmt/usmt-xml-reference.md
+                - name: Understanding Migration XML Files
+                  href: usmt/understanding-migration-xml-files.md
+                - name: Config.xml File
+                  href: usmt/usmt-configxml-file.md
+                - name: Customize USMT XML Files
+                  href: usmt/usmt-customize-xml-files.md
+                - name: Custom XML Examples
+                  href: usmt/usmt-custom-xml-examples.md
+                - name: Conflicts and Precedence
+                  href: usmt/usmt-conflicts-and-precedence.md
+                - name: General Conventions
+                  href: usmt/usmt-general-conventions.md
+                - name: XML File Requirements
+                  href: usmt/xml-file-requirements.md
+                - name: Recognized Environment Variables
+                  href: usmt/usmt-recognized-environment-variables.md
+                - name: XML Elements Library
+                  href: usmt/usmt-xml-elements-library.md
+                - name: Offline Migration Reference
+                  href: usmt/offline-migration-reference.md
+            - name: Troubleshoot USMT
+              items:
+                - name: USMT Troubleshooting
+                  href: usmt/usmt-troubleshooting.md
+                - name: USMT Common Issues
+                  href: /troubleshoot/windows-client/deployment/usmt-common-issues
+                - name: USMT Frequently Asked Questions
+                  href: usmt/usmt-faq.yml
+                - name: USMT Log Files
+                  href: usmt/usmt-log-files.md
+                - name: USMT Return Codes
+                  href: /troubleshoot/windows-client/deployment/usmt-return-codes
+                - name: USMT Resources
+                  href: usmt/usmt-resources.md
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index 8afd2c00f8..4b8d904b2e 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 manager: aaroncz
 ms.author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.date: 11/23/2022
 ms.subservice: itpro-deploy
 ---
diff --git a/windows/deployment/context/context.yml b/windows/deployment/context/context.yml
new file mode 100644
index 0000000000..aa53a529eb
--- /dev/null
+++ b/windows/deployment/context/context.yml
@@ -0,0 +1,4 @@
+### YamlMime: ContextObject
+brand: windows
+breadcrumb_path: ../breadcrumb/toc.yml
+toc_rel: ../toc.yml
\ No newline at end of file
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index e03de452cb..31420e8890 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -6,8 +6,8 @@ ms.localizationpriority: medium
 author: frankroj
 manager: aaroncz
 ms.author: frankroj
-ms.topic: article
-ms.date: 05/09/2024
+ms.topic: conceptual
+ms.date: 08/16/2024
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -25,6 +25,10 @@ The Windows PE (WinPE) boot images that are included with the Windows ADK have a
 
 Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
 
+> [!TIP]
+>
+> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative update to address the BlackLotus UEFI bootkit vulnerability.
+
 This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
 
 ## Prerequisites
@@ -78,6 +82,10 @@ This walkthrough describes how to customize a Windows PE boot image including up
 
 1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"<year>-<month> cumulative update for windows <x>"` where `year` is the four-digit current year, `<month>` is the two-digit current month, and `<x>` is the version of Windows that Windows PE is based on. Make sure to include the quotes (`"`). For example, to search for the latest cumulative update for Windows 11 in August 2023, use the search term `"2023-08 cumulative update for Windows 11"`, again making sure to include the quotes. If the cumulative update hasn't been released yet for the current month, then search for the previous month.
 
+    > [!TIP]
+    >
+    > The boot images in the **ADK 10.1.25398.1 (September 2023)** are based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
+
 1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
 
 1. Store the downloaded cumulative update in a known location for later use, for example `C:\Updates`.
@@ -662,6 +670,10 @@ This step doesn't update or change the boot image. However, it makes sure that t
 
 In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
 
+> [!TIP]
+>
+> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative update to address the BlackLotus UEFI bootkit vulnerability.
+
 > [!NOTE]
 >
 > **Microsoft Configuration Manager** and **Windows Deployment Services (WDS)** automatically extract the bootmgr boot files from the boot images when the boot images are updated in these products. They don't use the bootmgr boot files from the Windows ADK.
@@ -902,7 +914,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
 
 ## Step 13: Update boot image in products that utilize it (if applicable)
 
-After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the product(s) that utilize the boot image. The following links contain information on how to update the boot image for several popular products that utilize boot images:
+After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the products that utilize the boot image. The following links contain information on how to update the boot image for several popular products that utilize boot images:
 
 - [Microsoft Configuration Manager](#updating-the-boot-image-in-configuration-manager)
 - [Microsoft Deployment Toolkit (MDT)](#updating-the-boot-image-and-boot-media-in-mdt)
@@ -1112,10 +1124,10 @@ For more information, see [wdsutil stop-server](/windows-server/administration/w
 
 In the following boot image replacement scenario for WDS:
 
-- The boot image modified as part of this guide is outside of the `<RemoteInstall>` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK
-- An existing boot image in WDS is being replaced with the updated boot image
+- The boot image modified as part of this guide is outside of the `<RemoteInstall>` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK.
+- An existing boot image in WDS is being replaced with the updated boot image.
 
-then follow these steps to update the boot image in WDS:
+Follow these steps to update the boot image in WDS:
 
 1. Replace the existing boot image in WDS with the modified boot image using the following command lines:
 
@@ -1194,7 +1206,7 @@ In the following boot image scenario for WDS:
 - The boot image modified as part of this guide is outside of the `<RemoteInstall>` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK
 - The updated boot image is being added as a new boot image in WDS
 
-then follow these steps to add the boot image in WDS:
+Follow these steps to add the boot image in WDS:
 
 1. Add the updated boot image to WDS using the following command lines:
 
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 4fde853386..7ed31ba53c 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,17 +1,15 @@
 ---
 title: Deploy Windows Enterprise licenses
 description: Steps to deploy Windows Enterprise licenses for Windows Enterprise E3 or E5 subscription activation, or for Windows Enterprise E3 in CSP.
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
+ms.reviewer: nganguly
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
+ms.subservice: activation
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.collection:
-  - highpri
-  - tier2
-ms.date: 03/04/2024
+ms.date: 9/03/2024
 zone_pivot_groups: windows-versions-11-10
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -493,9 +491,12 @@ When a device has been offline for an extended period of time, the Subscription
 - [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
 
 - [Windows Store for Business, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
+     > [!NOTE]
+     > The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
 
 Although the app ID is the same in both instances, the name of the cloud app depends on the tenant.
 
+
 For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
 
 <!-- 8605089 -->
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index c2a4d9ce76..d125b76faf 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -6,7 +6,7 @@ description: Learn about deploying Windows with Microsoft 365 and how to use a f
 ms.service: windows-client
 ms.localizationpriority: medium
 author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.date: 02/13/2024
 ms.subservice: itpro-deploy
 appliesto:
diff --git a/windows/deployment/deploy-windows-cm/TOC.yml b/windows/deployment/deploy-windows-cm/TOC.yml
deleted file mode 100644
index 13d898e1b5..0000000000
--- a/windows/deployment/deploy-windows-cm/TOC.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-- name: Deploy Windows 10 with Microsoft Configuration Manager
-  items: 
-    - name: Prepare for Windows 10 deployment with Configuration Manager
-      items: 
-        - name: Prepare for Zero Touch Installation with Configuration Manager
-          href: prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
-        - name: Create a custom Windows PE boot image with Configuration Manager
-          href: create-a-custom-windows-pe-boot-image-with-configuration-manager.md
-        - name: Add a Windows 10 operating system image using Configuration Manager
-          href: add-a-windows-10-operating-system-image-using-configuration-manager.md
-        - name: Create an application to deploy with Windows 10 using Configuration Manager
-          href: create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
-        - name: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
-          href: add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
-        - name: Create a task sequence with Configuration Manager and MDT
-          href: create-a-task-sequence-with-configuration-manager-and-mdt.md
-        - name: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
-          href: finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
-    - name: Deploy Windows 10 with Configuration Manager
-      items: 
-        - name: Deploy Windows 10 using PXE and Configuration Manager
-          href: deploy-windows-10-using-pxe-and-configuration-manager.md
-        - name: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
-          href: refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
-        - name: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
-          href: replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
-        - name: Perform an in-place upgrade to Windows 10 using Configuration Manager
-          href: upgrade-to-windows-10-with-configuration-manager.md
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
deleted file mode 100644
index c5ed56316b..0000000000
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: Add a Windows 10 operating system image using Configuration Manager
-description: Operating system images are typically the production image used for deployment throughout the organization.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Add a Windows 10 operating system image using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-Operating system images are typically the production image used for deployment throughout the organization. This article shows you how to add a Windows 10 operating system image created with Microsoft Configuration Manager, and how to distribute the image to a distribution point.
-
-## Infrastructure
-
-For the purposes of this guide, we'll use one server computer: CM01.
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
-- CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
-
-An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-> [!IMPORTANT]
-> The procedures in this article require a reference image. Our reference images is named **REFW10-X64-001.wim**. If you have not already created a reference image, then perform all the steps in [Create a Windows 10 reference image](../deploy-windows-mdt/create-a-windows-10-reference-image.md) on CM01, replacing MDT01 with CM01. The final result will be a reference image located in the D:\MDTBuildLab\Captures folder that you can use for the procedure below.
-
-## Add a Windows 10 operating system image
-
- On **CM01**:
-
-1. Using File Explorer, in the **`D:\Sources\OSD\OS`** folder, create a subfolder named **Windows 10 Enterprise x64 RTM**.
-
-2. Copy the `REFW10-X64-001.wim` file to the **`D:\Sources\OSD\OS\Windows 10 Enterprise x64 RTM`** folder.
-
-    ![figure 17.](../images/ref-image.png)
-
-    The Windows 10 image being copied to the Sources folder structure.
-
-3. Using the Configuration Manager Console, in the **Software Library** workspace, right-click **Operating System Images**, and select **Add Operating System Image**.
-
-4. On the **Data Source** page, in the **Path:** text box, browse to **`\\CM01\Sources$\OSD\OS\Windows 10 Enterprise x64 RTM\REFW10-X64-001.wim`**, select x64 next to Architecture and choose a language, then select **Next**.
-
-5. On the **General** page, assign the name Windows 10 Enterprise x64 RTM, select **Next** twice, and then select **Close**.
-
-6. Distribute the operating system image to the CM01 distribution point by right-clicking the **Windows 10 Enterprise x64 RTM** operating system image and then clicking **Distribute Content**.
-
-7. In the Distribute Content Wizard, add the CM01 distribution point, select **Next** and select **Close**.
-
-8. View the content status for the Windows 10 Enterprise x64 RTM package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the `D:\Program Files\Microsoft Configuration Manager\Logs\distmgr.log` file and look for the **STATMSG: ID=2301** line.
-
-    ![figure 18.](../images/fig18-distwindows.png)
-
-    The distributed Windows 10 Enterprise x64 RTM package.
-
-Next, see [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
deleted file mode 100644
index 40fdcea0df..0000000000
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
-description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-In this article, you'll learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it's likely you'll have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
-
-For the purposes of this guide, we'll use one server computer: CM01.
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
-
- An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-## Add drivers for Windows PE
-
-This section will show you how to import some network and storage drivers for Windows PE.
-
-> [!NOTE]
-> Windows PE usually has a fairly comprehensive set of drivers out of the box, assuming that you are using a recent version of the Windows ADK. This is different than the full Windows OS which will often require drivers. You shouldn't add drivers to Windows PE unless you've an issue or are missing functionality, and in these cases you should only add the driver that you need.  An example of a common driver that is added is the Intel I217 driver. Adding too many drivers can cause conflicts and lead to driver bloat in the Config Mgr database. This section shows you how to add drivers, but typically you can just skip this procedure.
-
-This section assumes you've downloaded some drivers to the **`D:\Sources\OSD\DriverSources\WinPE x64`** folder on CM01.
-
-![Drivers.](../images/cm01-drivers.png)
-
-Driver folder structure on CM01
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Software Library** workspace, expand **Operating Systems**, right-click the **Drivers** node and select **Import Driver**.
-
-2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **`\\CM01\Sources$\OSD\DriverSources\WinPE x64`** folder and select **Next**.
-
-3. On the **Specify the details for the imported driver** page, select **Categories**, create a category named **WinPE x64**, and then select **Next**.
-
-4. On the **Select the packages to add the imported driver** page, select **Next**.
-
-5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image and select **Next**.
-
-6. In the popup window that appears, select **Yes** to automatically update the distribution point.
-
-7. Select **Next**, wait for the image to be updated, and then select **Close**.
-
-  ![Add drivers to Windows PE step 1.](../images/fig21-add-drivers1.png)<br>
-  ![Add drivers to Windows PE step 2.](../images/fig21-add-drivers2.png)<br>
-  ![Add drivers to Windows PE step 3.](../images/fig21-add-drivers3.png)<br>
-  ![Add drivers to Windows PE step 4.](../images/fig21-add-drivers4.png)
-
-  Add drivers to Windows PE
-
-## Add drivers for Windows 10
-
-This section illustrates how to add drivers for Windows 10 using the HP EliteBook 8560w as an example. Use the HP Image Assistant from the [HP Client Management Solutions site](https://hp.com/go/clientmanagement).
-
-For the purposes of this section, we assume that you've downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the **D:\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w** folder on CM01.
-
-![Drivers in Windows.](../images/cm01-drivers-windows.png)
-
-Driver folder structure on CM01
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Software Library** workspace, expand **Operating Systems**, right-click the **Drivers** node and select **Import Driver**.
-
-2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **`\\CM01\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w`** folder and select **Next**. Wait a minute for driver information to be validated.
-
-3. On the **Specify the details for the imported driver** page, select **Categories**, create a category named **Windows 10 x64 - HP EliteBook 8560w**, select **OK**, and then select **Next**.
-
-    ![Create driver categories.](../images/fig22-createcategories.png "Create driver categories")
-
-    Create driver categories
-
-4. On the **Select the packages to add the imported driver** page, select **New Package**, use the following settings for the package, and then select **Next**:
-
-    - Name: Windows 10 x64 - HP EliteBook 8560w
-    - Path: **`\\CM01\Sources$\OSD\DriverPackages\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w`**
-
-    > [!NOTE]
-    > The package path does not yet exist so it has to be created by typing it in. The wizard will create the new package using the path you specify.
-
-5. On the **Select drivers to include in the boot image** page, don't select anything, and select **Next** twice. After the package has been created, select **Close**.
-
-    > [!NOTE]
-    > If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
-  
-    ![Drivers imported and a new driver package created.](../images/cm01-drivers-packages.png "Drivers imported and a new driver package created")
-  
-    Drivers imported and a new driver package created
-
-Next, see [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
deleted file mode 100644
index da7c70c515..0000000000
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ /dev/null
@@ -1,112 +0,0 @@
----
-title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Configuration Manager.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Create a custom Windows PE boot image with Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-In Microsoft Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This article shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
-
-- The boot image that is created is based on the version of ADK that is installed.
-
-For the purposes of this guide, we'll use one server computer: CM01.
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
-
- An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-## Add DaRT 10 files and prepare to brand the boot image
-
-The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you don't wish to add DaRT, skip the steps below to copy DaRT tools, and later skip adding the DaRT component to the boot image.
-
-We assume you've downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you've created a custom background image and saved it in **`C:\Setup\Branding`** on CM01. In this section, we use a custom background image named [ContosoBackground.png](../images/ContosoBackground.png)
-
-On **CM01**:
-
-1. Install DaRT 10 (**`C:\\Setup\\DaRT 10\\MSDaRT100.msi`**) using the default settings.
-
-2. Using File Explorer, navigate to the **`C:\Program Files\Microsoft DaRT\v10`** folder.
-
-3. Copy the Toolsx64.cab file to the **`C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64`** folder.
-
-4. Copy the Toolsx86.cab file to the **`C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86`** folder.
-
-5. Using File Explorer, navigate to the **`C:\Setup`** folder.
-
-6. Copy the **Branding** folder to **`D:\Sources\OSD`**.
-
-## Create a boot image for Configuration Manager using the MDT wizard
-
-By using the MDT wizard to create the boot image in Configuration Manager, you gain more options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard.
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**.
-
-2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, enter **`\\CM01\Sources$\OSD\Boot\Zero Touch WinPE x64`** and select **Next**.
-
-    > [!NOTE]
-    > The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
-
-3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and select **Next**.
-
-4. On the **Options** page, select the **x64** platform, and select **Next**.
-
-5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box and select **Next**.
-
-    ![Add the DaRT component to the Configuration Manager boot image.](../images/mdt-06-fig16.png "Add the DaRT component to the Configuration Manager boot image")
-
-    Add the DaRT component to the Configuration Manager boot image.
-
-    >Note: Another common component to add here is Windows PowerShell to enable PowerShell support within Windows PE.
-
-6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **`\\CM01\Sources$\OSD\Branding\ContosoBackground.bmp`** and then select **Next** twice. Wait a few minutes while the boot image is generated, and then select **Finish**.
-
-7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
-
-8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
-
-9. Using Configuration Manager Trace, review the `D:\Program Files\Microsoft Configuration Manager\Logs\distmgr.log` file. Don't continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **Monitoring** > **Overview** > **Distribution Status** > **Content Status** > **Zero Touch WinPE x64**. See the following examples:
-
-    ![Content status for the Zero Touch WinPE x64 boot image step 1.](../images/fig16-contentstatus1.png)<br>
-    ![Content status for the Zero Touch WinPE x64 boot image step 2.](../images/fig16-contentstatus2.png)
-
-    Content status for the Zero Touch WinPE x64 boot image
-
-10. Using the Configuration Manager Console, in the **Software Library** workspace, under **Boot Images**, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
-
-11. On the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and select **OK**.
-
-12. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: **Expanding PS100009 to D:\\RemoteInstall\\SMSImages**.
-
-13. Review the **D:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS100009) is from your new boot image with DaRT. See the examples below:
-
-    ![PS100009 step 1.](../images/ps100009-1.png)<br>
-    ![PS100009 step 2.](../images/ps100009-2.png)
-
->Note: Depending on your infrastructure and the number of packages and boot images present, the Image ID might be a different number than PS100009.
-
-Next, see [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md). 
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
deleted file mode 100644
index af5baf8233..0000000000
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ /dev/null
@@ -1,158 +0,0 @@
----
-title: Create a task sequence with Configuration Manager (Windows 10)
-description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Create a task sequence with Configuration Manager and MDT
-
-*Applies to:*
-
-- Windows 10
-
-In this article, you'll learn how to create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
-
-For the purposes of this guide, we'll use one server computer: CM01.
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
-
- An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). Note: Active Directory [permissions](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md#configure-active-directory-permissions) for the **CM_JD** account are required for the task sequence to work properly.
-
-## Create a task sequence using the MDT Integration Wizard
-
-This section walks you through the process of creating a Configuration Manager task sequence for production use.
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
-
-2. On the **Choose Template** page, select the **Client Task Sequence** template and select **Next**.
-
-3. On the **General** page, assign the following settings and then select **Next**:
-    - Task sequence name: Windows 10 Enterprise x64 RTM
-    - Task sequence comments: Production image with Office 365 Pro Plus x64
-
-4. On the **Details** page, assign the following settings and then select **Next**:
-    - Join a Domain
-    - Domain: contoso.com
-        - Account: contoso\\CM\_JD
-        - Password: pass@word1
-    - Windows Settings
-        - User name: Contoso
-        - Organization name: Contoso
-        - Product key: *\<blank\>*
-
-5. On the **Capture Settings** page, accept the default settings, and select **Next**.
-
-6. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then select **Next**.
-
-7. On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, enter **`\\CM01\Sources$\OSD\MDT\MDT`**. Then select **Next**.
-
-8. On the **MDT Details** page, assign the name **MDT** and select **Next**.
-
-9. On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then select **Next**.
-
-10. On the **Deployment Method** page, accept the default settings (Zero Touch installation) and select **Next**.
-
-11. On the **Client Package** page, browse and select the **Microsoft Corporation Configuration Manager Client Package** and select **Next**.
-
-12. On the **USMT Package** page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package and select **Next**.
-
-13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, enter **`\\CM01\Sources$\OSD\Settings\Windows 10 x64 Settings`** and select **Next**.
-
-14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and select **Next**.
-
-15. On the **Sysprep Package** page, select **Next** twice.
-
-16. On the **Confirmation** page, select **Finish**.
-
-## Edit the task sequence
-
-After you create the task sequence, we recommend that you configure the task sequence for an optimal deployment experience. The configurations include enabling support for Unified Extensible Firmware Interface (UEFI), dynamic organizational unit (OU) allocation, computer replace scenarios, and more.
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Software Library** workspace, expand **Operating Systems**, select **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Edit**.
-
-2. In the **Post Install** group, select **Apply Network Settings**, and configure the **Domain OU** value to use the **Contoso / Computers / Workstations** OU (browse for values).
-
-3. In the **Post Install** group, disable the **Auto Apply Drivers** action. (Disabling is done by selecting the action and, in the **Options** tab, selecting the **Disable this step** check box.)
-
-4. After the disabled **Post Install / Auto Apply Drivers** action, add a new group name: **Drivers**.
-
-5. After the **Post Install / Drivers** group, add an **Apply Driver Package** action with the following settings:
-
-    - Name: HP EliteBook 8560w
-    - Driver Package: Windows 10 x64 - HP EliteBook 8560w
-    - Options tab - Add Condition: Task Sequence Variable: Model equals HP EliteBook 8560w
-
-    > [!NOTE]
-    > You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%'
-
-    ![Driver package options.](../images/fig27-driverpackage.png "Driver package options")
-
-    The driver package options
-
-6. In the **State Restore / Install Applications** group, select the **Install Application** action.
-
-7. Select the **Install the following applications** radio button, and add the OSD / Adobe Reader DC - OSD Install application to the list.
-
-    ![Add an application to the task sequence.](../images/fig28-addapp.png "Add an application to the task sequence")
-
-    Add an application to the Configuration Manager task sequence
-
-    > [!NOTE]
-    > In recent versions of Configuration Manager the Request State Store and Release State Store actions described below are present by default. These actions are used for common computer replace scenarios. There's also the additional condition on the options tab: USMTOfflineMigration not equals TRUE.  If these actions are not present, try updating to the latest Configuration Manager current branch release.
-
-8. In the **State Restore** group, after the **Set Status 5** action, verify there's a **User State \ Request State Store** action with the following settings:
-
-    - Request state storage location to: Restore state from another computer
-    - If computer account fails to connect to state store, use the Network Access account: selected
-    - Options: Continue on error
-    - Options / Add Condition:
-      - Task Sequence Variable
-      - USMTLOCAL not equals True
-
-9. In the **State Restore** group, after the **Restore User State** action, verify there's a **Release State Store** action with the following settings:
-    - Options: Continue on error
-    - Options / Condition:
-      - Task Sequence Variable
-      - USMTLOCAL not equals True
-
-10. Select **OK**.
-
-## Organize your packages (optional)
-
-If desired, you can create a folder structure for packages. This folder structure is purely for organizational purposes and is useful if you need to manage a large number of packages.
-
-To create a folder for packages:
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Software Library** workspace, expand **Application Management**, and then select **Packages**.
-
-2. Right-click **Packages**, point to **Folder**, select **Create Folder** and create the OSD folder. This process will create the Root \ OSD folder structure.
-
-3. Select the **MDT**, **User State Migration Tool for Windows**, and **Windows 10 x64 Settings** packages, right-click and select **Move**.
-
-4. In the **Move Selected Items** dialog box, select the **OSD** folder, and select **OK**.
-
-Next, see [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](../deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](../deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](../deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](../deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](../deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](../deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](../deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
deleted file mode 100644
index 7159edcbe3..0000000000
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ /dev/null
@@ -1,93 +0,0 @@
----
-title: Create an app to deploy with Windows 10 using Configuration Manager
-description: Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Create an application to deploy with Windows 10 using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Configuration Manager that you later configure the task sequence to use.
-
-For the purposes of this guide, we'll use one server computer: CM01.
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-
-> [!NOTE]
-> The [reference image](add-a-windows-10-operating-system-image-using-configuration-manager.md) used in this lab already contains some applications, such as Microsoft Office 365 Pro Plus x64. The procedure demonstrated in this article enables you to add some additional custom applications beyond those included in the reference image.
-
-## Example: Create the Adobe Reader application
-
-On **CM01**:
-
-1. Create the **`D:\Setup`** folder if it doesn't already exist.
-
-2. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (ex: AcroRdrDC2000620034_en_US.exe) to **`D:\Setup\Adobe`** on CM01. The filename will differ depending on the version of Acrobat Reader.
-
-3. Extract the .exe file that you downloaded to a .msi. The source folder will differ depending on where you downloaded the file. See the following example:
-
-    ```powershell
-    Set-Location C:\Users\administrator.CONTOSO\Downloads
-    .\AcroRdrDC2000620034_en_US.exe -sfx_o"d:\Setup\Adobe\" -sfx_ne
-    ```
-  
-    > [!NOTE]
-    > The extraction process will create the "Adobe" folder.
-
-4. Using File Explorer, copy the **`D:\Setup\Adobe`** folder to the **`D:\Sources\Software\Adobe`** folder.
-
-5. In the Configuration Manager Console, in the **Software Library** workspace, expand **Application Management**.
-
-6. Right-click **Applications**, point to **Folder** and then select **Create Folder**. Assign the name **OSD**.
-
-7. Right-click the **OSD** folder, and select **Create Application**.
-
-8. In the Create Application Wizard, on the **General** page, use the following settings:
-
-    - Automatically detect information about this application from installation files
-    - Type: Windows Installer (\*.msi file)
-    - Location: `\\CM01\Sources$\Software\Adobe\AcroRead.msi`
-
-    ![The Create Application Wizard.](../images/mdt-06-fig20.png "The Create Application Wizard")
-
-    The Create Application Wizard
-
-9. Select **Next**, and wait while Configuration Manager parses the MSI file.
-
-10. On the **Import Information** page, review the information and then select **Next**.
-
-11. On the **General Information** page, name the application Adobe Acrobat Reader DC - OSD Install, select **Next** twice, and then select **Close**.
-
-    > [!NOTE]
-    > Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
-  
-    ![Add the OSD Install suffix to the application name.](../images/mdt-06-fig21.png "Add the OSD Install suffix to the application name")
-  
-    Add the "OSD Install" suffix to the application name
-
-12. In the **Applications** node, select the Adobe Reader - OSD Install application, and select **Properties** on the ribbon bar (this path is another place to view properties, you can also right-click and select properties).
-
-13. On the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and select **OK**.
-
-Next, see [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
deleted file mode 100644
index 648a274ad0..0000000000
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ /dev/null
@@ -1,111 +0,0 @@
----
-title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
-description: In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Deploy Windows 10 using PXE and Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences. This article will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this article.
-
-This article assumes that you've completed the following prerequisite procedures:
-
-- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
-- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
-
-For the purposes of this guide, we'll use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001).
-
-- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS).
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
-
-  - CM01 is also running WDS that will be required to start PC0001 via PXE.
-
-    > [!NOTE]
-    > Ensure that only CM01 is running WDS.
-
-- PC0001 is a client computer that is blank, or has an operating system that will be erased and replaced with Windows 10. The device must be configured to boot from the network.
-
-> [!NOTE]
-> If desired, PC0001 can be a VM hosted on the server HV01, which is a Hyper-V host computer that we used previously to build a Windows 10 reference image. However, if PC0001 is a VM then you must ensure it has sufficient resources available to run the Configuration Manager OSD task sequence. 2GB of RAM or more is recommended.  
-
-All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-
-All server and client computers referenced in this guide are on the same subnet. This connection isn't required. But each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the `contoso.com` domain. Internet connectivity is also required to download OS and application updates.
-
-> [!NOTE]
-> No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
-
-## Procedures
-
-1. Start the PC0001 computer. At the Pre-Boot Execution Environment (PXE) boot menu, press **Enter** to allow it to PXE boot.
-
-2. On the **Welcome to the Task Sequence Wizard** page, enter in the password **pass\@word1** and select **Next**.
-
-3. On the **Select a task sequence to run** page, select **Windows 10 Enterprise x64 RTM** and select **Next**.
-
-4. On the **Edit Task Sequence Variables** page, double-click the **OSDComputerName** variable, and in the **Value** field, enter **PC0001** and select **OK**. Then select **Next**.
-
-5. The operating system deployment will take several minutes to complete.
-
-6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then select **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following steps:
-
-    - Install the Windows 10 operating system.
-    - Install the Configuration Manager client and the client hotfix.
-    - Join the computer to the domain.
-    - Install the application added to the task sequence.
-
-    > [!NOTE]
-    > You also can use the built-in reports to get information about ongoing deployments. For example, a task sequence report gives you a quick overview of the task sequence progress.
-
-    ![MDT monitoring.](../images/pc0001-monitor.png)
-
-    Monitoring the deployment with MDT.
-
-7. When the deployment is finished you'll have a domain-joined Windows 10 computer with the Adobe Reader application installed as well as the applications that were included in the reference image, such as Office 365 Pro Plus.
-
-Examples are provided below of various stages of deployment:
-
-![pc0001a.](../images/pc0001a.png)<br>
-![pc0001b.](../images/pc0001b.png)<br>
-![pc0001c.](../images/pc0001c.png)<br>
-![pc0001d.](../images/pc0001d.png)<br>
-![pc0001e.](../images/pc0001e.png)<br>
-![pc0001f.](../images/pc0001f.png)<br>
-![pc0001g.](../images/pc0001g.png)<br>
-![pc0001h.](../images/pc0001h.png)<br>
-![pc0001i.](../images/pc0001i.png)<br>
-![pc0001j.](../images/pc0001j.png)<br>
-![pc0001k.](../images/pc0001k.png)<br>
-![pc0001l.](../images/pc0001l.png)<br>
-![pc0001m.](../images/pc0001m.png)<br>
-![pc0001n.](../images/pc0001n.png)
-
-Next, see [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
deleted file mode 100644
index 4929876f5a..0000000000
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ /dev/null
@@ -1,172 +0,0 @@
----
-title: Finalize operating system configuration for Windows 10 deployment
-description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-This article walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enabling optional MDT monitoring for Configuration Manager, logs folder settings, rules configuration, content distribution, and deployment of the previously created task sequence.
-
-For the purposes of this guide, we'll use one server computer: CM01.
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
-
- An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-## Enable MDT monitoring
-
-This section will walk you through the process of creating the **`D:\MDTProduction`** deployment share using the MDT Deployment Workbench to enable monitoring for Configuration Manager.
-
-On **CM01**:
-
-1. Open the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
-
-    - Deployment share path: D:\\MDTProduction
-    - Share name: MDTProduction$
-    - Deployment share description: MDT Production
-    - Options: *\<default settings\>*
-
-2. Right-click the **MDT Production** deployment share, and select **Properties**. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and select **OK**.
-
-    ![Enable MDT monitoring for Configuration Manager.](../images/mdt-06-fig31.png)
-
-    Enable MDT monitoring for Configuration Manager
-
-## Configure the Logs folder
-
-The D:\Logs folder was [created previously](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md?#review-the-sources-folder-structure) and SMB permissions were added. Next, we'll add NTFS folder permissions for the Configuration Manager Network Access Account (CM_NAA), and enable server-side logging by modifying the CustomSettings.ini file used by the Configuration Manager task sequence.
-
-On **CM01**:
-
-1. To configure NTFS permissions using `icacls.exe`, enter the following command at an elevated Windows PowerShell prompt:
-
-    ```cmd
-    icacls.exe D:\Logs /grant '"CM_NAA":(OI)(CI)(M)'
-    ```
-
-2. Using File Explorer, navigate to the **`D:\Sources\OSD\Settings\Windows 10 x64 Settings`** folder.
-
-3. To enable server-side logging, edit the `CustomSetting.ini` file with `Notepad.exe` and enter the following settings:
-
-    ```ini
-   [Settings]
-   Priority=Default
-   Properties=OSDMigrateConfigFiles,OSDMigrateMode
-
-   [Default]
-   DoCapture=NO
-   ComputerBackupLocation=NONE
-   MachineObjectOU=ou=Workstations,ou=Computers,ou=Contoso,dc=contoso,dc=com
-   OSDMigrateMode=Advanced
-   OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
-   OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
-   SLSHARE=\\CM01\Logs$
-   EventService=http://CM01:9800
-   ApplyGPOPack=NO
-   ```
-
-   ![Settings package during deployment.](../images/fig30-settingspack.png)
-
-   The Settings package, holding the rules and the `Unattend.xml` template used during deployment
-
-4. In the Configuration Manager console, update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. Select **OK** in the popup dialog box.
-
-   > [!NOTE]
-   > Although you haven't yet added a distribution point, you still need to select Update Distribution Points. This process also updates the Configuration Manager content library with changes.
-
-## Distribute content to the CM01 distribution portal
-
-In Configuration Manager, you can distribute all packages needed by a task sequence in a single task. In this section, you distribute packages that haven't yet been distributed to the CM01 distribution point.
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems** and select **Task Sequences**. Right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Distribute Content**.
-
-2. In the Distribute Content Wizard, select **Next** twice then on the **Specify the content destination** page add the Distribution Point: **CM01.CONTOSO.COM**, and then complete the wizard.
-
-3. Using the CMTrace tool, verify the distribution to the CM01 distribution point by reviewing the `distmgr.log` file, or use the Distribution Status / Content Status option in the Monitoring workspace. Don't continue until you see all the new packages being distributed successfully.
-
-   ![Content status.](../images/cm01-content-status1.png)
-
-   Content status
-
-## Create a deployment for the task sequence
-
-This section provides steps to help you create a deployment for the task sequence.
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems** and select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** and then select **Deploy**.
-
-2. In the Deploy Software Wizard, on the **General** page, select the **All Unknown Computers** collection and select **Next**.
-
-3. On the **Deployment Settings** page, use the below settings and then select **Next**:
-
-   - Purpose: Available
-   - Make available to the following: Only media and PXE
-
-   ![Configure the deployment settings.](../images/mdt-06-fig33.png)
-
-   Configure the deployment settings
-
-4. On the **Scheduling** page, accept the default settings and select **Next**.
-
-5. On the **User Experience** page, accept the default settings and select **Next**.
-
-6. On the **Alerts** page, accept the default settings and select **Next**.
-
-7. On the **Distribution Points** page, accept the default settings, select **Next** twice, and then select **Close**.
-
-   ![Task sequence deployed.](../images/fig32-deploywiz.png)
-
-   The Windows 10 Enterprise x64 RTM task sequence deployed to the All Unknown Computers collections available for media and PXE
-
-## Configure Configuration Manager to prompt for the computer name during deployment (optional)
-
-You can have Configuration Manager prompt you for a computer name or you can use rules to generate a computer name. For more information on how to do this step, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
-
-This section provides steps to help you configure the All Unknown Computers collection to have Configuration Manager prompt for computer names.
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Asset and Compliance** workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**.
-
-2. On the **Collection Variables** tab, create a new variable with the following settings:
-
-   - Name: OSDComputerName
-   - Clear the **Do not display this value in the Configuration Manager console** check box.
-
-3. Select **OK**.
-
-   > [!NOTE]
-   > Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
-
-   ![Configure a collection variable.](../images/mdt-06-fig35.png)
-  
-   Configure a collection variable
-
-Next, see [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
deleted file mode 100644
index 42526dd62d..0000000000
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ /dev/null
@@ -1,430 +0,0 @@
----
-title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
-description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: how-to
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-This article walks you through the Zero Touch Installation (ZTI) process of Windows 10 OS deployment using Microsoft Configuration Manager [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
-
-## Prerequisites
-
-In this article, you'll use [components](#components-of-configuration-manager-operating-system-deployment) of an existing Configuration Manager infrastructure to prepare for Windows 10 OSD. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
-
-- Configuration Manager current branch + all security and critical updates are installed.
-
-    > [!NOTE]
-    > Procedures in this guide use Configuration Manager version 1910. For more information about the versions of Windows 10 supported by  Configuration Manager, see [Support for Windows 10](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
-
-- The [Active Directory Schema has been extended](/mem/configmgr/core/plan-design/network/extend-the-active-directory-schema) and System Management container created.
-
-- Active Directory Forest Discovery and Active Directory System Discovery are [enabled](/mem/configmgr/core/servers/deploy/configure/configure-discovery-methods).
-
-- IP range [boundaries and a boundary group](/mem/configmgr/core/servers/deploy/configure/define-site-boundaries-and-boundary-groups) for content and site assignment have been created.
-
-- The Configuration Manager [reporting services](/mem/configmgr/core/servers/manage/configuring-reporting) point role has been added and configured.
-
-- A file system folder structure and Configuration Manager console folder structure for packages has been created. Steps to verify or create this folder structure are [provided below](#review-the-sources-folder-structure).
-
-- The [Windows ADK](/windows-hardware/get-started/adk-install) version that is [supported for the version of Configuration Manager](/mem/configmgr/core/plan-design/configs/support-for-windows-adk) that is installed, including the Windows PE add-on. USMT should be installed as part of the Windows ADK install.
-
-- [MDT](https://www.microsoft.com/download/details.aspx?id=54259) version 8456
-
-- DaRT 10 (part of [MDOP 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015)) are installed.
-
-- The [CMTrace tool](/configmgr/core/support/cmtrace) (cmtrace.exe) is installed on the distribution point.
-
-  > [!NOTE]
-  > CMTrace is automatically installed with the current branch of Configuration Manager at **`Program Files\Microsoft Configuration Manager\tools\cmtrace.exe`**.
-
-For the purposes of this guide, we'll use three server computers: DC01, CM01 and HV01.
-
-- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
-- HV01 is a Hyper-V host computer that is used to build a Windows 10 reference image. This computer doesn't need to be a domain member.
-
-All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used. 
-
-All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
-
-### Domain credentials
-
-The following generic credentials are used in this guide. You should replace these credentials as they appear in each procedure with your credentials.
-
-- **Active Directory domain name**: `contoso.com`
-- **Domain administrator username**: `administrator`
-- **Domain administrator password**: `pass@word1`
-
-## Create the OU structure
-
-> [!NOTE]
-> If you've already [created the OU structure](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md#create-the-ou-structure) that was used in the OSD guide for MDT, the same structure is used here and you can skip this section.
-
-On **DC01**:
-
-To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. The procedure below uses Windows PowerShell.
-
-To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1`. Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
-
-```powershell
-$oulist = Import-csv -Path c:\oulist.txt
-ForEach($entry in $oulist){
-    $ouname = $entry.ouname
-    $oupath = $entry.oupath
-    New-ADOrganizationalUnit -Name $ouname -Path $oupath -WhatIf
-    Write-Host -ForegroundColor Green "OU $ouname is created in the location $oupath"
-}
-```
-
-Next, copy the following list of OU names and paths into a text file and save it as **C:\Setup\Scripts\oulist.txt**
-
-```text
-OUName,OUPath
-Contoso,"DC=CONTOSO,DC=COM"
-Accounts,"OU=Contoso,DC=CONTOSO,DC=COM"
-Computers,"OU=Contoso,DC=CONTOSO,DC=COM"
-Groups,"OU=Contoso,DC=CONTOSO,DC=COM"
-Admins,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
-Service Accounts,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
-Users,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
-Servers,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
-Workstations,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
-Security Groups,"OU=Groups,OU=Contoso,DC=CONTOSO,DC=COM"
-```
-
-Lastly, open an elevated Windows PowerShell prompt on DC01 and run the ou.ps1 script:
-
-```powershell
-Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
-Set-Location C:\Setup\Scripts
-.\ou.ps1
-```
-
-## Create the Configuration Manager service accounts
-
-A role-based model is used to configure permissions for the service accounts needed for operating system deployment in Configuration Manager. Perform the following steps to create the Configuration Manager **join domain** and **network access** accounts:
-
-On **DC01**:
-
-1. In the Active Directory Users and Computers console, browse to **contoso.com** > **Contoso** > **Service Accounts**.
-
-2. Select the Service Accounts OU and create the CM\_JD account using the following settings:
-
-    - Name: CM\_JD
-    - User sign-in name: CM\_JD
-    - Password: `pass@word1`
-    - User must change password at next logon: Clear
-    - User can't change password: Selected
-    - Password never expires: Selected
-
-3. Repeat the step, but for the CM\_NAA account.
-
-4. After creating the accounts, assign the following descriptions:
-
-    - CM\_JD: Configuration Manager Join Domain Account
-    - CM\_NAA: Configuration Manager Network Access Account
-
-## Configure Active Directory permissions
-
-In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain, you need to configure permissions in Active Directory. These steps assume you've downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to `C:\Setup\Scripts` on DC01.
-
-On **DC01**:
-
-1. Sign in as contoso\administrator and enter the following commands at an elevated Windows PowerShell prompt:
-
-   ```powershell
-   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
-   Set-Location C:\Setup\Scripts
-   .\Set-OUPermissions.ps1 -Account CM_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
-   ```
-
-2. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following list is that of permissions being granted:
-
-   - Scope: This object and all descendant objects
-   - Create Computer objects
-   - Delete Computer objects
-   - Scope: Descendant Computer objects
-   - Read All Properties
-   - Write All Properties
-   - Read Permissions
-   - Modify Permissions
-   - Change Password
-   - Reset Password
-   - Validated write to DNS host name
-   - Validated write to service principal name
-
-## Review the Sources folder structure
-
-On **CM01**:
-
-To support the packages you create in this article, the following folder structure should be created on the Configuration Manager primary site server (CM01):
-
-- D:\\Sources
-- D:\\Sources\\OSD
-- D:\\Sources\\OSD\\Boot
-- D:\\Sources\\OSD\\DriverPackages
-- D:\\Sources\\OSD\\DriverSources
-- D:\\Sources\\OSD\\MDT
-- D:\\Sources\\OSD\\OS
-- D:\\Sources\\OSD\\Settings
-- D:\\Sources\\OSD\\Branding
-- D:\\Sources\\Software
-- D:\\Sources\\Software\\Adobe
-- D:\\Sources\\Software\\Microsoft
-- D:\\Logs
-
-> [!NOTE]
-> In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server.
-
-You can run the following commands from an elevated Windows PowerShell prompt to create this folder structure:
-
-```powershell
-New-Item -ItemType Directory -Path "D:\Sources"
-New-Item -ItemType Directory -Path "D:\Sources\OSD"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\Boot"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\DriverPackages"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\DriverSources"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\OS"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\Settings"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\Branding"
-New-Item -ItemType Directory -Path "D:\Sources\OSD\MDT"
-New-Item -ItemType Directory -Path "D:\Sources\Software"
-New-Item -ItemType Directory -Path "D:\Sources\Software\Adobe"
-New-Item -ItemType Directory -Path "D:\Sources\Software\Microsoft"
-New-SmbShare -Name Sources$ -Path D:\Sources -FullAccess "NT AUTHORITY\INTERACTIVE", "BUILTIN\Administrators"
-New-Item -ItemType Directory -Path "D:\Logs"
-New-SmbShare -Name Logs$ -Path D:\Logs -ChangeAccess EVERYONE
-```
-
-## Integrate Configuration Manager with MDT
-
-To extend the Configuration Manager console with MDT wizards and templates, install MDT with the default settings and run the **Configure ConfigManager Integration** desktop app. In these steps, we assume you've already [downloaded MDT](https://www.microsoft.com/download/details.aspx?id=54259) and installed it with default settings.
-
-On **CM01**:
-
-1. Sign in as contoso\administrator.
-
-2. Ensure the Configuration Manager Console is closed before continuing.
-
-3. Select Start, type **Configure ConfigManager Integration**, and run the application with the following settings:
-
-   - Site Server Name: CM01.contoso.com
-   - Site code: PS1
-
-![figure 8.](../images/mdt-06-fig08.png)
-
-MDT integration with Configuration Manager.
-
-## Configure the client settings
-
-Most organizations want to display their name during deployment. In this section, you configure the default Configuration Manager client settings with the Contoso organization name.
-
-On **CM01**:
-
-1. Open the Configuration Manager Console, select the **Administration** workspace, then select **Client Settings**.
-
-2. In the right pane, right-click **Default Client Settings** and then select **Properties**.
-
-3. In the **Computer Agent** node, in the **Organization name displayed in Software Center** text box, enter in **Contoso** and select **OK**.
-
-![figure 9.](../images/mdt-06-fig10.png)
-
-Configure the organization name in client settings.
-
-![figure 10.](../images/fig10-contosoinstall.png)
-
-The Contoso organization name displayed during deployment.
-
-## Configure the Network Access account
-
-Configuration Manager uses the Network Access account during the Windows 10 deployment process to access content on the distribution points. In this section, you configure the Network Access account.
-
-On **CM01**:
-
-1. Using the Configuration Manager Console, in the **Administration** workspace, expand **Site Configuration** and select **Sites**.
-
-2. Right-click **PS1 - Primary Site 1**, point to **Configure Site Components**, and then select **Software Distribution**.
-
-3. On the **Network Access Account** tab, select **Specify the account that accesses network locations** and add the account **CONTOSO\\CM\_NAA** as the Network Access account (password: **pass@word1**). Use the new **Verify** option to verify that the account can connect to the **`\\DC01\sysvol`** network share.
-
-![figure 11.](../images/mdt-06-fig12.png)
-
-Test the connection for the Network Access account.
-
-## Enable PXE on the CM01 distribution point
-
-Configuration Manager has many options for starting a deployment, but starting via PXE is certainly the most flexible in a large environment. In this section, you enable PXE on the CM01 distribution point.
-
-On **CM01**:
-
-1. In the Configuration Manager Console, in the **Administration** workspace, select **Distribution Points**.
-
-2. Right-click the **\\\\CM01.CONTOSO.COM distribution point** and select **Properties**.
-
-3. On the **PXE** tab, use the following settings:
-
-    - Enable PXE support for clients
-    - Allow this distribution point to respond to incoming PXE requests
-    - Enable unknown computer
-    - Require a password when computers use PXE
-    - Password and Confirm password: pass@word1
-
-    ![figure 12.](../images/mdt-06-fig13.png)
-
-    Configure the CM01 distribution point for PXE.
-
-    > [!NOTE]
-    > If you select **Enable a PXE responder without Windows Deployment Service**, then WDS won't be installed, or if it's already installed it will be suspended, and the **ConfigMgr PXE Responder Service** (**SccmPxe**) will be used instead of WDS. The ConfigMgr PXE Responder doesn't support multicast. For more information, see [Install and configure distribution points](/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_config-pxe).
-
-4. Using the CMTrace tool, review the **`C:\Program Files\Microsoft Configuration Manager\Logs\distmgr.log`** file. Look for the **ConfigurePXE** and **CcmInstallPXE** lines.
-
-    ![figure 13.](../images/mdt-06-fig14.png)
-
-    The `distmgr.log` displays a successful configuration of PXE on the distribution point.
-
-5. Verify that you've seven files in each of the folders **`D:\RemoteInstall\SMSBoot\x86`** and **`D:\RemoteInstall\SMSBoot\x64`**.
-
-    ![figure 14.](../images/mdt-06-fig15.png)
-
-    The contents of the D:\\RemoteInstall\\SMSBoot\\x64 folder after you enable PXE.
-
-    > [!NOTE]
-    > These files are used by WDS. They aren't used by the ConfigMgr PXE Responder. This article doesn't use the ConfigMgr PXE Responder.
-
-Next, see [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md).
-
-## Components of Configuration Manager operating system deployment
-
-Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are more components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which isn't used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
-
-- **State migration point (SMP).** The state migration point is used to store user state migration data during computer replace scenarios.
-
-- **Distribution point (DP).** The distribution point is used to store all packages in Configuration Manager, including the operating system deployment-related packages.
-
-- **Software update point (SUP).** The software update point, which is normally used to deploy updates to existing machines, also can be used to update an operating system as part of the deployment process. You also can use offline servicing to update the image directly on the Configuration Manager server.
-
-- **Reporting services point.** The reporting services point can be used to monitor the operating system deployment process.
-
-- **Boot images.** Boot images are the Windows Preinstallation Environment (Windows PE) images Configuration Manager uses to start the deployment.
-
-- **Operating system images.** The operating system image package contains only one file, the custom .wim image. This image is typically the production deployment image.
-
-- **Operating system installers.** The operating system installers were originally added to create reference images using Configuration Manager. Instead, we recommend that you use MDT Lite Touch to create your reference images. For more information on how to create a reference image, see [Create a Windows 10 reference image](../deploy-windows-mdt/create-a-windows-10-reference-image.md).
-
-- **Drivers.** Like MDT Lite Touch, Configuration Manager also provides a repository (catalog) of managed device drivers.
-
-- **Task sequences.** The task sequences in Configuration Manager look and feel much like the sequences in MDT Lite Touch, and they're used for the same purpose. However, in Configuration Manager, the task sequence is delivered to the clients as a policy via the Management Point (MP). MDT provides more task sequence templates to Configuration Manager.
-
-    > [!NOTE]
-    > The Windows Assessment and Deployment Kit (ADK) for Windows 10 is also required to support management and deployment of Windows 10.
-
-## Why integrate MDT with Configuration Manager
-
-As noted above, MDT adds many enhancements to Configuration Manager. While these enhancements are called Zero Touch, that name doesn't reflect how deployment is conducted. The following sections provide a few samples of the 280 enhancements that MDT adds to Configuration Manager.
-
-> [!NOTE]
-> MDT installation requires the following:
->
-> - The Windows ADK for Windows 10 (installed in the previous procedure)
-> - Windows PowerShell ([version 5.1](https://www.microsoft.com/download/details.aspx?id=54616) is recommended; type **$host** to check)
-> - Microsoft .NET Framework
-
-### MDT enables dynamic deployment
-
-When MDT is integrated with Configuration Manager, the task sequence processes more instructions from the MDT rules. In its most simple form, these settings are stored in a text file, the `CustomSettings.ini` file, but you can store the settings in Microsoft SQL Server databases, or have Microsoft Visual Basic Scripting Edition (VBScripts) or web services provide the settings used.
-
-The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. Here are a few examples:
-
-- The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is an HP EliteBook 8570w. You don't have to add the package to the task sequence.
-
-    ```ini
-    [Settings] 
-    Priority=Model
-    [HP EliteBook 8570w] 
-    Packages001=PS100010:Install HP Hotkeys
-    ```
-
-- The following settings instruct the task sequence to put laptops and desktops in different organizational units (OUs) during deployment, assign different computer names, and finally have the task sequence install the Cisco VPN client, but only if the machine is a laptop.
-
-    ```ini
-    [Settings]
-    Priority= ByLaptopType, ByDesktopType
-    [ByLaptopType]
-    Subsection=Laptop-%IsLaptop%
-    [ByDesktopType]
-    Subsection=Desktop-%IsDesktop%
-    [Laptop-True]
-    Packages001=PS100012:Install Cisco VPN Client
-    OSDComputerName=LT-%SerialNumber%
-    MachineObjectOU=ou=laptops,ou=Contoso,dc=contoso,dc=com
-    [Desktop-True]
-    OSDComputerName=DT-%SerialNumber%
-    MachineObjectOU=ou=desktops,ou=Contoso,dc=contoso,dc=com
-    ```
-
-![figure 2.](../images/fig2-gather.png)
-
-The Gather action in the task sequence is reading the rules.
-
-### MDT adds an operating system deployment simulation environment
-
-When testing a deployment, it's important to be able to quickly test any changes you make to the deployment without needing to run through an entire deployment. MDT rules can be tested quickly, saving significant testing time in a deployment project. For more information, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
-
-![figure 3.](../images/mdt-06-fig03.png)
-
-The folder that contains the rules, a few scripts from MDT, and a custom script (Gather.ps1).
-
-### MDT adds real-time monitoring
-
-With MDT integration, you can follow your deployments in real time, and if you've access to Microsoft Diagnostics and Recovery Toolkit (DaRT), you can even remote into Windows Preinstallation Environment (Windows PE) during deployment. The real-time monitoring data can be viewed from within the MDT Deployment Workbench, via a web browser, Windows PowerShell, the Event Viewer, or Microsoft Excel 2013. In fact, any script or app that can read an Open Data (OData) feed can read the information.
-
-![figure 4.](../images/mdt-06-fig04.png)
-
-View the real-time monitoring data with PowerShell.
-
-### MDT adds an optional deployment wizard
-
-For some deployment scenarios, you may need to prompt the user for information during deployment such as the computer name, the correct organizational unit (OU) for the computer, or which applications should be installed by the task sequence. With MDT integration, you can enable the User-Driven Installation (UDI) wizard to gather the required information, and customize the wizard using the UDI Wizard Designer.
-
-![figure 5.](../images/mdt-06-fig05.png)
-
-The optional UDI wizard opens in the UDI Wizard Designer.
-
-MDT Zero Touch simply extends Configuration Manager with many useful built-in operating system deployment components. By providing well-established, supported solutions, MDT reduces the complexity of deployment in Configuration Manager.
-
-### Why use MDT Lite Touch to create reference images
-
-You can create reference images for Configuration Manager in Configuration Manager, but in general it is recommended to create them in MDT Lite Touch for the following reasons:
-
-- You can use the same image for every type of operating system deployment - Microsoft Virtual Desktop Infrastructure (VDI), Microsoft System Center Virtual Machine Manager (VMM), MDT, Configuration Manager, Windows Deployment Services (WDS), and more.
-
-- Configuration Manager performs deployment in the LocalSystem context, which means that you can't configure the Administrator account with all of the settings that you would like to be included in the image. MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
-
-- The Configuration Manager task sequence suppresses user interface interaction.
-
-- MDT Lite Touch supports a Suspend action that allows for reboots, which is useful when you need to perform a manual installation or check the reference image before it's automatically captured.
-
-- MDT Lite Touch doesn't require any infrastructure and is easy to delegate.
-
-## Related articles
-
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)\
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)\
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)\
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)\
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)\
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)\
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)\
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
deleted file mode 100644
index 19bb081501..0000000000
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ /dev/null
@@ -1,150 +0,0 @@
----
-title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
-description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-This article will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation.
-
-A computer refresh with Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager has the following steps:
-
-1. Data and settings are backed up locally in a backup folder.
-2. The partition is wiped, except for the backup folder.
-3. The new operating system image is applied.
-4. Other applications are installed.
-5. Data and settings are restored.
-
-## Infrastructure
-
-An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-For the purposes of this article, we'll use one server computer (CM01) and one client computer (PC0003).
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
-
-- PC0003 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be refreshed to Windows 10.
-
-> [!NOTE]
-> If desired, PC0003 can be a VM hosted on the server HV01, which is a Hyper-V host computer that we used previously to build a Windows 10 reference image. However, if PC0003 is a VM then you must ensure it has sufficient resources available to run the Configuration Manager OSD task sequence. 2GB of RAM or more is recommended.
-
-All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-
-All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
-
-> [!IMPORTANT]
-> This article assumes that you have [configured Active Directory permissions](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md#configure-active-directory-permissions) in the specified OU for the **CM_JD** account, and the client's Active Directory computer account is in the **Contoso** > **Computers** > **Workstations** OU. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed.
-
-## Verify the Configuration Manager client settings
-
-To verify that PC003 is correctly assigned to the PS1 site:
-
-On **PC0003**:
-
-1. Open the Configuration Manager control panel (`control.exe smscfgrc`).
-
-2. On the **Site** tab, select **Configure Settings**, then select **Find Site**.
-
-3. Verify that Configuration Manager has successfully found a site to manage this client is displayed. See the following example.
-
-![Found a site to manage this client.](../images/pc0003a.png)
-
-## Create a device collection and add the PC0003 computer
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Asset and Compliance** workspace, expand **Overview**, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
-
-   - General
-     - Name: Install Windows 10 Enterprise x64
-     - Limited Collection: All Systems
-   - Membership rules
-     - Add Rule: Direct rule
-        - Resource Class: System Resource
-        - Attribute Name: Name
-        - Value: PC0003
-   - Select Resources
-     - Select **PC0003**
-
-    Use the default settings to complete the remaining wizard pages and select **Close**.
-
-2. Review the Install Windows 10 Enterprise x64 collection. Don't continue until you see the PC0003 machine in the collection.
-
-    > [!NOTE]
-    > It may take a short while for the collection to refresh; you can view progress via the `Colleval.log` file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership.
-
-## Create a new deployment
-
-On **CM01**:
-
-Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the below settings:
-
-- General
-  - Collection: Install Windows 10 Enterprise x64
-- Deployment Settings
-  - Purpose: Available
-  - Make available to the following: Configuration Manager clients, media and PXE
-
-    > [!NOTE]
-    > It's not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
-
-- Scheduling
-  - *\<default\>*
-- User Experience
-  - *\<default\>*
-- Alerts
-  - *\<default\>*
-- Distribution Points
-  - *\<default\>*
-
-## Initiate a computer refresh
-
-Now you can start the computer refresh on PC0003.
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Assets and Compliance** workspace, select the **Install Windows 10 Enterprise x64** collection, right-click **PC0003**, point to **Client Notification**, select **Download Computer Policy**, and then select **OK** in the popup dialog box that appears.
-
-On **PC0003**:
-
-1. Open the Software Center (select Start and type **Software Center**, or select the **New software is available** balloon in the system tray), select **Operating Systems** and select the **Windows 10 Enterprise x64 RTM** deployment, then select **Install**.
-
-2. In the **Software Center** warning dialog box, select **Install Operating System**.
-
-3. The client computer will run the Configuration Manager task sequence, boot into Windows PE, and install the new OS and applications. See the following examples:
-
-![Task sequence example 1.](../images/pc0003b.png)<br>
-![Task sequence example 2.](../images/pc0003c.png)<br>
-![Task sequence example 3.](../images/pc0003d.png)<br>
-![Task sequence example 4.](../images/pc0003e.png)<br>
-![Task sequence example 5.](../images/pc0003f.png)<br>
-![Task sequence example 6.](../images/pc0003g.png)<br>
-![Task sequence example 7.](../images/pc0003h.png)<br>
-![Task sequence example 8.](../images/pc0003i.png)<br>
-![Task sequence example 9.](../images/pc0003j.png)<br>
-![Task sequence example 10.](../images/pc0003k.png)
-
-Next, see [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md).
-
-## Related articles
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
deleted file mode 100644
index b13078046f..0000000000
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ /dev/null
@@ -1,231 +0,0 @@
----
-title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
-description: In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.
-
-In this article, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006.
-
-## Infrastructure
-
-An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-For the purposes of this article, we'll use one server computer (CM01) and two client computers (PC0004, PC0006).
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
-  - Important: CM01 must include the **[State migration point](/configmgr/osd/get-started/manage-user-state#BKMK_StateMigrationPoint)** role for the replace task sequence used in this article to work.
-
-- PC0004 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be replaced.
-
-- PC0006 is a domain member client computer running Windows 10, with the Configuration Manager client installed, that will replace PC0004.
-
-> [!NOTE]
-> PC0004 and PC006 can be VMs hosted on the server HV01, which is a Hyper-V host computer that we used previously to build a Windows 10 reference image. However, the VMs must have sufficient resources available to run the Configuration Manager OSD task sequence. 2GB of RAM or more is recommended.
-
-All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-
-All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
-
-> [!IMPORTANT]
-> This article assumes that you have [configured Active Directory permissions](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md#configure-active-directory-permissions) in the specified OU for the **CM_JD** account, and the client's Active Directory computer account is in the **Contoso > Computers > Workstations** OU. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed.
-
-## Create a replace task sequence
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
-
-2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and select **Next**.
-
-3. On the **General** page, assign the following settings and select **Next**:
-
-   - Task sequence name: Replace Task Sequence
-   - Task sequence comments: USMT backup only
-
-4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then select **Next**.
-
-5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then select **Next**.
-
-6. On the **USMT Package** page, browse and select the **OSD / Microsoft Corporation User State Migration Tool for Windows** package. Then select **Next**.
-
-7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then select **Next**.
-
-8. On the **Summary** page, review the details and then select **Next**.
-
-9. On the **Confirmation** page, select **Finish**.
-
-10. Review the Replace Task Sequence.
-
-    > [!NOTE]
-    > This task sequence has many fewer actions than the normal client task sequence. If it doesn't seem different, make sure you selected the **Client Replace Task Sequence** template when creating the task sequence.
-
-![The back-up only task sequence.](../images/mdt-06-fig42.png "The back-up only task sequence")
-
-The backup-only task sequence (named Replace Task Sequence).
-
-## Associate the new device with the old computer
-
-This section walks you through the process of associating a new, blank device (PC0006), with an existing computer (PC0004), for replacing PC0004 with PC0006. PC0006 can be either a physical or virtual machine.
-
-On **HV01** (if PC0006 is a VM) or in the PC0006 BIOS:
-
-1. Make a note of the MAC address for PC0006. (If PC0006 is a virtual machine, you can see the MAC Address in the virtual machine settings.) In our example, the PC0006 MAC Address is 00:15:5D:0A:6A:96. Don't attempt to PXE boot PC0006 yet.
-
-On **CM01**:
-
-1. When you're using the Configuration Manager console, in the **Assets and Compliance** workspace, right-click **Devices**, and then select **Import Computer Information**.
-
-2. On the **Select Source** page, select **Import single computer** and select **Next**.
-
-3. On the **Single Computer** page, use the following settings and then select **Next**:
-
-    - Computer Name: PC0006
-    - MAC Address: *\<the mac address that you wrote down*\>
-    - Source Computer: PC0004
-
-    ![Create the computer association.](../images/mdt-06-fig43.png "Create the computer association")
-
-    Creating the computer association between PC0004 and PC0006.
-
-4. On the **User Accounts** page, select **Capture and restore all user accounts** and select **Next**.
-
-5. On the **Data Preview** page, select **Next**.
-
-6. On the **Choose additional collections** page, select **Add** and then select the **Install Windows 10 Enterprise x64** collection. Now, select the checkbox next to the Install Windows 10 Enterprise x64 collection you just added, and then select **Next**.
-
-7. On the **Summary** page, select **Next**, and then select **Close**.
-
-8. Select the **User State Migration** node and review the computer association in the right hand pane.
-
-9. Right-click the **PC0004/PC0006** association and select **View Recovery Information**. A recovery key has been assigned already, but a user state store location hasn't.
-
-10. Review the **Install Windows 10 Enterprise x64** collection. Don't continue until you see the **PC0006** computer in the collection. You might have to update membership and refresh the collection again.
-
-## Create a device collection and add the PC0004 computer
-
-On **CM01**:
-
-1. When you're using the Configuration Manager console, in the **Asset and Compliance** workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
-
-    - General
-      - Name: USMT Backup (Replace)
-      - Limited Collection: All Systems
-    - Membership rules:
-      - Add Rule: Direct rule
-        - Resource Class: System Resource
-        - Attribute Name: Name
-        - Value: PC0004
-        - Select Resources:
-          - Select **PC0004**
-
-    Use default settings for the remaining wizard pages, then select **Close**.
-
-2. Review the **USMT Backup (Replace)** collection. Don't continue until you see the **PC0004** computer in the collection.
-
-## Create a new deployment
-
-On **CM01**:
-
-Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Replace Task Sequence**, and then select **Deploy**. Use the following settings:
-
-- General
-  - Collection: USMT Backup (Replace)
-- Deployment Settings
-  - Purpose: Available
-  - Make available to the following: Only Configuration Manager Clients
-- Scheduling
-  - *\<default*\>
-- User Experience
-  - *\<default*\>
-- Alerts
-  - *\<default*\>
-- Distribution Points
-  - *\<default*\>
-
-## Verify the backup
-
-This section assumes that you have a computer named PC0004 with the Configuration Manager client installed.
-
-On **PC0004**:
-
-1. If it's not already started, start the PC0004 computer and open the Configuration Manager control panel (**`control.exe smscfgrc`**).
-2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and then select **OK** in the popup dialog box that appears.
-
-    > [!NOTE]
-    > You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
-
-3. Open the Software Center, select the **Replace Task Sequence** deployment and then select **Install**.
-
-4. Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
-
-5. Allow the Replace Task Sequence to complete. The PC0004 computer will gather user data, boot into Windows PE and gather more data, then boot back to the full OS. The entire process should only take a few minutes.
-
-![Task sequence example.](../images/pc0004b.png)
-
-Capturing the user state
-
-On **CM01**:
-
-1. Open the state migration point storage folder (ex: D:\Migdata) and verify that a subfolder was created containing the USMT backup.
-
-2. Using the Configuration Manager console, in the **Assets and Compliance** workspace, select the **User State Migration** node, right-click the **PC0004/PC0006** association, and select **View Recovery Information**. The object now also has a user state store location.
-
-    > [!NOTE]
-    > It may take a few minutes for the user state store location to be populated.
-
-## Deploy the new computer
-
-On **PC0006**:
-
-1. Start the PC0006 virtual machine (or physical computer), press **F12** to Pre-Boot Execution Environment (PXE) boot when prompted. Allow it to boot Windows Preinstallation Environment (Windows PE), and then complete the deployment wizard using the following settings:
-
-    - Password: pass@word1
-    - Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM
-
-2. The setup now starts and does the following steps:
-
-    - Installs the Windows 10 operating system
-    - Installs the Configuration Manager client
-    - Joins it to the domain
-    - Installs the applications
-    - Restores the PC0004 backup
-
-When the process is complete, you'll have a new Windows 10 computer in your domain with user data and settings restored. See the following examples:
-
-![User data and setting restored example 1.](../images/pc0006a.png)<br>
-![User data and setting restored example 2.](../images/pc0006b.png)<br>
-![User data and setting restored example 3.](../images/pc0006c.png)<br>
-![User data and setting restored example 4.](../images/pc0006d.png)<br>
-![User data and setting restored example 5.](../images/pc0006e.png)<br>
-![User data and setting restored example 6.](../images/pc0006f.png)<br>
-![User data and setting restored example 7.](../images/pc0006g.png)<br>
-![User data and setting restored example 8.](../images/pc0006h.png)<br>
-![User data and setting restored example 9.](../images/pc0006i.png)
-
-Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuration-manager.md).
-
-## Related articles
-
-- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-- [Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)
-- [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-- [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
deleted file mode 100644
index bddc7bf6cb..0000000000
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ /dev/null
@@ -1,158 +0,0 @@
----
-title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Configuration Manager task sequence.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/27/2022
----
-
-# Perform an in-place upgrade to Windows 10 using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Configuration Manager task sequence to completely automate the process.
-
-> [!IMPORTANT]
-> Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must be removed from a device before performing an in-place upgrade to Windows 10.
-
-## Infrastructure
-
-An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-For the purposes of this article, we'll use one server computer (CM01) and one client computer (PC0004).
-
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
-- PC0004 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be upgraded to Windows 10.
-
-All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-
-All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required. But each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the `contoso.com` domain. Internet connectivity is also required to download OS and application updates.
-
-## Add an OS upgrade package
-
-Configuration Manager Current Branch includes a native in-place upgrade task. This task sequence differs from the MDT in-place upgrade task sequence in that it doesn't use a default OS image, but rather uses an [OS upgrade package](/configmgr/osd/get-started/manage-operating-system-upgrade-packages).
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and select **Add Operating System Upgrade Package**.
-
-2. On the **Data Source** page, under **Path**, select **Browse** and enter the UNC path to your media source. In this example, we've extracted the Windows 10 installation media to **`\\cm01\Sources$\OSD\UpgradePackages\Windows 10`**.
-
-3. If you have multiple image indexes in the installation media, select **Extract a specific image index from install.wim...** and choose the image index you want from the dropdown menu. In this example, we've chosen **Windows 10 Enterprise**.
-
-4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then select **Next**.
-
-5. Next to **Name**, enter **Windows 10 x64 RTM** and then complete the wizard by clicking **Next** and **Close**.
-
-6. Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
-
-7. In the Distribute Content Wizard, add the CM01 distribution point, select **Next** and select **Close**.
-
-8. View the content status for the Windows 10 x64 RTM upgrade package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the **`D:\Program Files\Microsoft Configuration Manager\Logs\distmgr.log`** file and look for the **STATMSG: ID=2301** line.
-
-## Create an in-place upgrade task sequence
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create Task Sequence**.
-
-2. On the **Create a new task sequence** page, select **Upgrade an operating system from an upgrade package** and select **Next**.
-
-3. Use the below settings to complete the wizard:
-
-   - Task sequence name: Upgrade Task Sequence
-   - Description: In-place upgrade
-   - Upgrade package: Windows 10 x64 RTM
-   - Include software updates: Don't install any software updates
-   - Install applications: OSD \ Adobe Acrobat Reader DC
-
-4. Complete the wizard, and select **Close**.
-
-5. Review the Upgrade Task Sequence.
-
-![The upgrade task sequence.](../images/cm-upgrade-ts.png)
-
-The Configuration Manager upgrade task sequence
-
-## Create a device collection
-
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0004 computer running Windows 7 SP1, with the Configuration Manager client installed.
-
-On **CM01**:
-
-1. When you're using the Configuration Manager console, in the **Asset and Compliance** workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
-    - General
-        - Name: Windows 10 x64 in-place upgrade
-        - Limited Collection: All Systems
-    - Membership rules:
-        - Direct rule
-            - Resource Class: System Resource
-            - Attribute Name: Name
-            - Value: PC0004
-        - Select Resources
-          - Select PC0004
-
-2. Review the Windows 10 x64 in-place upgrade collection. Don't continue until you see PC0004 in the collection.
-
-## Deploy the Windows 10 upgrade
-
-In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
-
-On **CM01**:
-
-1. Using the Configuration Manager console, in the **Software Library** workspace, right-click the **Upgrade Task Sequence** task sequence, and then select **Deploy**.
-
-2. On the **General** page, browse and select the **Windows 10 x64 in-place upgrade** collection, and then select **Next**.
-
-3. On the **Content** page, select **Next**.
-
-4. On the **Deployment Settings** page, select **Next**:
-
-5. On the **Scheduling** page, accept the default settings, and then select **Next**.
-
-6. On the **User Experience** page, accept the default settings, and then select **Next**.
-
-7. On the **Alerts** page, accept the default settings, and then select **Next**.
-
-8. On the **Distribution Points** page, accept the default settings, and then select **Next**.
-
-9. On the **Summary** page, select **Next**, and then select **Close**.
-
-## Start the Windows 10 upgrade
-
-Next, run the in-place upgrade task sequence on PC0004.
-
-On **PC0004**:
-
-1. Open the Configuration Manager control panel (`control.exe smscfgrc`).
-
-2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and then select **OK** in the popup dialog box that appears.
-
-    > [!NOTE]
-    > You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
-
-3. Open the Software Center, select the **Upgrade Task Sequence** deployment and then select **Install**.
-
-4. Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
-
-5. Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the **Operating System Upgrade Package** (the Windows installation source files), perform an in-place upgrade, and install your added applications. See the following examples:
-
-![Upgrade task sequence example 1.](../images/pc0004-a.png)<br>
-![Upgrade task sequence example 2.](../images/pc0004-b.png)<br>
-![Upgrade task sequence example 3.](../images/pc0004-c.png)<br>
-![Upgrade task sequence example 4.](../images/pc0004-d.png)<br>
-![Upgrade task sequence example 5.](../images/pc0004-e.png)<br>
-![Upgrade task sequence example 6.](../images/pc0004-f.png)<br>
-![Upgrade task sequence example 7.](../images/pc0004-g.png)
-
-## Related articles
-
-- [Windows 10 deployment scenarios](../windows-deployment-scenarios.md).
-- [Configuration Manager Team blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/bg-p/ConfigurationManagerBlog).
diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index f0d64329cb..fe1b2a0cf3 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -11,10 +11,12 @@
     href: waas-delivery-optimization-faq.yml    
   - name: Configure Delivery Optimization for Windows
     items:
-    - name: Set up Delivery Optimization for Windows
-      href: waas-delivery-optimization-setup.md
+    - name: Delivery Optimization configuration considerations
+      href: delivery-optimization-configure.md
     - name: Monitor Delivery Optimization for Windows
       href: waas-delivery-optimization-monitor.md
+    - name: Troubleshoot Delivery Optimization
+      href: delivery-optimization-troubleshoot.md
     - name: Configure Delivery Optimization settings using Microsoft Intune
       href: /mem/intune/configuration/delivery-optimization-windows
   - name: Resources for Delivery Optimization
@@ -27,8 +29,6 @@
       href: delivery-optimization-proxy.md
     - name: Testing Delivery Optimization
       href: delivery-optimization-test.md
-    - name: Delivery Optimization Troubleshooter
-      href: https://aka.ms/do-fix
 - name: Microsoft Connected Cache
   items:
     - name: What is Microsoft Connected Cache?
diff --git a/windows/deployment/do/delivery-optimization-configure.md b/windows/deployment/do/delivery-optimization-configure.md
new file mode 100644
index 0000000000..cfe43ce385
--- /dev/null
+++ b/windows/deployment/do/delivery-optimization-configure.md
@@ -0,0 +1,243 @@
+---
+title: Configure Delivery Optimization for Windows
+description: In this article, learn about the different configuration considerations to optimize Delivery Optimization (DO) in your environment.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+author: cmknox
+ms.author: carmenf
+ms.reviewer: mstewart
+manager: aaroncz
+ms.collection:
+  - tier3
+  - essentials-get-started
+ms.localizationpriority: medium
+appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
+ms.date: 07/23/2024
+---
+
+# Configure Delivery Optimization (DO) for Windows
+
+This article describes the different configuration considerations to optimize Delivery Optimization (DO) in your environment.
+
+## Delivery Optimization set up considerations
+
+Use this checklist to guide you through different aspects when modifying Delivery Optimization configurations for your environment.
+
+1. Prerequisites to allow Delivery Optimization communication
+1. Evaluate Delivery Optimization policies based on the following items:
+
+    * Network topology
+    * Organization size
+    * System resources
+    * Improve P2P efficiencies
+  
+1. Using Connected Cache (MCC)
+1. Choose where to set Delivery Optimization policies
+
+## 1. Prerequisites to allow Delivery Optimization communication
+
+:::image type="content" source="images/do-setup-allow-communication.png" alt-text="Screenshot of the considerations to allow Delivery Optimization communication." lightbox="images/do-setup-allow-communication.png":::
+
+Delivery Optimization (DO) is used to download Microsoft content from different sources (HTTP source, peers, and/or dedicated cache solution). It requires communication between the DO client and services to find the best and most reliable sources of content. For this technology to work, the DO client running on the Windows device must be able to reach the DO cloud service.
+
+Find out more about the requirements for Firewall, Proxy, and Port settings to enable Delivery Optimization communication.
+
+### Firewall
+
+There are service endpoints that you need to permit through your Firewall to communicate with the Delivery Optimization service. Check the [full list](waas-delivery-optimization-faq.yml#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization) of endpoints to permit.
+
+### Proxy
+
+To allow peer-to-peer (P2P) to work properly, you need to allow direct calls to the Delivery Optimization service from your devices. When using a proxy, you want to bypass calls from the Delivery Optimization service (*.prod.do.dsp.mp.microsoft.com).
+
+#### Local proxy
+
+For downloads from HTTP sources, Delivery Optimization can use the automatic proxy discovery capability of WinHttp to handle communication with the proxy server. It's important to know that Delivery Optimization uses byte range requests, so you'll want to make sure your proxy allows this capability. [Learn more](delivery-optimization-proxy.md) about using Delivery Optimization with a proxy server.
+
+#### Cloud proxy
+
+ If you're using a cloud proxy, the calls to the DO service are funneled through your cloud proxy and the public IP address of the devices is altered, preventing P2P from working properly. To avoid any issues, you should configure it to allow Delivery Optimization traffic to [bypass the proxy](waas-delivery-optimization-faq.yml#what-is-the-recommended-configuration-for-delivery-optimization-used-with-cloud-proxies). Otherwise, you may experience reduced performance and increased bandwidth consumption.
+
+### Ports
+
+Delivery Optimization requires the use of certain ports to deliver content. Make sure all the [required ports](waas-delivery-optimization-faq.yml#which-ports-does-delivery-optimization-use) are open to make Delivery Optimization work seamlessly.
+
+| Port    | Protocol | Function          |
+|---------|-------------------|----------|
+| 7680    | TCP/IP | Listen for P2P using TCP/IP |
+| 3544    | UDP | Use Teredo to discover and connect to peers across NATs. For more information, see the [Teredo documentation](/windows/win32/teredo/required-firewall-exceptions-for-teredo). |
+| 443     | HTTPS / TLS 1.2 | Use to communicate Delivery Optimization client and service |
+
+## 2. Evaluate Delivery Optimization policies
+
+There are a range of [Delivery Optimization settings](waas-delivery-optimization-reference.md) available to meet the needs of your environment. To fully leverage Delivery Optimization, you should focus on key areas to determine the most suitable settings for your unique environment.
+
+### 2a. Network topology
+
+:::image type="content" source="images/do-setup-network-topology.png" alt-text="Screenshot of Delivery Optimization network topology considerations." lightbox="images/do-setup-network-topology.png":::
+
+Peer groups can be defined in Delivery Optimization using a combination of settings such as [DODownloadMode](waas-delivery-optimization-reference.md#download-mode), [DOGroupID](waas-delivery-optimization-reference.md#group-id), [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids), and [DORestrictPeerSelection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection). *The combination of settings used depends on your desired peer group(s) and your network topology.*
+
+#### Peering setup options
+
+Delivery Optimization can use P2P to help improve bandwidth efficiencies. The section outlines the different options available to define peer groups for your environment.
+
+##### Local area network (LAN)
+
+To define a peer group limited to your LAN, choose [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) (1), LAN-mode. This download mode setting includes any devices that share the same public IP address when they connect to the Internet (behind the same NAT) in a single peer group.
+
+> [!NOTE]
+> Consider using Group download mode and/or limiting peer selection to the subnet if your network topology is a Hub and Spoke.
+
+##### Wide area network (WAN)
+
+To achieve peer groups across NATs within the same site, over the WAN, or to have more control in your local environment, use download mode '2', Group-mode. Group download mode allows you to define a unique GUID Group ID or use existing logical groupings (for example, AD Site) in your enterprise with the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) setting to identify a peer group.
+
+##### GroupIDSource default behavior
+
+There are several options for identifying your Group ID using the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids). The default behavior, when the [DOGroupID](waas-delivery-optimization-reference.md#group-id) or [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids)  policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2), or Microsoft Entra tenant ID (5). [Learn more](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) about all DOGroupIDSource available options.
+
+> [!NOTE]
+> If your peer group spans across NATs, the Teredo service will be used on port 3544.
+>
+> For Configuration Manager users, we recommend leveraging existing [boundary groups](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization) to define the peer groups.
+
+##### Restrict peer selection
+
+If your environment requires a more granular approach, you can use the restrict peer discovery setting alongside the download mode to achieve more control. For example, if you have several different subnets behind the same NAT but want to limit your peer groups to a single subnet, choose [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) (1) and [DORestrictPeerSelection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection) (Subnet). This setting can be used with any of the peer-related download modes (1, 2, or 3).
+
+#### Nonpeering options
+
+There are two valid download modes that don't use P2P functionality to deliver content; download modes (0) and (99). Download mode (0) uses additional metadata provided by the Delivery Optimization services for a peerless, reliable, and efficient download experience. Download mode (99) will provide a reliable download experience over HTTP from the download's original source or Microsoft, with no other checks.
+
+#### Peering with VPN
+
+By default, if Delivery Optimization detects a VPN, peering isn't used. To change this behavior, use the [DOAllowVPNPeerCaching](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. The Delivery Optimization client looks in the network adapter's 'Description' and 'FriendlyName' strings to determine VPN usage. To allow greater flexibility for VPN identification, use the [DOVpnKeywords](waas-delivery-optimization-reference.md#vpn-keywords) to add descriptors for a particular VPN you use in your organization.
+
+> [!NOTE]
+> The default keyword list is "VPN", "Secure", and "Virtual Private Network". For example, "MYVPN" matches the "VPN" keyword and would be detected as a VPN connection.
+
+### 2b. Organization size
+
+:::image type="content" source="images/do-setup-org-size.png" alt-text="Screenshot of optimizing P2P usage for your organization." lightbox="images/do-setup-org-size.png":::
+
+Delivery Optimization is designed to perform best in a large-scale environment with many devices. Depending on the size of the environment, you should evaluate the value of the [DOMinFileSizeToCache](waas-delivery-optimization-reference.md#minimum-peer-caching-content-file-size) to optimize peering.
+
+#### Minimum file size to cache
+
+Content peering has a limited number of slots available at any given time. By default, only content files that are 50 MB or larger can be used for peering. In an environment with more than 30 devices, change the [DOMinFileSizeToCache](waas-delivery-optimization-reference.md#minimum-peer-caching-content-file-size) to a lower value (10 MB), to have more content available for peering, which can be distributed among many devices. For an even larger number of devices (>100), you can raise this setting to (1 MB).
+
+#### Mobile devices
+
+By default, P2P capabilities aren't enabled for devices using a battery. If there are many mobile devices in your environment, consider enabling the [DOMinBatteryPercentageAllowedToUpload](waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) policy to 60%, to use peering while on battery.
+
+### 2c. System resources
+
+:::image type="content" source="images/do-setup-system-resources.png" alt-text="Screenshot of Delivery Optimization system resources considerations." lightbox="images/do-setup-system-resources.png":::
+
+There are some Delivery Optimization configurations that can make an impact when various system resources are available.
+
+#### Disk size
+
+Alter the minimum disk size (default is 32 GB) a device must have to use peering with the [DOMinDiskSizeAllowedToPeer](waas-delivery-optimization-reference.md#minimum-disk-size-allowed-to-use-peer-caching) setting.
+
+#### Optimize cache size
+
+You can also manage the amount of space the Delivery Optimization cache uses with the following settings:  [DOMaxCacheSize](waas-delivery-optimization-reference.md#max-cache-size) (default is 20%) and [DOAbsoluteMaxCacheSize](waas-delivery-optimization-reference.md#absolute-max-cache-size) (default isn't configured).
+
+#### RAM size
+
+Control the minimum amount of RAM (inclusive) allowed to use peer caching (default is 4 GB), with [DOMinRAMAllowedToPeer](waas-delivery-optimization-reference.md#minimum-ram-inclusive-allowed-to-use-peer-caching).
+
+#### Large number of devices with idle system resources
+
+In an environment with devices that are plugged in and have ample free disk space try increasing the content expiration interval of [DOMaxCacheAge](waas-delivery-optimization-reference.md#max-cache-age) to seven or more (up to 30 days). You can take advantage of these devices, using them as excellent upload sources to upload more content over a longer period.
+
+### 2d. Improve P2P efficiency
+
+:::image type="content" source="images/do-setup-improve-efficiency.png" alt-text="Screenshot of Delivery Optimization improve efficiency considerations." lightbox="images/do-setup-improve-efficiency.png":::
+
+Looking to improve P2P efficiency? Some of the most powerful settings you can change that could have a significant impact within your environment include:
+
+- Help optimize peer connection over HTTP connections using the [DOMinBackgroundQoS](waas-delivery-optimization-reference.md#minimum-background-qos) policy. A good value for the [DOMinBackgroundQoS](waas-delivery-optimization-reference.md#minimum-background-qos) policy is something lower than the average download speed seen in your network. For example, if your average speed is 1000 KB/s, set this policy to 500 KB/s.
+- Improve chances of downloading from peers and/or cache server by delaying the time DO attempts to make connections before falling back to the HTTP source. The set of delay-related policies include:
+  - [DODelayBackgroundDownloadFromHttp](waas-delivery-optimization-reference.md#delay-background-download-from-http-in-secs)
+  - [DODelayForegroundDownloadFromHttp](waas-delivery-optimization-reference.md#delay-foreground-download-from-http-in-secs) 
+  
+  To improve efficiencies from peers or a dedicated cache server, a good starting point is 60 seconds for background settings and 30 seconds for foreground settings.
+
+> [!NOTE]
+> Not all content types are eligible for P2P. Refer to the [complete list](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization) to learn more.
+
+#### Bandwidth throttling options
+
+Regardless of P2P, consider setting the following policies to avoid network disruption.
+
+- Manage network usage as a percentage or absolute value. These policies include: 
+  - [DOPercentageMaxBackgroundBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth)
+  - [DOPercentageMaxForegroundBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth)
+  - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs)
+  - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs)
+- Reduce disruptions by throttling differently at different times of day, using the following business hours policies: 
+  - [DOSetHoursToLimitBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth)
+  - [DOSetHoursToLimitForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth).
+
+> [!NOTE]
+> The absolute policies are recommended in low bandwidth environments.
+
+## 3. Using Connected Cache (MCC)
+
+:::image type="content" source="images/do-setup-connected-cache.png" alt-text="Screenshot of Delivery Optimization options when using Connected Cache." lightbox="images/do-setup-connected-cache.png":::
+
+- [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname) is the list of cache host server names, separated with commas. *Delivery Optimization client connects to the listed Microsoft Connected Cache servers in the order as they're listed.*
+- [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source) can be used to dynamically discover cache host servers on the network, using DHCP.
+- [DelayCacheServerFallbackBackground](waas-delivery-optimization-reference.md#delay-background-download-cache-server-fallback-in-secs) and [DelayCacheServerFallbackForeground](waas-delivery-optimization-reference.md#delay-foreground-download-cache-server-fallback-in-secs) are the delay policies to help improve chances of pulling content from the network cache host servers. (See recommended values in [Improve P2P efficiency](#2d-improve-p2p-efficiency) section above).
+- [DODisallowCacheServerDownloadsOnVPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn) allows control of the cache host server to supply content, when device is on a VPN connection.
+
+## 4. Choose where to set Delivery Optimization policies
+
+:::image type="content" source="images/do-setup-presence.png" alt-text="Screenshot of different product areas where you find Delivery Optimization." lightbox="images/do-setup-presence.png":::
+
+### Group Policies
+
+Use Group Policy to manage Delivery Optimization settings here,
+
+  `Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization`
+
+### MDM Policies
+
+Use MDM to manage Delivery Optimization settings here,
+
+  `.Vendor/MSFT/Policy/Config/DeliveryOptimization/`
+
+Delivery Optimization is integrated with both Microsoft Endpoint Manager and Configuration Manager.
+
+- [Microsoft Endpoint Manager (MEM)](/mem/intune/configuration/delivery-optimization-windows)
+- [Microsoft Endpoint Configuration Manager (MECM)](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery)
+
+## Summary of basic configuration recommendations
+
+| Use case | Policy | Recommended value |
+| ----- | ----- | ----------------- |
+| Use P2P | DownloadMode | 1 or 2 |
+| Don't use P2P | DownloadMode | 0 |
+| Number of devices in the organization | MinFileSizeToCache | 1 MB for peer group > 100 devices |
+| Idle system resources | MaxCacheAge | 7 days (604800 seconds) |
+| Improve P2P efficiency | MinBackgroundQoS and DelayBackgroundDownloadFromHttp / DelayForegroundDownloadFromHttp  | 500 KB/s and 60/30 seconds |
+| Using Connected Cache? | DelayCacheServerFallbackBackground / DelayCacheServerFallbackForeground | 60/30 seconds |
+
+## Monitor Delivery Optimization
+
+Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you'll want to track the outcomes to see how they improve your efficiency. [Learn more](waas-delivery-optimization-monitor.md) about the monitoring options for Delivery Optimization.
+
+## Troubleshoot Delivery Optimization
+
+There could be many different reasons why Delivery Optimization isn't working in your environment. [Learn more](delivery-optimization-troubleshoot.md) about the DO Troubleshooter and common problems and solutions to help improve the experience of using Delivery Optimization.
+
+## Test Delivery Optimization
+
+[Learn more](delivery-optimization-test.md) about guidance on basic testing scenarios to see how Delivery Optimization works.
diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
index 782b1650f6..aa1c2a6abf 100644
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -31,7 +31,7 @@ Use the table below to reference any particular content types or services endpoi
 | *.delivery.mp.microsoft.com  |  HTTP / 80  | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Both |
 | *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net |  HTTP / 80  | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Both |
 | *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com |  HTTP / 80 </br> HTTPs / 443  | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Both |
-| *.statics.teams.cdn.office.net |  HTTP / 80 </br> HTTPs / 443  | Teams | | Both |
+| *.statics.teams.cdn.office.net |  HTTP / 80 </br> HTTPs / 443  | Teams | Future support is planned for peering and Connected Cache | TBD |
 | *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com |  HTTP / 80 | Xbox | | Both |
 | *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com |  HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates.  |  Both |
 | *.do.dsp.mp.microsoft.com |  HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only.  | Connected Cache Managed in Azure |
diff --git a/windows/deployment/do/delivery-optimization-test.md b/windows/deployment/do/delivery-optimization-test.md
index 8ae1791776..a9f607038c 100644
--- a/windows/deployment/do/delivery-optimization-test.md
+++ b/windows/deployment/do/delivery-optimization-test.md
@@ -14,7 +14,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 11/08/2022
+ms.date: 07/23/2024
 ---
 
 # Testing Delivery Optimization
@@ -31,7 +31,7 @@ One of the most powerful advantages of using Delivery Optimization is the abilit
 
 ## Monitoring the Results
 
-Since Delivery Optimization is on by default, you're able to monitor the value either through the Windows Settings for 'Delivery Optimization' using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md), and/or via the [Windows Update for Business Report](../update/wufb-reports-workbook.md) experience in Azure.
+Since Delivery Optimization is on by default, you're able to monitor the value either through the Windows Settings for 'Delivery Optimization' using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-reference.md), and/or via the [Windows Update for Business Report](../update/wufb-reports-workbook.md) experience in Azure.
 
 In the case where Delivery Optimization isn't working in your environment, it's important to investigate to get to the root of the problem. We recommend a test environment be created to easily evaluate typical devices to ensure Delivery Optimization is working properly. For starters, 'Scenario 1: Basic Setup' should be created to test the use of Delivery Optimization between two machines. This scenario is designed to eliminate any noise in the environment to ensure there's nothing preventing Delivery Optimization from working on the devices. Once you have a baseline, you can expand the test environment for more sophisticated tests.
 
@@ -221,4 +221,4 @@ Using Delivery Optimization can help make a significant impact in customer envir
 
 The testing scenarios found in this document help to show a controlled test environment, helping to prevent updates from interrupting the peering results. The other, a more real-world case, demonstrates how content available across peers will be used as the source of the content.
 
-If there are issues found while testing, the Delivery Optimization PowerShell [cmdlets](waas-delivery-optimization-setup.md) can be a helpful tool to help explain what is happening in the environment.
+If there are issues found while testing, the Delivery Optimization PowerShell [cmdlets](waas-delivery-optimization-reference.md) can be a helpful tool to help explain what is happening in the environment.
diff --git a/windows/deployment/do/delivery-optimization-troubleshoot.md b/windows/deployment/do/delivery-optimization-troubleshoot.md
new file mode 100644
index 0000000000..5ade7e311f
--- /dev/null
+++ b/windows/deployment/do/delivery-optimization-troubleshoot.md
@@ -0,0 +1,85 @@
+---
+title: Troubleshoot Delivery Optimization
+description: In this article, learn how to troubleshoot Delivery Optimization.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+author: cmknox
+ms.author: carmenf
+ms.reviewer: mstewart
+manager: aaroncz
+ms.collection:
+  - tier3
+  - essentials-get-started
+ms.localizationpriority: medium
+appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
+ms.date: 07/23/2024
+---
+
+# Troubleshoot Delivery Optimization
+
+This article discusses how to troubleshoot Delivery Optimization.
+
+## DO Troubleshooter
+
+[Check out](https://aka.ms/do-fix) for the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the available switches:
+
+- -HealthCheck: Provides an overall check of the device setup to ensure Delivery Optimization communication is possible on the device.
+- -P2P: Provides output specific to P2P settings, efficiency, and errors.
+- -MCC: Provides output specific to MCC settings and verifies the client can access the cache server.
+
+## Common problems and solutions
+
+This section summarizes common problems and some solutions to try.
+
+### If you don't see any bytes from peers
+
+If you don't see any bytes coming from peers, the cause might be one of the following issues:
+
+- Clients aren't able to reach the Delivery Optimization cloud services.
+- The cloud service doesn't see other peers on the network.
+- Clients aren't able to connect to peers that are offered back from the cloud service.
+- None of the computers on the network are getting updates from peers.
+
+### Clients aren't able to reach the Delivery Optimization cloud services
+
+Try these steps:
+
+1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
+1. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) setting. For peering to work, download mode should be 1, 2, or 3.
+1. If the download mode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.prod.do.dsp.mp.microsoft.com**.
+
+#### The cloud service doesn't see other peers on the network
+
+Try these steps:
+
+1. Download the same app on two different devices on the same network, waiting 10 - 15 minutes between downloads.
+1. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1 or 2 on both devices.
+1. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be nonzero.
+1. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for "what is my IP"). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**.
+
+> [!NOTE]
+> Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of potential peers per file, including which peers are successfully connected and the total bytes sent or received from each peer.
+
+### Clients aren't able to connect to peers offered by the cloud service
+
+Try a Telnet test between two devices on the network to ensure they can connect using port 7680. Follow these steps:
+
+1. Install Telnet by running `dism /online /Enable-Feature /FeatureName:TelnetClient` from an elevated command prompt.
+1. Run the test. For example, if you're on device with IP 192.168.8.12 and you're trying to test the connection to 192.168.9.17 run `telnet 192.168.9.17 7680` (the syntax is *telnet [destination IP] [port]*. When you see a connection error or a blinking cursor like this /_. The blinking cursor means success.
+
+> [!NOTE]
+> You can also use [Test-NetConnection](/powershell/module/nettcpip/test-netconnection) instead of Telnet to run the test.
+> **Test-NetConnection -ComputerName 192.168.9.17 -Port 7680**
+
+### None of the computers on the network are getting updates from peers
+
+Check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, or MDM policies are too restrictive:
+
+- Minimum RAM (inclusive) allowed to use peer caching
+- Minimum disk size allowed to use peer caching
+- Enable peer caching while the device connects using VPN.
+- Allow uploads when the device is on battery while under the set battery level
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index 9635f725c9..1f89eca0a6 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -8,15 +8,13 @@ author: cmknox
 ms.author: carmenf
 manager: aaroncz
 ms.reviewer: mstewart
-ms.collection: 
+ms.collection:
   - tier3
-  - essentials-privacy
-  - essentials-security
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
 ms.date: 05/23/2024
 ---
 
@@ -30,7 +28,7 @@ Delivery Optimization can't be used to download or send personal content. Delive
 
 Delivery Optimization downloads the same updates and apps that you would get through [Windows Update](../update/windows-update-security.md), Microsoft Store apps, and other Microsoft updates using the same security measures. To make sure you're getting authentic updates, Delivery Optimization gets information securely from Microsoft to check the authenticity of each part of an update or app that it downloads from other PCs. The authenticity of the downloads is checked again before installing it. <!--8658744-->
 
-## Download request workflow  
+## Download request workflow
 
 This workflow allows Delivery Optimization to securely and efficiently deliver requested content to the calling device and explains client-service communication. Delivery Optimization uses content metadata to verify the content and to determine all available locations to pull content from.
 
@@ -50,4 +48,4 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 | cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies and as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **eID**: Client grouping ID <br> **CacheHost**: Cache host ID |
 | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentID**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **partitionID**: Client partitioning hint <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **eID**: Client grouping ID |
 | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentID**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **PeerID**:  Identity of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group ID**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eID**: Client grouping ID |
-| dl.delivery.mp.microsoft.com <br> download.windowsupdate.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. |  
+| dl.delivery.mp.microsoft.com <br> download.windowsupdate.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. |
diff --git a/windows/deployment/do/images/checklistbox.gif b/windows/deployment/do/images/checklistbox.gif
deleted file mode 100644
index cbcf4a4f11..0000000000
Binary files a/windows/deployment/do/images/checklistbox.gif and /dev/null differ
diff --git a/windows/deployment/do/images/checklistdone.png b/windows/deployment/do/images/checklistdone.png
deleted file mode 100644
index 7e53f74d0e..0000000000
Binary files a/windows/deployment/do/images/checklistdone.png and /dev/null differ
diff --git a/windows/deployment/do/images/do-setup-allow-communication.png b/windows/deployment/do/images/do-setup-allow-communication.png
new file mode 100644
index 0000000000..6a8d97ba81
Binary files /dev/null and b/windows/deployment/do/images/do-setup-allow-communication.png differ
diff --git a/windows/deployment/do/images/do-setup-connected-cache.png b/windows/deployment/do/images/do-setup-connected-cache.png
new file mode 100644
index 0000000000..081d065753
Binary files /dev/null and b/windows/deployment/do/images/do-setup-connected-cache.png differ
diff --git a/windows/deployment/do/images/do-setup-improve-efficiency.png b/windows/deployment/do/images/do-setup-improve-efficiency.png
new file mode 100644
index 0000000000..bd0d0d98d1
Binary files /dev/null and b/windows/deployment/do/images/do-setup-improve-efficiency.png differ
diff --git a/windows/deployment/do/images/do-setup-network-topology.png b/windows/deployment/do/images/do-setup-network-topology.png
new file mode 100644
index 0000000000..d7ff7aba8d
Binary files /dev/null and b/windows/deployment/do/images/do-setup-network-topology.png differ
diff --git a/windows/deployment/do/images/do-setup-org-size.png b/windows/deployment/do/images/do-setup-org-size.png
new file mode 100644
index 0000000000..0205340dc8
Binary files /dev/null and b/windows/deployment/do/images/do-setup-org-size.png differ
diff --git a/windows/deployment/do/images/do-setup-presence.png b/windows/deployment/do/images/do-setup-presence.png
new file mode 100644
index 0000000000..6f7a949d49
Binary files /dev/null and b/windows/deployment/do/images/do-setup-presence.png differ
diff --git a/windows/deployment/do/images/do-setup-system-resources.png b/windows/deployment/do/images/do-setup-system-resources.png
new file mode 100644
index 0000000000..97c028a4bf
Binary files /dev/null and b/windows/deployment/do/images/do-setup-system-resources.png differ
diff --git a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
index bc36a395ef..8b132e7d76 100644
--- a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
+++ b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
@@ -5,7 +5,7 @@ description: Elixir images read me file
 ms.service: windows-client
 author: nidos
 ms.author: nidos
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ms.subservice: itpro-updates
 robots: noindex
diff --git a/windows/deployment/do/images/ent-mcc-deployment-complete.png b/windows/deployment/do/images/ent-mcc-deployment-complete.png
deleted file mode 100644
index 3586c6019f..0000000000
Binary files a/windows/deployment/do/images/ent-mcc-deployment-complete.png and /dev/null differ
diff --git a/windows/deployment/do/images/ent-mcc-portal-create.png b/windows/deployment/do/images/ent-mcc-portal-create.png
deleted file mode 100644
index 194220be72..0000000000
Binary files a/windows/deployment/do/images/ent-mcc-portal-create.png and /dev/null differ
diff --git a/windows/deployment/do/images/ent-mcc-portal-resource.png b/windows/deployment/do/images/ent-mcc-portal-resource.png
deleted file mode 100644
index 383db09303..0000000000
Binary files a/windows/deployment/do/images/ent-mcc-portal-resource.png and /dev/null differ
diff --git a/windows/deployment/do/images/ent-mcc-provisioning.png b/windows/deployment/do/images/ent-mcc-provisioning.png
deleted file mode 100644
index 1c1dc4f0d0..0000000000
Binary files a/windows/deployment/do/images/ent-mcc-provisioning.png and /dev/null differ
diff --git a/windows/deployment/do/images/ent-mcc-script-device-code.png b/windows/deployment/do/images/ent-mcc-script-device-code.png
deleted file mode 100644
index 30046d2616..0000000000
Binary files a/windows/deployment/do/images/ent-mcc-script-device-code.png and /dev/null differ
diff --git a/windows/deployment/do/images/mcc-isp-migrate.png b/windows/deployment/do/images/mcc-isp-migrate.png
deleted file mode 100644
index 02b9afd16c..0000000000
Binary files a/windows/deployment/do/images/mcc-isp-migrate.png and /dev/null differ
diff --git a/windows/deployment/do/images/portal-installation-instructions-6.png b/windows/deployment/do/images/portal-installation-instructions-6.png
deleted file mode 100644
index 201a1aa1d6..0000000000
Binary files a/windows/deployment/do/images/portal-installation-instructions-6.png and /dev/null differ
diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml
index d4f3409ae7..d2e3a5c60a 100644
--- a/windows/deployment/do/index.yml
+++ b/windows/deployment/do/index.yml
@@ -12,13 +12,12 @@ metadata:
   ms.collection:
     - highpri
     - tier3
-    - essentials-navigation
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
   ms.date: 12/22/2023 #Required; mm/dd/yyyy format.
-  localization_priority: medium
-    
+  ms.localizationpriority: medium
+
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
 landingContent:
@@ -42,12 +41,12 @@ landingContent:
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Delivery Optimization recommended settings
-            url: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
+          - text: Delivery Optimization configuration considerations
+            url: delivery-optimization-configure.md
           - text: Monitor Delivery Optimization for Windows
             url: waas-delivery-optimization-monitor.md
           - text: Troubleshoot Delivery Optimization
-            url: waas-delivery-optimization-setup.md#troubleshooting
+            url: delivery-optimization-troubleshoot.md
           - text: Delivery Optimization Frequently Asked Questions
             url: ../do/waas-delivery-optimization-faq.yml
           - text: Submit feedback
@@ -61,8 +60,8 @@ landingContent:
           - text: Optimize Windows 10 or later update delivery with Configuration Manager
             url: /mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#windows-delivery-optimization
           - text: Delivery Optimization settings in Microsoft Intune
-            url: /mem/intune/configuration/delivery-optimization-windows           
- 
+            url: /mem/intune/configuration/delivery-optimization-windows
+
   # Card
   - title: Microsoft Connected Cache (MCC) for Enterprise and Education
     linkLists:
@@ -71,7 +70,7 @@ landingContent:
           - text: MCC for Enterprise and Education (early preview)
             url: waas-microsoft-connected-cache.md
           - text: Sign up
-            url: https://aka.ms/MSConnectedCacheSignup 
+            url: https://aka.ms/MSConnectedCacheSignup
 
   # Card
   - title: Microsoft Connected Cache (MCC) for Internet Service Providers (ISPs)
@@ -84,7 +83,7 @@ landingContent:
             url: https://aka.ms/MCCForISPSurvey
           - text: MCC for ISPs (early preview)
             url: mcc-isp.md
-          
+
 
   # Card (optional)
   - title: Resources
diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml
index e75c33678a..1f78efa270 100644
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@@ -17,7 +17,7 @@ metadata:
     - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
     - ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019, and later</a>
     - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>	
-  ms.date: 05/23/2024
+  ms.date: 09/10/2024
 title: Frequently Asked Questions about Delivery Optimization
 summary: |
   This article answers frequently asked questions about Delivery Optimization.
@@ -29,6 +29,7 @@ summary: |
   - [How are downloads initiated by Delivery Optimization?](#how-are-downloads-initiated-by-delivery-optimization)
   - [Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected?](#delivery-optimization-is-downloading-windows-content-on-my-devices-directly-from-an-ip-address--is-it-expected)
   - [How do I turn off Delivery Optimization?](#how-do-i-turn-off-delivery-optimization)
+  - [My download is failing with error code 0x80d03002, how do I fix it?](#my-download-is-failing-with-error-code-0x80d03002--how-do-i-fix-it)
 
   **Network related configuration questions**:
  
@@ -68,11 +69,17 @@ sections:
         answer: |
           Delivery Optimization is an HTTP downloader used by most content providers from Microsoft. When a device is configured to use Delivery Optimization peering (on by default), it does so with the HTTP downloader capabilities to optimize bandwidth usage. 
           If you'd like to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access.
-          Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated.
+          Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download with error code 0x80d03002. Starting in Windows 11, Download mode '100' is deprecated.
 
           > [!NOTE]
           > Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Microsoft Edge browser.  If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization.
-  
+       
+      - question: My download is failing with error code 0x80d03002, how do I fix it?
+        answer: |
+          If you set the DownloadMode policy to '100' (Bypass) some content downloads that require Delivery Optimization may fail with error code 0x80d03002.
+          If you intend to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access.
+          Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated.
+
   - name: Network related configuration questions
     questions:
       - question: Which ports does Delivery Optimization use?
@@ -96,8 +103,6 @@ sections:
 
           - `*.dl.delivery.mp.microsoft.com`
 
-          **For the payloads (optional)**:
-
           - `*.windowsupdate.com`
 
           **For group peers across multiple NATs (Teredo)**:
diff --git a/windows/deployment/do/waas-delivery-optimization-monitor.md b/windows/deployment/do/waas-delivery-optimization-monitor.md
index 6c30ab2dc4..ed6710932b 100644
--- a/windows/deployment/do/waas-delivery-optimization-monitor.md
+++ b/windows/deployment/do/waas-delivery-optimization-monitor.md
@@ -10,11 +10,10 @@ manager: aaroncz
 ms.reviewer: mstewart
 ms.collection:
   - tier3
-  - essentials-manage
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
 ms.date: 05/23/2024
 ---
diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md
index cf03e3d310..f43982a7c5 100644
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@@ -21,7 +21,7 @@ ms.date: 05/23/2024
 
 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the main spreadsheet available at the Download Center [for Windows 11](https://www.microsoft.com/en-us/download/details.aspx?id=104594) or [for Windows 10](https://www.microsoft.com/en-us/download/details.aspx?id=104678).
 
-There are many configuration options you can set in Delivery Optimization to customize the content delivery experience specific to your environment needs. This article summarizes those configurations for your reference. If you just need an overview of Delivery Optimization, see [What is Delivery Optimization](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows](waas-delivery-optimization-setup.md).
+There are many configuration options you can set in Delivery Optimization to customize the content delivery experience specific to your environment needs. This article summarizes those configurations for your reference. If you just need an overview of Delivery Optimization, see [What is Delivery Optimization](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows](delivery-optimization-configure.md).
 
 ## Delivery Optimization options
 
@@ -48,8 +48,8 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | [Monthly upload data cap](#monthly-upload-data-cap) | DOMonthlyUploadDataCap | 1607 | Default value is 20 GB. |
 | [Minimum background QoS](#minimum-background-qos) | DOMinBackgroundQoS | 1607 | Recommend setting this to 500 KB/s. Default value is 2500 KB/s. |
 | [Enable peer caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) | DOAllowVPNPeerCaching | 1709 | Default is to not allow peering while on VPN. |
-| [VPN keywords](#vpn-keywords) | DOVpnKeywords | 22H2 September Moment | Allows you to set one or more keywords used to recognize VPN connections. |
-| [Disallow cache server downloads from VPN](#disallow-cache-server-downloads-on-vpn) | DODisallowCacheServerDownloadsOnVPN | 22H2 September Moment | Disallow downloads from Microsoft Connected Cache servers when the device connects via VPN. By default, the device is allowed to download from Microsoft Connected Cache when connected via VPN. |
+| [VPN keywords](#vpn-keywords) | DOVpnKeywords | Windows 11, version 22H2 with the September 2023 or later update installed | Allows you to set one or more keywords used to recognize VPN connections. |
+| [Disallow cache server downloads from VPN](#disallow-cache-server-downloads-on-vpn) | DODisallowCacheServerDownloadsOnVPN | Windows 11, version 22H2 with the September 2023 or later update installed | Disallow downloads from Microsoft Connected Cache servers when the device connects via VPN. By default, the device is allowed to download from Microsoft Connected Cache when connected via VPN. |
 | [Allow uploads while the device is on battery while under set battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) | DOMinBatteryPercentageAllowedToUpload | 1709 | Default is to not allow peering while on battery.  |
 | [Maximum foreground download bandwidth (percentage)](#maximum-foreground-download-bandwidth) | DOPercentageMaxForegroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (percentage)](#maximum-background-download-bandwidth) | DOPercentageMaxBackgroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
@@ -87,8 +87,8 @@ All cached files have to be above a set minimum size. This size is automatically
 More options available that control the impact Delivery Optimization has on your network include the following settings:
 
 - [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This setting adjusts the amount of data downloaded directly from HTTP sources, rather than other peers in the network.
-- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum foreground download bandwidth*hat Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth.
-- [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the **maximum background download bandwidth** that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth.
+- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth.
+- [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth.
 - [Set Business Hours to Limit Background Download Bandwidth](#set-business-hours-to-limit-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 - [Set Business Hours to Limit Foreground Download Bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 - [Select a method to restrict Peer Selection](#select-a-method-to-restrict-peer-selection) restricts peer selection by the options you select.
@@ -127,7 +127,7 @@ Download mode dictates which download sources clients are allowed to use when do
 
 | Download mode option | Functionality when configured |
 | --- | --- |
-| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source or a Microsoft Connected Cache server. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
+| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source or a Microsoft Connected Cache server. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless, reliable and efficient download experience. |
 | LAN (**1 - Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
 | Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
 | Internet (3) | Enable Internet peer sources for Delivery Optimization. |
diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md
deleted file mode 100644
index 0a8cced507..0000000000
--- a/windows/deployment/do/waas-delivery-optimization-setup.md
+++ /dev/null
@@ -1,165 +0,0 @@
----
-title: Set up Delivery Optimization
-description: In this article, learn how to set up Delivery Optimization for use by Windows clients in your organization.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-author: cmknox
-ms.author: carmenf
-ms.reviewer: mstewart
-manager: aaroncz
-ms.collection:
-  - tier3
-  - essentials-get-started
-ms.localizationpriority: medium
-appliesto:
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 05/23/2024
----
-
-# Set up Delivery Optimization for Windows
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-## Set up Delivery Optimization
-
-You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization.
-
-You find the Delivery Optimization settings in Group Policy under **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization**.
-
-Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](/mem/intune/configuration/delivery-optimization-windows).
-
-**Starting with Windows 10, version 1903**, you can use the Microsoft Entra tenant ID as a means to define groups. To set the value for [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) to its new maximum value of 5.
-
-## Allow service endpoints
-
-When using a firewall, it's important that the Delivery Optimization Service endpoints are allowed and associated ports are open. For more information, see [Delivery Optimization FAQ](waas-delivery-optimization-faq.yml#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).
-
-## Allow content endpoints
-
-When using a firewall, it's important that the content endpoints are allowed and associated ports are open. For more information, see [Endpoints for Delivery Optimization and Microsoft Connected Cache content](delivery-optimization-endpoints.md).
-
-## Recommended Delivery Optimization settings
-
-Delivery Optimization offers a great many settings to fine-tune its behavior see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list, but for the most efficient performance, there are just a few key parameters that have the greatest impact if particular situations exist in your deployment. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
-
-- Does your topology include multiple breakouts to the internet that is, a "hybrid WAN" or are there only a few connections to the internet, so that all requests appear to come from a single external IP address a "hub and spoke" topology?
-- If you use boundary groups in your topology, how many devices are present in a given group?
-- What percentage of your devices are mobile?
-- Do your devices have a lot of free space on their drives?
-- Do you have a lab scenario with many devices on AC power?
-
-> [!NOTE]
-> These scenarios (and the recommended settings for each) are not mutually exclusive. It's possible that your deployment might involve more than one of these scenarios, in which case you can employ the related settings in any combination as needed. In all cases, however, "download mode" is the most important one to set.
->
-> [!NOTE]
-> Microsoft Intune includes a profile to make it easier to set Delivery Optimization policies. For details, see [Delivery Optimization settings for Intune](/mem/intune/configuration/delivery-optimization-settings).
-
-Quick-reference table:
-
-| Use case | Policy | Recommended value | Reason |
-| --- | --- | --- | --- |
-| Hub & spoke topology | Download mode | 1 or 2 | Automatic grouping of peers to match your topology |
-| Sites with > 30 devices | Minimum file size to cache | 10 MB (or 1 MB) | Use peers-to-peer capability in more downloads |
-| Large number of mobile devices | Allow uploads on battery power | 60% | Increase # of devices that can upload while limiting battery drain |
-| Labs with AC-powered devices | Content expiration | 7 (up to 30) days | Leverage devices that can upload more for a longer period |
-
-### Hybrid WAN scenario
-
-For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group, when the GroupID or GroupIDSource policies aren't set, is the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. If your domain-based group is too wide, or your Active Directory sites aren't aligned with your site network topology, then you should consider other options for dynamically creating groups, for example by using the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) policy.
-
-In Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
-
-Using with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to 1 or 2.
-
-### Hub and spoke topology with boundary groups
-
-The default download mode setting is **1**; this means all devices breaking out to the internet using the same public IP is considered as a single peer group. To prevent peer-to-peer activity across your WAN, you should set the download mode to **2**. If you have already defined Active Directory sites per hub or branch office, then you don't need to do anything else since the Active Directory sites are used by default as the source for creation of Group IDs. If you're not using Active Directory sites, you should set a different source for Groups by using the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) options or the [DORestrictPeerSelectionBy](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection) policy to restrict the activity to the subnet.
-
-With Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
-
-Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to **2**.
-
-> [!NOTE]
-> For more information about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optimization for Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
-
-### Large number of mobile devices
-
-If you have a mobile workforce with a great many mobile devices, set Delivery Optimization to allow uploads on battery power, while limiting the use to prevent battery drain. A setting for **DOMinBatteryPercentageAllowedToUpload** of 60% is a good starting point, though you might want to adjust it later.
-
-With Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60.
-
-Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominbatterypercentageallowedtoupload) to 60.
-
-### Plentiful free space and large numbers of devices
-
-Many devices now come with large internal drives. You can set Delivery Optimization to take better advantage of this space (especially if you have large numbers of devices) by changing the minimum file size to cache. If you have more than 30 devices in your local network or group, change it from the default 50 MB to 10 MB. If you have more than 100 devices (and are running Windows 10, version 1803 or later), set this value to 1 MB.
-
-With Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 10 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
-
-Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinFileSizeToCache](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominfilesizetocache) to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
-
-### Lab scenario
-
-In a lab situation, you typically have a large number of devices that are plugged in and have a lot of free disk space. By increasing the content expiration interval, you can take advantage of these devices, using them as excellent upload sources in order to upload more content over a longer period.
-
-With Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **604800** (7 days) or more (up to 30 days).
-
-Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMaxCacheAge](/windows/client-management/mdm/policy-csp-deliveryoptimization#domaxcacheage) to 7 or more (up to 30 days).
-
-[Learn more](delivery-optimization-test.md) about Delivery Optimization testing scenarios.
-
-## Troubleshooting
-
-This section summarizes common problems and some solutions to try.
-
-### If you don't see any bytes from peers
-
-If you don't see any bytes coming from peers the cause might be one of the following issues:
-
-- Clients aren't able to reach the Delivery Optimization cloud services.
-- The cloud service doesn't see other peers on the network.
-- Clients aren't able to connect to peers that are offered back from the cloud service.
-- None of the computers on the network are getting updates from peers.
-
-### Clients aren't able to reach the Delivery Optimization cloud services
-
-Try these steps:
-
-1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
-2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) setting. For peering to work, download mode should be 1, 2, or 3.
-3. If the download mode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.prod.do.dsp.mp.microsoft.com**.
-
-### The cloud service doesn't see other peers on the network
-
-Try these steps:
-
-1. Download the same app on two different devices on the same network, waiting 10 - 15 minutes between downloads.
-2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1 or 2 on both devices.
-3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be nonzero.
-4. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for "what is my IP"). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**.
-
-> [!NOTE]
-> Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of potential peers per file, including which peers are successfully connected and the total bytes sent or received from each peer.
-
-### Clients aren't able to connect to peers offered by the cloud service
-
-Try a Telnet test between two devices on the network to ensure they can connect using port 7680. Follow these steps:
-
-1. Install Telnet by running `dism /online /Enable-Feature /FeatureName:TelnetClient` from an elevated command prompt.
-2. Run the test. For example, if you are on device with IP 192.168.8.12 and you're trying to test the connection to 192.168.9.17 run `telnet 192.168.9.17 7680` (the syntax is *telnet [destination IP] [port]*. You'll either see a connection error or a blinking cursor like this /_. The blinking cursor means success.
-
-> [!NOTE]
-> You can also use [Test-NetConnection](/powershell/module/nettcpip/test-netconnection) instead of Telnet to run the test.
-> **Test-NetConnection -ComputerName 192.168.9.17 -Port 7680**
-
-### None of the computers on the network are getting updates from peers
-
-Check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, or MDM policies are too restrictive:
-
-- Minimum RAM (inclusive) allowed to use peer caching
-- Minimum disk size allowed to use peer caching
-- Enable peer caching while the device connects using VPN.
-- Allow uploads when the device is on battery while under the set battery level
diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md
index 10e0059d41..735d4b1965 100644
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@@ -11,11 +11,10 @@ ms.reviewer: mstewart
 ms.collection:
   - tier3
   - highpri
-  - essentials-overview
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 05/23/2024
 ---
 
@@ -29,7 +28,7 @@ To use either the peer-to-peer functionality or the Microsoft Connected Cache fe
 
 You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Microsoft Intune/Windows Update for Business, or Microsoft Configuration Manager (when installation of Express Updates is enabled).
 
-For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
+For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization](delivery-optimization-configure.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
 
 > [!NOTE]
 > WSUS can also use [BranchCache](../update/waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead.
@@ -53,7 +52,6 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Windows Update ([feature updates quality updates, language packs, drivers](../update/get-started-updates-channels-tools.md#types-of-updates)) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Windows 10/11 UWP Store apps | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Windows 11 Win32 Store apps | Windows 11 | :heavy_check_mark: | |
-| Windows 10 Store for Business apps | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Windows Defender definition updates | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
 | Microsoft 365 Apps and updates | Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
@@ -99,7 +97,7 @@ To gain a deeper understanding of the Delivery Optimization client-service commu
 
 ## Set up Delivery Optimization for Windows
 
-[Learn more](waas-delivery-optimization-setup.md) about the Delivery Optimization settings to ensure proper setup in your environment.
+[Learn more](delivery-optimization-configure.md) about the Delivery Optimization settings to ensure proper setup in your environment.
 
 ## Delivery Optimization reference
 
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index 0ec95143b6..38bc9e786c 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -49,19 +49,20 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Windows Deployment",
       "contributors_to_exclude": [
         "dstrome2",
-        "rjagiewich",  
+        "rjagiewich",
         "American-Dipper",
-        "claydetels19", 
+        "claydetels19",
         "jborsecnik",
         "v-stchambers",
         "shdyas",
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "alekyaj"
+        "alekyaj",
+        "aditisrivastava07",
+        "padmagit77"
       ],
       "searchScope": [
         "Windows 10"
@@ -72,4 +73,4 @@
     "dest": "win-development",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/deployment/images/ContosoBackground.png b/windows/deployment/images/ContosoBackground.png
deleted file mode 100644
index 12a04f0e83..0000000000
Binary files a/windows/deployment/images/ContosoBackground.png and /dev/null differ
diff --git a/windows/deployment/images/ISE.png b/windows/deployment/images/ISE.png
deleted file mode 100644
index edf53101f4..0000000000
Binary files a/windows/deployment/images/ISE.png and /dev/null differ
diff --git a/windows/deployment/images/PoC.png b/windows/deployment/images/PoC.png
deleted file mode 100644
index 6d7b7eb5af..0000000000
Binary files a/windows/deployment/images/PoC.png and /dev/null differ
diff --git a/windows/deployment/images/acroread.png b/windows/deployment/images/acroread.png
deleted file mode 100644
index 142e7b6d74..0000000000
Binary files a/windows/deployment/images/acroread.png and /dev/null differ
diff --git a/windows/deployment/images/after.png b/windows/deployment/images/after.png
deleted file mode 100644
index 1e446f7cf5..0000000000
Binary files a/windows/deployment/images/after.png and /dev/null differ
diff --git a/windows/deployment/images/al01.png b/windows/deployment/images/al01.png
deleted file mode 100644
index b779b59ac9..0000000000
Binary files a/windows/deployment/images/al01.png and /dev/null differ
diff --git a/windows/deployment/images/al02.png b/windows/deployment/images/al02.png
deleted file mode 100644
index 6d2216a377..0000000000
Binary files a/windows/deployment/images/al02.png and /dev/null differ
diff --git a/windows/deployment/images/captureimage.png b/windows/deployment/images/captureimage.png
deleted file mode 100644
index e9ebbf3aad..0000000000
Binary files a/windows/deployment/images/captureimage.png and /dev/null differ
diff --git a/windows/deployment/images/check_blu.png b/windows/deployment/images/check_blu.png
deleted file mode 100644
index d5c703760f..0000000000
Binary files a/windows/deployment/images/check_blu.png and /dev/null differ
diff --git a/windows/deployment/images/check_grn.png b/windows/deployment/images/check_grn.png
deleted file mode 100644
index f9f04cd6bd..0000000000
Binary files a/windows/deployment/images/check_grn.png and /dev/null differ
diff --git a/windows/deployment/images/cm-upgrade-ts.png b/windows/deployment/images/cm-upgrade-ts.png
deleted file mode 100644
index 15c6b04400..0000000000
Binary files a/windows/deployment/images/cm-upgrade-ts.png and /dev/null differ
diff --git a/windows/deployment/images/cm01-content-status1.png b/windows/deployment/images/cm01-content-status1.png
deleted file mode 100644
index 2aa9f3bce1..0000000000
Binary files a/windows/deployment/images/cm01-content-status1.png and /dev/null differ
diff --git a/windows/deployment/images/cm01-drivers-packages.png b/windows/deployment/images/cm01-drivers-packages.png
deleted file mode 100644
index 9453c20588..0000000000
Binary files a/windows/deployment/images/cm01-drivers-packages.png and /dev/null differ
diff --git a/windows/deployment/images/cm01-drivers-windows.png b/windows/deployment/images/cm01-drivers-windows.png
deleted file mode 100644
index 16a6c031c7..0000000000
Binary files a/windows/deployment/images/cm01-drivers-windows.png and /dev/null differ
diff --git a/windows/deployment/images/cm01-drivers.png b/windows/deployment/images/cm01-drivers.png
deleted file mode 100644
index 57de49530b..0000000000
Binary files a/windows/deployment/images/cm01-drivers.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-asset.png b/windows/deployment/images/configmgr-asset.png
deleted file mode 100644
index 4dacaeb565..0000000000
Binary files a/windows/deployment/images/configmgr-asset.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-client.png b/windows/deployment/images/configmgr-client.png
deleted file mode 100644
index 45e0ad8883..0000000000
Binary files a/windows/deployment/images/configmgr-client.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-collection.png b/windows/deployment/images/configmgr-collection.png
deleted file mode 100644
index 01a1cca4a8..0000000000
Binary files a/windows/deployment/images/configmgr-collection.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-install-os.png b/windows/deployment/images/configmgr-install-os.png
deleted file mode 100644
index 53b314b132..0000000000
Binary files a/windows/deployment/images/configmgr-install-os.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-post-refresh.png b/windows/deployment/images/configmgr-post-refresh.png
deleted file mode 100644
index e116e04312..0000000000
Binary files a/windows/deployment/images/configmgr-post-refresh.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-pxe.png b/windows/deployment/images/configmgr-pxe.png
deleted file mode 100644
index 39cb22c075..0000000000
Binary files a/windows/deployment/images/configmgr-pxe.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-site.png b/windows/deployment/images/configmgr-site.png
deleted file mode 100644
index 92319fdbf7..0000000000
Binary files a/windows/deployment/images/configmgr-site.png and /dev/null differ
diff --git a/windows/deployment/images/configmgr-software-cntr.png b/windows/deployment/images/configmgr-software-cntr.png
deleted file mode 100644
index cd9520ed17..0000000000
Binary files a/windows/deployment/images/configmgr-software-cntr.png and /dev/null differ
diff --git a/windows/deployment/images/dart.png b/windows/deployment/images/dart.png
deleted file mode 100644
index f5c099e9a0..0000000000
Binary files a/windows/deployment/images/dart.png and /dev/null differ
diff --git a/windows/deployment/images/deploy-finish.png b/windows/deployment/images/deploy-finish.png
deleted file mode 100644
index 4f0d5cb859..0000000000
Binary files a/windows/deployment/images/deploy-finish.png and /dev/null differ
diff --git a/windows/deployment/images/deployment-workbench01.png b/windows/deployment/images/deployment-workbench01.png
deleted file mode 100644
index c68ee25db1..0000000000
Binary files a/windows/deployment/images/deployment-workbench01.png and /dev/null differ
diff --git a/windows/deployment/images/disk2vhd-gen2.png b/windows/deployment/images/disk2vhd-gen2.png
deleted file mode 100644
index 7f8d920f9d..0000000000
Binary files a/windows/deployment/images/disk2vhd-gen2.png and /dev/null differ
diff --git a/windows/deployment/images/disk2vhd.png b/windows/deployment/images/disk2vhd.png
deleted file mode 100644
index 7b9835f5f6..0000000000
Binary files a/windows/deployment/images/disk2vhd.png and /dev/null differ
diff --git a/windows/deployment/images/disk2vhd4.png b/windows/deployment/images/disk2vhd4.png
deleted file mode 100644
index 97f9448441..0000000000
Binary files a/windows/deployment/images/disk2vhd4.png and /dev/null differ
diff --git a/windows/deployment/images/download.png b/windows/deployment/images/download.png
deleted file mode 100644
index 266a2a196b..0000000000
Binary files a/windows/deployment/images/download.png and /dev/null differ
diff --git a/windows/deployment/images/ent.png b/windows/deployment/images/ent.png
deleted file mode 100644
index e9d571ed15..0000000000
Binary files a/windows/deployment/images/ent.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-ad-connect.png b/windows/deployment/images/enterprise-e3-ad-connect.png
deleted file mode 100644
index 195058f6f6..0000000000
Binary files a/windows/deployment/images/enterprise-e3-ad-connect.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-choose-how.png b/windows/deployment/images/enterprise-e3-choose-how.png
deleted file mode 100644
index 8e84535bfd..0000000000
Binary files a/windows/deployment/images/enterprise-e3-choose-how.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-connect-to-work-or-school.png b/windows/deployment/images/enterprise-e3-connect-to-work-or-school.png
deleted file mode 100644
index 90e1b1131f..0000000000
Binary files a/windows/deployment/images/enterprise-e3-connect-to-work-or-school.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-lets-get-2.png b/windows/deployment/images/enterprise-e3-lets-get-2.png
deleted file mode 100644
index ef523d4af8..0000000000
Binary files a/windows/deployment/images/enterprise-e3-lets-get-2.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-lets-get.png b/windows/deployment/images/enterprise-e3-lets-get.png
deleted file mode 100644
index 582da1ab2d..0000000000
Binary files a/windows/deployment/images/enterprise-e3-lets-get.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-set-up-work-or-school.png b/windows/deployment/images/enterprise-e3-set-up-work-or-school.png
deleted file mode 100644
index 72844d7622..0000000000
Binary files a/windows/deployment/images/enterprise-e3-set-up-work-or-school.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-sign-in.png b/windows/deployment/images/enterprise-e3-sign-in.png
deleted file mode 100644
index 3029d3ef2b..0000000000
Binary files a/windows/deployment/images/enterprise-e3-sign-in.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-who-owns.png b/windows/deployment/images/enterprise-e3-who-owns.png
deleted file mode 100644
index c3008869d2..0000000000
Binary files a/windows/deployment/images/enterprise-e3-who-owns.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png b/windows/deployment/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png
deleted file mode 100644
index eb888b23b5..0000000000
Binary files a/windows/deployment/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png b/windows/deployment/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png
deleted file mode 100644
index e4ac7398be..0000000000
Binary files a/windows/deployment/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png b/windows/deployment/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png
deleted file mode 100644
index 5fedfe5d06..0000000000
Binary files a/windows/deployment/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png and /dev/null differ
diff --git a/windows/deployment/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png b/windows/deployment/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png
deleted file mode 100644
index 84e39071db..0000000000
Binary files a/windows/deployment/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png and /dev/null differ
diff --git a/windows/deployment/images/feedback.png b/windows/deployment/images/feedback.png
deleted file mode 100644
index 15e171c4ed..0000000000
Binary files a/windows/deployment/images/feedback.png and /dev/null differ
diff --git a/windows/deployment/images/fig10-contosoinstall.png b/windows/deployment/images/fig10-contosoinstall.png
deleted file mode 100644
index ac4eaf2aa0..0000000000
Binary files a/windows/deployment/images/fig10-contosoinstall.png and /dev/null differ
diff --git a/windows/deployment/images/fig10-unattend.png b/windows/deployment/images/fig10-unattend.png
deleted file mode 100644
index 54f0b0f86f..0000000000
Binary files a/windows/deployment/images/fig10-unattend.png and /dev/null differ
diff --git a/windows/deployment/images/fig16-contentstatus1.png b/windows/deployment/images/fig16-contentstatus1.png
deleted file mode 100644
index 32c6023e7c..0000000000
Binary files a/windows/deployment/images/fig16-contentstatus1.png and /dev/null differ
diff --git a/windows/deployment/images/fig16-contentstatus2.png b/windows/deployment/images/fig16-contentstatus2.png
deleted file mode 100644
index d28385f4ae..0000000000
Binary files a/windows/deployment/images/fig16-contentstatus2.png and /dev/null differ
diff --git a/windows/deployment/images/fig18-distwindows.png b/windows/deployment/images/fig18-distwindows.png
deleted file mode 100644
index 07ff1b74c6..0000000000
Binary files a/windows/deployment/images/fig18-distwindows.png and /dev/null differ
diff --git a/windows/deployment/images/fig2-gather.png b/windows/deployment/images/fig2-gather.png
deleted file mode 100644
index 01ffca2770..0000000000
Binary files a/windows/deployment/images/fig2-gather.png and /dev/null differ
diff --git a/windows/deployment/images/fig2-importedos.png b/windows/deployment/images/fig2-importedos.png
deleted file mode 100644
index 90cf910c24..0000000000
Binary files a/windows/deployment/images/fig2-importedos.png and /dev/null differ
diff --git a/windows/deployment/images/fig2-taskseq.png b/windows/deployment/images/fig2-taskseq.png
deleted file mode 100644
index bdd81ddbde..0000000000
Binary files a/windows/deployment/images/fig2-taskseq.png and /dev/null differ
diff --git a/windows/deployment/images/fig21-add-drivers1.png b/windows/deployment/images/fig21-add-drivers1.png
deleted file mode 100644
index 79b797a7d3..0000000000
Binary files a/windows/deployment/images/fig21-add-drivers1.png and /dev/null differ
diff --git a/windows/deployment/images/fig21-add-drivers2.png b/windows/deployment/images/fig21-add-drivers2.png
deleted file mode 100644
index 2f18c5b660..0000000000
Binary files a/windows/deployment/images/fig21-add-drivers2.png and /dev/null differ
diff --git a/windows/deployment/images/fig21-add-drivers3.png b/windows/deployment/images/fig21-add-drivers3.png
deleted file mode 100644
index 45f97d0835..0000000000
Binary files a/windows/deployment/images/fig21-add-drivers3.png and /dev/null differ
diff --git a/windows/deployment/images/fig21-add-drivers4.png b/windows/deployment/images/fig21-add-drivers4.png
deleted file mode 100644
index a6613d8718..0000000000
Binary files a/windows/deployment/images/fig21-add-drivers4.png and /dev/null differ
diff --git a/windows/deployment/images/fig22-createcategories.png b/windows/deployment/images/fig22-createcategories.png
deleted file mode 100644
index 664ffb2777..0000000000
Binary files a/windows/deployment/images/fig22-createcategories.png and /dev/null differ
diff --git a/windows/deployment/images/fig27-driverpackage.png b/windows/deployment/images/fig27-driverpackage.png
deleted file mode 100644
index cfb17d05ba..0000000000
Binary files a/windows/deployment/images/fig27-driverpackage.png and /dev/null differ
diff --git a/windows/deployment/images/fig28-addapp.png b/windows/deployment/images/fig28-addapp.png
deleted file mode 100644
index 34f6f44519..0000000000
Binary files a/windows/deployment/images/fig28-addapp.png and /dev/null differ
diff --git a/windows/deployment/images/fig30-settingspack.png b/windows/deployment/images/fig30-settingspack.png
deleted file mode 100644
index 4dd820aadf..0000000000
Binary files a/windows/deployment/images/fig30-settingspack.png and /dev/null differ
diff --git a/windows/deployment/images/fig32-deploywiz.png b/windows/deployment/images/fig32-deploywiz.png
deleted file mode 100644
index ad5052af7d..0000000000
Binary files a/windows/deployment/images/fig32-deploywiz.png and /dev/null differ
diff --git a/windows/deployment/images/fig4-oob-drivers.png b/windows/deployment/images/fig4-oob-drivers.png
deleted file mode 100644
index 14d93fb278..0000000000
Binary files a/windows/deployment/images/fig4-oob-drivers.png and /dev/null differ
diff --git a/windows/deployment/images/fig5-selectprofile.png b/windows/deployment/images/fig5-selectprofile.png
deleted file mode 100644
index 452ab4f581..0000000000
Binary files a/windows/deployment/images/fig5-selectprofile.png and /dev/null differ
diff --git a/windows/deployment/images/fig6-taskseq.png b/windows/deployment/images/fig6-taskseq.png
deleted file mode 100644
index 8696cc04c4..0000000000
Binary files a/windows/deployment/images/fig6-taskseq.png and /dev/null differ
diff --git a/windows/deployment/images/fig8-cust-tasks.png b/windows/deployment/images/fig8-cust-tasks.png
deleted file mode 100644
index 3ab40d730a..0000000000
Binary files a/windows/deployment/images/fig8-cust-tasks.png and /dev/null differ
diff --git a/windows/deployment/images/fig8-suspend.png b/windows/deployment/images/fig8-suspend.png
deleted file mode 100644
index 8094f01274..0000000000
Binary files a/windows/deployment/images/fig8-suspend.png and /dev/null differ
diff --git a/windows/deployment/images/fig9-resumetaskseq.png b/windows/deployment/images/fig9-resumetaskseq.png
deleted file mode 100644
index 0a83019f69..0000000000
Binary files a/windows/deployment/images/fig9-resumetaskseq.png and /dev/null differ
diff --git a/windows/deployment/images/hyper-v-feature.png b/windows/deployment/images/hyper-v-feature.png
deleted file mode 100644
index d7293d808e..0000000000
Binary files a/windows/deployment/images/hyper-v-feature.png and /dev/null differ
diff --git a/windows/deployment/images/image-captured.png b/windows/deployment/images/image-captured.png
deleted file mode 100644
index 69c5d5ef15..0000000000
Binary files a/windows/deployment/images/image-captured.png and /dev/null differ
diff --git a/windows/deployment/images/image.png b/windows/deployment/images/image.png
deleted file mode 100644
index 0bbadcb68f..0000000000
Binary files a/windows/deployment/images/image.png and /dev/null differ
diff --git a/windows/deployment/images/installing-drivers.png b/windows/deployment/images/installing-drivers.png
deleted file mode 100644
index 22d7808fad..0000000000
Binary files a/windows/deployment/images/installing-drivers.png and /dev/null differ
diff --git a/windows/deployment/images/iso-data.png b/windows/deployment/images/iso-data.png
deleted file mode 100644
index f188046b7f..0000000000
Binary files a/windows/deployment/images/iso-data.png and /dev/null differ
diff --git a/windows/deployment/images/m365da.png b/windows/deployment/images/m365da.png
deleted file mode 100644
index 8f83c3bf8a..0000000000
Binary files a/windows/deployment/images/m365da.png and /dev/null differ
diff --git a/windows/deployment/images/m365e.png b/windows/deployment/images/m365e.png
deleted file mode 100644
index 2f3ea14906..0000000000
Binary files a/windows/deployment/images/m365e.png and /dev/null differ
diff --git a/windows/deployment/images/mbr2gpt-volume.png b/windows/deployment/images/mbr2gpt-volume.png
deleted file mode 100644
index d69bed87fb..0000000000
Binary files a/windows/deployment/images/mbr2gpt-volume.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-01-fig02.jpg b/windows/deployment/images/mdt-01-fig02.jpg
deleted file mode 100644
index 1533bdd336..0000000000
Binary files a/windows/deployment/images/mdt-01-fig02.jpg and /dev/null differ
diff --git a/windows/deployment/images/mdt-03-fig01.png b/windows/deployment/images/mdt-03-fig01.png
deleted file mode 100644
index fc68fb0c25..0000000000
Binary files a/windows/deployment/images/mdt-03-fig01.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-03-fig02.png b/windows/deployment/images/mdt-03-fig02.png
deleted file mode 100644
index 934be09dc1..0000000000
Binary files a/windows/deployment/images/mdt-03-fig02.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-03-fig03.png b/windows/deployment/images/mdt-03-fig03.png
deleted file mode 100644
index a387923d80..0000000000
Binary files a/windows/deployment/images/mdt-03-fig03.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-03-fig04.png b/windows/deployment/images/mdt-03-fig04.png
deleted file mode 100644
index 437531d2f6..0000000000
Binary files a/windows/deployment/images/mdt-03-fig04.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-03-fig05.png b/windows/deployment/images/mdt-03-fig05.png
deleted file mode 100644
index a7b8d6ca2e..0000000000
Binary files a/windows/deployment/images/mdt-03-fig05.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-04-fig01.png b/windows/deployment/images/mdt-04-fig01.png
deleted file mode 100644
index 8a90c1a934..0000000000
Binary files a/windows/deployment/images/mdt-04-fig01.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig02.png b/windows/deployment/images/mdt-05-fig02.png
deleted file mode 100644
index 1223432581..0000000000
Binary files a/windows/deployment/images/mdt-05-fig02.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig03.png b/windows/deployment/images/mdt-05-fig03.png
deleted file mode 100644
index a0ffbec429..0000000000
Binary files a/windows/deployment/images/mdt-05-fig03.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig04.png b/windows/deployment/images/mdt-05-fig04.png
deleted file mode 100644
index 778cbae1b7..0000000000
Binary files a/windows/deployment/images/mdt-05-fig04.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig05.png b/windows/deployment/images/mdt-05-fig05.png
deleted file mode 100644
index e172a29754..0000000000
Binary files a/windows/deployment/images/mdt-05-fig05.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig07.png b/windows/deployment/images/mdt-05-fig07.png
deleted file mode 100644
index 135a2367c1..0000000000
Binary files a/windows/deployment/images/mdt-05-fig07.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig08.png b/windows/deployment/images/mdt-05-fig08.png
deleted file mode 100644
index 1f4534e89b..0000000000
Binary files a/windows/deployment/images/mdt-05-fig08.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig09.png b/windows/deployment/images/mdt-05-fig09.png
deleted file mode 100644
index a3d0155096..0000000000
Binary files a/windows/deployment/images/mdt-05-fig09.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-05-fig10.png b/windows/deployment/images/mdt-05-fig10.png
deleted file mode 100644
index 576da23ea6..0000000000
Binary files a/windows/deployment/images/mdt-05-fig10.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig03.png b/windows/deployment/images/mdt-06-fig03.png
deleted file mode 100644
index 9d2786e46a..0000000000
Binary files a/windows/deployment/images/mdt-06-fig03.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig04.png b/windows/deployment/images/mdt-06-fig04.png
deleted file mode 100644
index 216e1f371b..0000000000
Binary files a/windows/deployment/images/mdt-06-fig04.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig05.png b/windows/deployment/images/mdt-06-fig05.png
deleted file mode 100644
index 3af74bb5ee..0000000000
Binary files a/windows/deployment/images/mdt-06-fig05.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig08.png b/windows/deployment/images/mdt-06-fig08.png
deleted file mode 100644
index 25c8a0a445..0000000000
Binary files a/windows/deployment/images/mdt-06-fig08.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig10.png b/windows/deployment/images/mdt-06-fig10.png
deleted file mode 100644
index 85b448ba87..0000000000
Binary files a/windows/deployment/images/mdt-06-fig10.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig12.png b/windows/deployment/images/mdt-06-fig12.png
deleted file mode 100644
index a427be3f1d..0000000000
Binary files a/windows/deployment/images/mdt-06-fig12.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig13.png b/windows/deployment/images/mdt-06-fig13.png
deleted file mode 100644
index a9f020b0da..0000000000
Binary files a/windows/deployment/images/mdt-06-fig13.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig14.png b/windows/deployment/images/mdt-06-fig14.png
deleted file mode 100644
index 1d06c9c7e2..0000000000
Binary files a/windows/deployment/images/mdt-06-fig14.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig15.png b/windows/deployment/images/mdt-06-fig15.png
deleted file mode 100644
index ffa5890a84..0000000000
Binary files a/windows/deployment/images/mdt-06-fig15.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig16.png b/windows/deployment/images/mdt-06-fig16.png
deleted file mode 100644
index f448782602..0000000000
Binary files a/windows/deployment/images/mdt-06-fig16.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig20.png b/windows/deployment/images/mdt-06-fig20.png
deleted file mode 100644
index 890c421227..0000000000
Binary files a/windows/deployment/images/mdt-06-fig20.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig21.png b/windows/deployment/images/mdt-06-fig21.png
deleted file mode 100644
index 07b168ab89..0000000000
Binary files a/windows/deployment/images/mdt-06-fig21.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig31.png b/windows/deployment/images/mdt-06-fig31.png
deleted file mode 100644
index 306f4a7980..0000000000
Binary files a/windows/deployment/images/mdt-06-fig31.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig33.png b/windows/deployment/images/mdt-06-fig33.png
deleted file mode 100644
index 1529426830..0000000000
Binary files a/windows/deployment/images/mdt-06-fig33.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig35.png b/windows/deployment/images/mdt-06-fig35.png
deleted file mode 100644
index a68750925d..0000000000
Binary files a/windows/deployment/images/mdt-06-fig35.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig42.png b/windows/deployment/images/mdt-06-fig42.png
deleted file mode 100644
index e9cfe36083..0000000000
Binary files a/windows/deployment/images/mdt-06-fig42.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-06-fig43.png b/windows/deployment/images/mdt-06-fig43.png
deleted file mode 100644
index c9a2c88306..0000000000
Binary files a/windows/deployment/images/mdt-06-fig43.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig01.png b/windows/deployment/images/mdt-07-fig01.png
deleted file mode 100644
index 90635678e8..0000000000
Binary files a/windows/deployment/images/mdt-07-fig01.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig08.png b/windows/deployment/images/mdt-07-fig08.png
deleted file mode 100644
index 2cbfc47271..0000000000
Binary files a/windows/deployment/images/mdt-07-fig08.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig09.png b/windows/deployment/images/mdt-07-fig09.png
deleted file mode 100644
index 245b59072d..0000000000
Binary files a/windows/deployment/images/mdt-07-fig09.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig10.png b/windows/deployment/images/mdt-07-fig10.png
deleted file mode 100644
index 2c61e0eb3d..0000000000
Binary files a/windows/deployment/images/mdt-07-fig10.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig11.png b/windows/deployment/images/mdt-07-fig11.png
deleted file mode 100644
index ce70374271..0000000000
Binary files a/windows/deployment/images/mdt-07-fig11.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig13.png b/windows/deployment/images/mdt-07-fig13.png
deleted file mode 100644
index dae9bd23b8..0000000000
Binary files a/windows/deployment/images/mdt-07-fig13.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig14.png b/windows/deployment/images/mdt-07-fig14.png
deleted file mode 100644
index 788e609cf6..0000000000
Binary files a/windows/deployment/images/mdt-07-fig14.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig15.png b/windows/deployment/images/mdt-07-fig15.png
deleted file mode 100644
index 5271690c89..0000000000
Binary files a/windows/deployment/images/mdt-07-fig15.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-07-fig16.png b/windows/deployment/images/mdt-07-fig16.png
deleted file mode 100644
index 995eaa51c7..0000000000
Binary files a/windows/deployment/images/mdt-07-fig16.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-08-fig01.png b/windows/deployment/images/mdt-08-fig01.png
deleted file mode 100644
index 7e9e650633..0000000000
Binary files a/windows/deployment/images/mdt-08-fig01.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-08-fig02.png b/windows/deployment/images/mdt-08-fig02.png
deleted file mode 100644
index 7a0a4a1bbb..0000000000
Binary files a/windows/deployment/images/mdt-08-fig02.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig01.png b/windows/deployment/images/mdt-09-fig01.png
deleted file mode 100644
index 0549174435..0000000000
Binary files a/windows/deployment/images/mdt-09-fig01.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig02.png b/windows/deployment/images/mdt-09-fig02.png
deleted file mode 100644
index dd69922d80..0000000000
Binary files a/windows/deployment/images/mdt-09-fig02.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig03.png b/windows/deployment/images/mdt-09-fig03.png
deleted file mode 100644
index 56102b2031..0000000000
Binary files a/windows/deployment/images/mdt-09-fig03.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig04.png b/windows/deployment/images/mdt-09-fig04.png
deleted file mode 100644
index f123d85af5..0000000000
Binary files a/windows/deployment/images/mdt-09-fig04.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig06.png b/windows/deployment/images/mdt-09-fig06.png
deleted file mode 100644
index 49042d95f3..0000000000
Binary files a/windows/deployment/images/mdt-09-fig06.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig07.png b/windows/deployment/images/mdt-09-fig07.png
deleted file mode 100644
index a2a9093ff0..0000000000
Binary files a/windows/deployment/images/mdt-09-fig07.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig08.png b/windows/deployment/images/mdt-09-fig08.png
deleted file mode 100644
index c73ef398e4..0000000000
Binary files a/windows/deployment/images/mdt-09-fig08.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig09.png b/windows/deployment/images/mdt-09-fig09.png
deleted file mode 100644
index 14614aaa42..0000000000
Binary files a/windows/deployment/images/mdt-09-fig09.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig10.png b/windows/deployment/images/mdt-09-fig10.png
deleted file mode 100644
index cdcb9709ce..0000000000
Binary files a/windows/deployment/images/mdt-09-fig10.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig11.png b/windows/deployment/images/mdt-09-fig11.png
deleted file mode 100644
index dd38911dfc..0000000000
Binary files a/windows/deployment/images/mdt-09-fig11.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig12.png b/windows/deployment/images/mdt-09-fig12.png
deleted file mode 100644
index ed363ae01a..0000000000
Binary files a/windows/deployment/images/mdt-09-fig12.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig13.png b/windows/deployment/images/mdt-09-fig13.png
deleted file mode 100644
index 5155b0ecf0..0000000000
Binary files a/windows/deployment/images/mdt-09-fig13.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig14.png b/windows/deployment/images/mdt-09-fig14.png
deleted file mode 100644
index f294a8d69f..0000000000
Binary files a/windows/deployment/images/mdt-09-fig14.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig15.png b/windows/deployment/images/mdt-09-fig15.png
deleted file mode 100644
index f8de66afbd..0000000000
Binary files a/windows/deployment/images/mdt-09-fig15.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig16.png b/windows/deployment/images/mdt-09-fig16.png
deleted file mode 100644
index ad04b64077..0000000000
Binary files a/windows/deployment/images/mdt-09-fig16.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig17.png b/windows/deployment/images/mdt-09-fig17.png
deleted file mode 100644
index fe4503b950..0000000000
Binary files a/windows/deployment/images/mdt-09-fig17.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig18.png b/windows/deployment/images/mdt-09-fig18.png
deleted file mode 100644
index 4f087172d9..0000000000
Binary files a/windows/deployment/images/mdt-09-fig18.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig19.png b/windows/deployment/images/mdt-09-fig19.png
deleted file mode 100644
index 917444c811..0000000000
Binary files a/windows/deployment/images/mdt-09-fig19.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig20.png b/windows/deployment/images/mdt-09-fig20.png
deleted file mode 100644
index 6c2d1c4dba..0000000000
Binary files a/windows/deployment/images/mdt-09-fig20.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig21.png b/windows/deployment/images/mdt-09-fig21.png
deleted file mode 100644
index 628ea98ad9..0000000000
Binary files a/windows/deployment/images/mdt-09-fig21.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig22.png b/windows/deployment/images/mdt-09-fig22.png
deleted file mode 100644
index 9d71f62796..0000000000
Binary files a/windows/deployment/images/mdt-09-fig22.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig23.png b/windows/deployment/images/mdt-09-fig23.png
deleted file mode 100644
index 4cd29dc389..0000000000
Binary files a/windows/deployment/images/mdt-09-fig23.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig24.png b/windows/deployment/images/mdt-09-fig24.png
deleted file mode 100644
index 89cb67a048..0000000000
Binary files a/windows/deployment/images/mdt-09-fig24.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig25.png b/windows/deployment/images/mdt-09-fig25.png
deleted file mode 100644
index fb308c0be5..0000000000
Binary files a/windows/deployment/images/mdt-09-fig25.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig26.png b/windows/deployment/images/mdt-09-fig26.png
deleted file mode 100644
index 681c6516cd..0000000000
Binary files a/windows/deployment/images/mdt-09-fig26.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig27.png b/windows/deployment/images/mdt-09-fig27.png
deleted file mode 100644
index 396290346d..0000000000
Binary files a/windows/deployment/images/mdt-09-fig27.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig28.png b/windows/deployment/images/mdt-09-fig28.png
deleted file mode 100644
index d36dda43fa..0000000000
Binary files a/windows/deployment/images/mdt-09-fig28.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig29.png b/windows/deployment/images/mdt-09-fig29.png
deleted file mode 100644
index 404842d49c..0000000000
Binary files a/windows/deployment/images/mdt-09-fig29.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig30.png b/windows/deployment/images/mdt-09-fig30.png
deleted file mode 100644
index be962f40ec..0000000000
Binary files a/windows/deployment/images/mdt-09-fig30.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig31.png b/windows/deployment/images/mdt-09-fig31.png
deleted file mode 100644
index a40aa9d3bb..0000000000
Binary files a/windows/deployment/images/mdt-09-fig31.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-09-fig32.png b/windows/deployment/images/mdt-09-fig32.png
deleted file mode 100644
index 446812a3e8..0000000000
Binary files a/windows/deployment/images/mdt-09-fig32.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-10-fig01.png b/windows/deployment/images/mdt-10-fig01.png
deleted file mode 100644
index 8a3ebd9711..0000000000
Binary files a/windows/deployment/images/mdt-10-fig01.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-10-fig05.png b/windows/deployment/images/mdt-10-fig05.png
deleted file mode 100644
index 8625f2972b..0000000000
Binary files a/windows/deployment/images/mdt-10-fig05.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-10-fig06.png b/windows/deployment/images/mdt-10-fig06.png
deleted file mode 100644
index 91dc7c5c33..0000000000
Binary files a/windows/deployment/images/mdt-10-fig06.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-10-fig09.png b/windows/deployment/images/mdt-10-fig09.png
deleted file mode 100644
index bb5010a93d..0000000000
Binary files a/windows/deployment/images/mdt-10-fig09.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-apps.png b/windows/deployment/images/mdt-apps.png
deleted file mode 100644
index 72ee2268f2..0000000000
Binary files a/windows/deployment/images/mdt-apps.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-monitoring.png b/windows/deployment/images/mdt-monitoring.png
deleted file mode 100644
index c49732223a..0000000000
Binary files a/windows/deployment/images/mdt-monitoring.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-offline-media.png b/windows/deployment/images/mdt-offline-media.png
deleted file mode 100644
index d81ea4e0d8..0000000000
Binary files a/windows/deployment/images/mdt-offline-media.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-post-upg.png b/windows/deployment/images/mdt-post-upg.png
deleted file mode 100644
index f41d2ff32b..0000000000
Binary files a/windows/deployment/images/mdt-post-upg.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-replace.png b/windows/deployment/images/mdt-replace.png
deleted file mode 100644
index d731037d38..0000000000
Binary files a/windows/deployment/images/mdt-replace.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-rules.png b/windows/deployment/images/mdt-rules.png
deleted file mode 100644
index b01c519635..0000000000
Binary files a/windows/deployment/images/mdt-rules.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-upgrade-proc.png b/windows/deployment/images/mdt-upgrade-proc.png
deleted file mode 100644
index 07a968aed0..0000000000
Binary files a/windows/deployment/images/mdt-upgrade-proc.png and /dev/null differ
diff --git a/windows/deployment/images/mdt-upgrade.png b/windows/deployment/images/mdt-upgrade.png
deleted file mode 100644
index c794526ad5..0000000000
Binary files a/windows/deployment/images/mdt-upgrade.png and /dev/null differ
diff --git a/windows/deployment/images/monitor-pc0001.png b/windows/deployment/images/monitor-pc0001.png
deleted file mode 100644
index 072b9cb58c..0000000000
Binary files a/windows/deployment/images/monitor-pc0001.png and /dev/null differ
diff --git a/windows/deployment/images/office-folder.png b/windows/deployment/images/office-folder.png
deleted file mode 100644
index 722cc4d664..0000000000
Binary files a/windows/deployment/images/office-folder.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001-monitor.png b/windows/deployment/images/pc0001-monitor.png
deleted file mode 100644
index 7ba8e198bf..0000000000
Binary files a/windows/deployment/images/pc0001-monitor.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001a.png b/windows/deployment/images/pc0001a.png
deleted file mode 100644
index 0f2be5a865..0000000000
Binary files a/windows/deployment/images/pc0001a.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001b.png b/windows/deployment/images/pc0001b.png
deleted file mode 100644
index 456f6071a9..0000000000
Binary files a/windows/deployment/images/pc0001b.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001c.png b/windows/deployment/images/pc0001c.png
deleted file mode 100644
index d093e58d0a..0000000000
Binary files a/windows/deployment/images/pc0001c.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001d.png b/windows/deployment/images/pc0001d.png
deleted file mode 100644
index 14f14a2e91..0000000000
Binary files a/windows/deployment/images/pc0001d.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001e.png b/windows/deployment/images/pc0001e.png
deleted file mode 100644
index 41264f2c63..0000000000
Binary files a/windows/deployment/images/pc0001e.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001f.png b/windows/deployment/images/pc0001f.png
deleted file mode 100644
index 8261c40953..0000000000
Binary files a/windows/deployment/images/pc0001f.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001g.png b/windows/deployment/images/pc0001g.png
deleted file mode 100644
index 5fd7f8a4a7..0000000000
Binary files a/windows/deployment/images/pc0001g.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001h.png b/windows/deployment/images/pc0001h.png
deleted file mode 100644
index 65bead5840..0000000000
Binary files a/windows/deployment/images/pc0001h.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001i.png b/windows/deployment/images/pc0001i.png
deleted file mode 100644
index 76247a04df..0000000000
Binary files a/windows/deployment/images/pc0001i.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001j.png b/windows/deployment/images/pc0001j.png
deleted file mode 100644
index 01d8fe22b7..0000000000
Binary files a/windows/deployment/images/pc0001j.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001k.png b/windows/deployment/images/pc0001k.png
deleted file mode 100644
index 1f591d5164..0000000000
Binary files a/windows/deployment/images/pc0001k.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001l.png b/windows/deployment/images/pc0001l.png
deleted file mode 100644
index a2d491cef7..0000000000
Binary files a/windows/deployment/images/pc0001l.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001m.png b/windows/deployment/images/pc0001m.png
deleted file mode 100644
index d9e07b5d8a..0000000000
Binary files a/windows/deployment/images/pc0001m.png and /dev/null differ
diff --git a/windows/deployment/images/pc0001n.png b/windows/deployment/images/pc0001n.png
deleted file mode 100644
index 10819a15d9..0000000000
Binary files a/windows/deployment/images/pc0001n.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003a.png b/windows/deployment/images/pc0003a.png
deleted file mode 100644
index 31d8d4068c..0000000000
Binary files a/windows/deployment/images/pc0003a.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003b.png b/windows/deployment/images/pc0003b.png
deleted file mode 100644
index 8df2b066e6..0000000000
Binary files a/windows/deployment/images/pc0003b.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003c.png b/windows/deployment/images/pc0003c.png
deleted file mode 100644
index 69db9cc567..0000000000
Binary files a/windows/deployment/images/pc0003c.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003d.png b/windows/deployment/images/pc0003d.png
deleted file mode 100644
index d36e293f74..0000000000
Binary files a/windows/deployment/images/pc0003d.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003e.png b/windows/deployment/images/pc0003e.png
deleted file mode 100644
index 09be89ba61..0000000000
Binary files a/windows/deployment/images/pc0003e.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003f.png b/windows/deployment/images/pc0003f.png
deleted file mode 100644
index 6f48f797df..0000000000
Binary files a/windows/deployment/images/pc0003f.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003g.png b/windows/deployment/images/pc0003g.png
deleted file mode 100644
index a5a935de32..0000000000
Binary files a/windows/deployment/images/pc0003g.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003h.png b/windows/deployment/images/pc0003h.png
deleted file mode 100644
index 9e15738b48..0000000000
Binary files a/windows/deployment/images/pc0003h.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003i.png b/windows/deployment/images/pc0003i.png
deleted file mode 100644
index 7c7b194399..0000000000
Binary files a/windows/deployment/images/pc0003i.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003j.png b/windows/deployment/images/pc0003j.png
deleted file mode 100644
index b446bff1c2..0000000000
Binary files a/windows/deployment/images/pc0003j.png and /dev/null differ
diff --git a/windows/deployment/images/pc0003k.png b/windows/deployment/images/pc0003k.png
deleted file mode 100644
index ceead7b05b..0000000000
Binary files a/windows/deployment/images/pc0003k.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-a.png b/windows/deployment/images/pc0004-a.png
deleted file mode 100644
index afe954d28f..0000000000
Binary files a/windows/deployment/images/pc0004-a.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-b.png b/windows/deployment/images/pc0004-b.png
deleted file mode 100644
index caad109ace..0000000000
Binary files a/windows/deployment/images/pc0004-b.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-c.png b/windows/deployment/images/pc0004-c.png
deleted file mode 100644
index 21490d55a3..0000000000
Binary files a/windows/deployment/images/pc0004-c.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-d.png b/windows/deployment/images/pc0004-d.png
deleted file mode 100644
index db10b4ccdc..0000000000
Binary files a/windows/deployment/images/pc0004-d.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-e.png b/windows/deployment/images/pc0004-e.png
deleted file mode 100644
index d6472a4209..0000000000
Binary files a/windows/deployment/images/pc0004-e.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-f.png b/windows/deployment/images/pc0004-f.png
deleted file mode 100644
index 7752a700e0..0000000000
Binary files a/windows/deployment/images/pc0004-f.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004-g.png b/windows/deployment/images/pc0004-g.png
deleted file mode 100644
index 93b4812149..0000000000
Binary files a/windows/deployment/images/pc0004-g.png and /dev/null differ
diff --git a/windows/deployment/images/pc0004b.png b/windows/deployment/images/pc0004b.png
deleted file mode 100644
index f1fb129bbe..0000000000
Binary files a/windows/deployment/images/pc0004b.png and /dev/null differ
diff --git a/windows/deployment/images/pc0005-vm-office.png b/windows/deployment/images/pc0005-vm-office.png
deleted file mode 100644
index bb8e96f5af..0000000000
Binary files a/windows/deployment/images/pc0005-vm-office.png and /dev/null differ
diff --git a/windows/deployment/images/pc0005-vm.png b/windows/deployment/images/pc0005-vm.png
deleted file mode 100644
index 4b2af635c4..0000000000
Binary files a/windows/deployment/images/pc0005-vm.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006.png b/windows/deployment/images/pc0006.png
deleted file mode 100644
index 6162982966..0000000000
Binary files a/windows/deployment/images/pc0006.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006a.png b/windows/deployment/images/pc0006a.png
deleted file mode 100644
index 399f99885f..0000000000
Binary files a/windows/deployment/images/pc0006a.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006b.png b/windows/deployment/images/pc0006b.png
deleted file mode 100644
index bef284d211..0000000000
Binary files a/windows/deployment/images/pc0006b.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006c.png b/windows/deployment/images/pc0006c.png
deleted file mode 100644
index 1e8f075262..0000000000
Binary files a/windows/deployment/images/pc0006c.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006d.png b/windows/deployment/images/pc0006d.png
deleted file mode 100644
index dca5a58c2a..0000000000
Binary files a/windows/deployment/images/pc0006d.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006e.png b/windows/deployment/images/pc0006e.png
deleted file mode 100644
index 3b3ef3be99..0000000000
Binary files a/windows/deployment/images/pc0006e.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006f.png b/windows/deployment/images/pc0006f.png
deleted file mode 100644
index 8da05473b3..0000000000
Binary files a/windows/deployment/images/pc0006f.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006g.png b/windows/deployment/images/pc0006g.png
deleted file mode 100644
index 0cc69e2626..0000000000
Binary files a/windows/deployment/images/pc0006g.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006h.png b/windows/deployment/images/pc0006h.png
deleted file mode 100644
index 3ae86b01ed..0000000000
Binary files a/windows/deployment/images/pc0006h.png and /dev/null differ
diff --git a/windows/deployment/images/pc0006i.png b/windows/deployment/images/pc0006i.png
deleted file mode 100644
index 42c8e2adfa..0000000000
Binary files a/windows/deployment/images/pc0006i.png and /dev/null differ
diff --git a/windows/deployment/images/poc-computers.png b/windows/deployment/images/poc-computers.png
deleted file mode 100644
index 6fd8039c56..0000000000
Binary files a/windows/deployment/images/poc-computers.png and /dev/null differ
diff --git a/windows/deployment/images/ps100009-1.png b/windows/deployment/images/ps100009-1.png
deleted file mode 100644
index 6bd970c352..0000000000
Binary files a/windows/deployment/images/ps100009-1.png and /dev/null differ
diff --git a/windows/deployment/images/ps100009-2.png b/windows/deployment/images/ps100009-2.png
deleted file mode 100644
index e960ad91d4..0000000000
Binary files a/windows/deployment/images/ps100009-2.png and /dev/null differ
diff --git a/windows/deployment/images/ref-image.png b/windows/deployment/images/ref-image.png
deleted file mode 100644
index 773a21e150..0000000000
Binary files a/windows/deployment/images/ref-image.png and /dev/null differ
diff --git a/windows/deployment/images/s-mode-flow-chart.png b/windows/deployment/images/s-mode-flow-chart.png
deleted file mode 100644
index c3c43cc027..0000000000
Binary files a/windows/deployment/images/s-mode-flow-chart.png and /dev/null differ
diff --git a/windows/deployment/images/smodeconfig.png b/windows/deployment/images/smodeconfig.png
deleted file mode 100644
index 2ab1fc0813..0000000000
Binary files a/windows/deployment/images/smodeconfig.png and /dev/null differ
diff --git a/windows/deployment/images/support-cycle.png b/windows/deployment/images/support-cycle.png
deleted file mode 100644
index 3f4b4e87c0..0000000000
Binary files a/windows/deployment/images/support-cycle.png and /dev/null differ
diff --git a/windows/deployment/images/svr_mgr2.png b/windows/deployment/images/svr_mgr2.png
deleted file mode 100644
index dd2e6737c6..0000000000
Binary files a/windows/deployment/images/svr_mgr2.png and /dev/null differ
diff --git a/windows/deployment/images/thinkstation.png b/windows/deployment/images/thinkstation.png
deleted file mode 100644
index 7a144ec5b3..0000000000
Binary files a/windows/deployment/images/thinkstation.png and /dev/null differ
diff --git a/windows/deployment/images/upgrademdt-fig5-winupgrade.png b/windows/deployment/images/upgrademdt-fig5-winupgrade.png
deleted file mode 100644
index f3bc05508a..0000000000
Binary files a/windows/deployment/images/upgrademdt-fig5-winupgrade.png and /dev/null differ
diff --git a/windows/deployment/images/wds-deprecation.png b/windows/deployment/images/wds-deprecation.png
deleted file mode 100644
index 2c6b02022e..0000000000
Binary files a/windows/deployment/images/wds-deprecation.png and /dev/null differ
diff --git a/windows/deployment/images/win-10-adk-select.png b/windows/deployment/images/win-10-adk-select.png
deleted file mode 100644
index 1dfaa23175..0000000000
Binary files a/windows/deployment/images/win-10-adk-select.png and /dev/null differ
diff --git a/windows/deployment/images/windows-icd.png b/windows/deployment/images/windows-icd.png
deleted file mode 100644
index 4bc8a18f4c..0000000000
Binary files a/windows/deployment/images/windows-icd.png and /dev/null differ
diff --git a/windows/deployment/images/x_blk.png b/windows/deployment/images/x_blk.png
deleted file mode 100644
index 69432ff71c..0000000000
Binary files a/windows/deployment/images/x_blk.png and /dev/null differ
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index 5e60b0c3c0..2038eeeae2 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -1,11 +1,11 @@
 ### YamlMime:Landing
 
-title: Deploy and update Windows # < 60 chars; shows at top of hub page
-summary: Learn about deploying and updating Windows client devices in your organization. # < 160 chars
+title: Windows deployment documentation # < 60 chars; shows at top of hub page
+summary: Learn about deploying and updating Windows devices in your organization. # < 160 chars
 
 metadata:
-  title: Windows client deployment documentation # Required; browser tab title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about deploying and updating Windows client devices in your organization. # Required; article description that is displayed in search results. < 160 chars.
+  title: Windows deployment documentation # Required; browser tab title displayed in search results. Include the brand. < 60 chars.
+  description: Learn about deploying and updating Windows devices in your organization. # Required; article description that is displayed in search results. < 160 chars.
   ms.topic: landing-page
   ms.service: windows-client
   ms.subservice: itpro-deploy
@@ -15,8 +15,8 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 04/01/2024
-  localization_priority: medium
+  ms.date: 08/27/2024
+  ms.localizationpriority: medium
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -27,145 +27,96 @@ landingContent:
   - linkListType: concept
     links:
     - text: Plan for Windows 11
-      url: /windows/whats-new/windows-11-plan?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+      url: /windows/whats-new/windows-11-plan?context=/windows/deployment/context/context
     - text: Create a deployment plan
       url: update/create-deployment-plan.md
-    - text: Define readiness criteria
-      url: update/plan-define-readiness.md
-    - text: Define your servicing strategy
-      url: update/plan-define-strategy.md
-    - text: Determine application readiness
-      url: update/plan-determine-app-readiness.md
     - text: Plan for volume activation
       url: volume-activation/plan-for-volume-activation-client.md
+    - text: Windows compatibility cookbook
+      url: /windows/compatibility/
 
 - title: Prepare
   linkLists:
   - linkListType: get-started
     links:
     - text: Prepare for Windows 11
-      url: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+      url: /windows/whats-new/windows-11-prepare?context=/windows/deployment/context/context
     - text: Prepare to deploy Windows updates
       url: update/prepare-deploy-windows.md
-    - text: Prepare updates using Windows Update for Business
+    - text: Prepare for Windows Update for Business
       url: update/waas-manage-updates-wufb.md
     - text: Evaluate and update infrastructure
       url: update/update-policies.md
-    - text: Set up Delivery Optimization for Windows client updates
-      url: do/waas-delivery-optimization-setup.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-    - text: Prepare for imaging with Configuration Manager
-      url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
 
 - title: Deploy
   linkLists:
   - linkListType: deploy
     links:
-    - text: Deploy Windows with Autopilot
-      url: /mem/autopilot/tutorial/autopilot-scenarios
-    - text: Assign devices to servicing channels
-      url: update/waas-servicing-channels-windows-10-updates.md
+    - text: Compare Windows Autopilot solutions
+      url: /autopilot/device-preparation/compare
     - text: Deploy updates with Intune
       url: update/deploy-updates-intune.md
     - text: Deploy Windows updates with Configuration Manager
       url: update/deploy-updates-configmgr.md
-    - text: Upgrade Windows using Configuration Manager
-      url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
-    - text: Check release health
-      url: update/check-release-health.md
+    - text: Optimize and cache content
+      url: do/index.yml
 
-- title: Windows Autopilot
+- title: Use Windows Autopilot
   linkLists:
-  - linkListType: how-to-guide
+  - linkListType: overview
     links:
-      - text: Overview
-        url: /mem/autopilot/windows-autopilot
-      - text: Scenarios
-        url: /mem/autopilot/tutorial/autopilot-scenarios
-      - text: Device registration
-        url: /mem/autopilot/registration-overview
-      - text: Learn more about Windows Autopilot >
-        url: /mem/autopilot
+      - text: Windows Autopilot device preparation overview
+        url: /autopilot/device-preparation/overview
+      - text: Windows Autopilot overview
+        url: /autopilot/overview
+  - linkListType: tutorial
+    links:
+      - text: Windows Autopilot scenarios
+        url: /autopilot/tutorial/autopilot-scenarios
+      - text: Windows Autopilot device preparation scenarios
+        url: /autopilot/device-preparation/tutorial/scenarios
 
-- title: Windows Autopatch
+- title: Use Windows Autopatch
   linkLists:
-  - linkListType: how-to-guide
+  - linkListType: overview
     links:
       - text: What is Windows Autopatch?
         url: windows-autopatch/overview/windows-autopatch-overview.md
-      - text: Frequently asked questions (FAQ)
-        url: windows-autopatch/overview/windows-autopatch-faq.yml
       - text: Prerequisites
         url: windows-autopatch/prepare/windows-autopatch-prerequisites.md
-      - text: Learn more about Windows Autopatch >
+      - text: Deployment guide
+        url: windows-autopatch/overview/windows-autopatch-deployment-guide.md
+      - text: See more >
         url: windows-autopatch/index.yml
 
-- title: Windows Update for Business
+- title: Use Windows Update for Business
   linkLists:
   - linkListType: how-to-guide
     links:
       - text: What is Windows Update for Business?
         url: update/waas-manage-updates-wufb.md
-      - text: Windows Update for Business deployment service
-        url: update/deployment-service-overview.md
-      - text: Manage Windows Update settings
-        url: update/waas-wu-settings.md
+      - text: Configure Windows Update for Business
+        url: update/waas-configure-wufb.md
       - text: Windows Update for Business reports overview
         url: update/wufb-reports-overview.md
 
-- title: Optimize and cache content
+- title: Use tools for upgrade and imaging
   linkLists:
-  - linkListType: how-to-guide
+  - linkListType: reference
     links:
-      - text: What is Delivery Optimization?
-        url: do/waas-delivery-optimization.md
-      - text: What is Microsoft Connected Cache?
-        url: do/waas-microsoft-connected-cache.md
-      - text: Frequently asked questions
-        url: do/waas-delivery-optimization-faq.yml
-      - text: Learn more about Delivery Optimization >
-        url: do/index.yml
-
-- title: In-place upgrade and imaging
-  linkLists:
-  - linkListType: how-to-guide
-    links:
-      - text: Upgrade Windows using Configuration Manager
-        url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
-      - text: Deploy a Windows image using Configuration Manager
-        url: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+      - text: Customize Windows PE boot images
+        url: customize-boot-image.md
       - text: Convert a disk from MBR to GPT
         url: mbr-to-gpt.md
+      - text: Configure a PXE server to load Windows PE
+        url: configure-a-pxe-server-to-load-windows-pe.md
       - text: Resolve Windows upgrade errors
         url: upgrade/resolve-windows-upgrade-errors.md
 
-- title: Licensing and activation
-  linkLists:
-  - linkListType: how-to-guide
-    links:
-      - text: Plan for volume activation
-        url: volume-activation/plan-for-volume-activation-client.md
-      - text: Subscription activation
-        url: windows-10-subscription-activation.md
-      - text: Volume activation management tool (VAMT)
-        url: volume-activation/introduction-vamt.md
-      - text: Activate using key management service (KMS)
-        url: volume-activation/activate-using-key-management-service-vamt.md
-      - text: Windows commercial licensing overview
-        url: /windows/whats-new/windows-licensing
-
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
 - title: More resources
   linkLists:
-  - linkListType: reference
-    # Release and lifecycle
-    links:
-      - text: Windows release health dashboard
-        url: /windows/release-health
-      - text: Windows client features lifecycle
-        url: /windows/whats-new/feature-lifecycle
-      - text: Lifecycle FAQ - Windows
-        url: /lifecycle/faq/windows
   - linkListType: download
     # Windows hardware
     links:
@@ -177,6 +128,6 @@ landingContent:
     # Community
     links:
       - text: Windows IT pro blog
-        url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+        url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows-ITPro-blog
       - text: Windows office hours
         url: https://aka.ms/windows/officehours
diff --git a/windows/deployment/media/windows10-autopilot-flowchart.png b/windows/deployment/media/windows10-autopilot-flowchart.png
deleted file mode 100644
index 878c9d483d..0000000000
Binary files a/windows/deployment/media/windows10-autopilot-flowchart.png and /dev/null differ
diff --git a/windows/deployment/media/windows10-deployment-config-manager.png b/windows/deployment/media/windows10-deployment-config-manager.png
deleted file mode 100644
index 509e041741..0000000000
Binary files a/windows/deployment/media/windows10-deployment-config-manager.png and /dev/null differ
diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
deleted file mode 100644
index e592664ec5..0000000000
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Applying Filters to Data in the SUA Tool (Windows 10)
-description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Applying Filters to Data in the SUA Tool
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you.
-
-**To apply filters to data in the SUA tool**
-
-1.  Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
-
-2.  After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues.
-
-3.  On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands.
-
-    |Options menu command|Description|
-    |--- |--- |
-    |**Filter Noise**|Filters noise from the issues.<p>This command is selected by default.|
-    |**Load Noise Filter File**|Opens the **Open Noise Filter File** dialog box, in which you can load an existing noise filter (.xml) file.|
-    |**Export Noise Filter File**|Opens the **Save Noise Filter File** dialog box, in which you can save filter settings as a noise filter (.xml) file.|
-    |**Only Display Records with Application Name in StackTrace**|Filters out records that do not have the application name in the stack trace. <p>However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.|
-    |**Show More Details in StackTrace**|Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.|
-    |**Warn Before Deleting AppVerifier Logs**|Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.<p>This command is selected by default.|
-    |**Logging**|Provides the following logging-related options:<ul><li>Show or hide log errors.<li>Show or hide log warnings.<li>Show or hide log information.</ul><p>To maintain a manageable file size, we recommend that you do not select the option to show informational messages.|
-    
-   
diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
deleted file mode 100644
index 1d4df56098..0000000000
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-title: Available Data Types and Operators in Compatibility Administrator (Windows 10)
-description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Available Data Types and Operators in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
-
-## Available Data Types
-
-Customized-compatibility databases in Compatibility Administrator contain the following data types.
-
--   **Integer**. A numerical value with no fractional part. All integers are unsigned because none of the attributes can have a negative value.
-
--   **String**. A series of alphanumeric characters manipulated as a group.
-
--   **Boolean**. A value of True or False.
-
-## Available Attributes
-
-The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
-
-|Attribute|Description|Data type|
-|--- |--- |--- |
-|APP_NAME|Name of the application.|String|
-|DATABASE_GUID|Unique ID for your compatibility database.|String|
-|DATABASE_INSTALLED|Specifies if you have installed the database.|Boolean|
-|DATABASE_NAME|Descriptive name of your database.|String|
-|DATABASE_PATH|Location of the database on your computer.|String|
-|FIX_COUNT|Number of compatibility fixes applied to a specific application.|Integer|
-|FIX_NAME|Name of your compatibility fix.|String|
-|MATCH_COUNT|Number of matching files for a specific, fixed application.|Integer|
-|MATCHFILE_NAME|Name of a matching file used to identify a specific, fixed application.|String|
-|MODE_COUNT|Number of compatibility modes applied to a specific, fixed application.|Integer|
-|MODE_NAME|Name of your compatibility mode.|String|
-|PROGRAM_APPHELPTYPE|Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program.|Integer|
-|PROGRAM_DISABLED|Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application.|Boolean|
-|PROGRAM_GUID|Unique ID for an application.|String|
-|PROGRAM_NAME|Name of the application that you are fixing.|String|
-
-## Available Operators
-
-The following table shows the operators that you can use for querying your customized-compatibility databases in the Compatibility Administrator.
-
-|Symbol|Description|Data type|Precedence|
-|--- |--- |--- |--- |
-|>|Greater than|Integer or string|1|
-|>=|Greater than or equal to|Integer or string|1|
-|<|Less than|Integer or string|1|
-|<=|Less than or equal to|Integer or string|1|
-|<>|Not equal to|Integer or string|1|
-|=|Equal to|Integer, string, or Boolean|1|
-|HAS|A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.|Left-hand operand. MATCHFILE_NAME, MODE_NAME, FIX_NAME<div class="alert">Note: Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.</div><br/>Right-hand operand. String|1|
-|OR|Logical OR operator|Boolean|2|
-|AND|Logical AND operator|Boolean|2|
-
-## Related topics
-
-[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md
deleted file mode 100644
index 853283a0cc..0000000000
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Compatibility Administrator User's Guide (Windows 10)
-manager: aaroncz
-ms.author: frankroj
-description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows.
-ms.service: windows-client
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Compatibility Administrator User's Guide
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides:
-
-- Compatibility fixes, compatibility modes, and AppHelp messages that you can use to resolve specific compatibility issues.
-
-- Tools for creating customized compatibility fixes, compatibility modes, AppHelp messages, and compatibility databases.
-
-- A query tool that you can use to search for installed compatibility fixes on your local computers.
-
-The following flowchart shows the steps for using the Compatibility Administrator tool to create your compatibility fixes, compatibility modes, and AppHelp messages.
-
-![act compatibility admin flowchart.](images/dep-win8-l-act-compatadminflowchart.jpg)
-
-> [!IMPORTANT]
-> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create and work with custom databases for 32-bit applications, and the 64-bit version to create and work with custom databases for 64-bit applications.
-
-## In this section
-
-|Topic|Description|
-|--- |--- |
-|[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)|This section provides information about using the Compatibility Administrator tool.|
-|[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)|This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.|
-|[Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)|Ensure that you deploy your customized database (.Sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including, by using a logon script, by using Group Policy, or by performing file copy operations.|
diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
deleted file mode 100644
index dd2905355f..0000000000
--- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
+++ /dev/null
@@ -1,163 +0,0 @@
----
-title: Compatibility Fix Database Management Strategies and Deployment (Windows 10)
-manager: aaroncz
-ms.author: frankroj
-description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database.
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Compatibility Fix Database Management Strategies and Deployment
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-To use fixes in application-compatibility mitigation strategy, define a strategy to manage your custom compatibility-fix database. Typically, you can use one of the two following approaches:
-
--   Deploying your compatibility fixes as part of an application-installation package.
-
--   Deploying your compatibility fixes through a centralized compatibility-fix database.
-
-Microsoft provides general recommends the following remedies for improving the management of your custom compatibility-fix databases.
-
-> [!NOTE]
-> These recommendations are not based on irrespective of the approach you decide to use. The following are the general recommendations.
-
--   **Define standards for when you will apply compatibility fixes**
-
-    Ensure that the standards and scenarios for using compatibility fixes are defined, based on your specific business and technology needs.
-
--   **Define standards for your custom compatibility-fix databases**
-
-     Compatibility fixes must include a version check, so that mapping to particular applications becomes easy. Ensure that your compatibility fixes always, so that the fix won't be applied to newer versions of your applications.
-
--   **Define your resources responsible for addressing questions and enforcing your standards**
-
-    Ensure you determine who will be responsible for staying current with the technology and standards that are related to your compatibility fixes and custom compatibility-fix databases. As your databases are managed over time, ensure that someone in your organization stays current with the relevant technology.
-
-## Strategies for Deploying Your Compatibility Fixes
-
-
-We recommend the usage of one of the two strategies to deploy your compatibility fixes into your organization. They are:
-
--   Deploying your compatibility fixes as part of an application-installation package.
-
--   Deploying your compatibility fixes through a centralized compatibility-fix database.
-
-Determine which method best meets your organization's deployment needs.
-
-### Deploying Fixes as Part of an Application-Installation Package
-
-One strategy to deploy compatibility fixes is to create a custom compatibility-fix database that contains a single entry that is applied directly to the application-installation package. While this method is the most straightforward one for deployment, it has been shown that this method can become overly complex, especially if you are fixing a large number of applications.
-
-If the following considerations apply to your organization, you should avoid this strategy and instead consider using a centralized compatibility-fix database, as described in the next section.
-
--   **How many applications require compatibility fixes?**
-
-    Custom compatibility-fix databases are actual databases. Therefore, if you have 1000 applications to be fixed, it will take longer to open and query 1000 single-row databases for a match, instead of a single database with 1000 rows.
-
--   **Will you be able to track which applications are installed on which computer?**
-
-    You might determine that your initial set of compatibility fixes isn't comprehensive, and that you must deploy an updated version of the compatibility-fix database to resolve the other issues. If you deployed the initial set by using the application-installation package, you'll be required to locate each client computer that is running the application and replace the compatibility fix.
-
-### Deploying Fixes Through a Centralized Compatibility-Fix Database
-
-The other recommended strategy for deploying compatibility fixes into your organization is to create and manage either a single custom compatibility-fix database, or else to create and manage several custom databases for large subsets of your organization. This strategy will help to enforce your company policy and to provide consistent updates for application fixes that you discover later.
-
-This approach tends to work best for organizations that have a well-developed deployment infrastructure in place, with centralized ownership of the process. We recommend that you consider the following before using this approach:
-
--   Does your organization have the tools required to deploy and update a compatibility-fix database for all of the affected computers?
-
-    If you intend to manage a centralized compatibility-fix database, you must verify that your organization has the required tools to deploy and update all of the affected computers in your organization.
-
--   Do you have centralized resources that can manage and update the centralized compatibility-fix database?
-
-    Ensure that you've identified the appropriate owners for the deployment process, for the applications, and for the database updates, in addition to determining the process by which compatibility issues can be deployed to specific computers.
-
-### Merging Centralized Compatibility-Fix Databases
-
-If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This provision enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows&reg; should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process.
-
-**To merge your custom-compatibility databases**
-
-1.  Verify that your application-compatibility testers are performing their tests on computers with the latest version of your compatibility-fix database. For example, Custom DB1.
-
-2.  If the tester determines that an application requires an extra compatibility fix that isn't a part of the original compatibility-fix database, the tester must create a new custom compatibility database with all of the required information for that single fix, for example, Custom DB2.
-
-3.  The tester applies the new Custom DB2 information to the application and then tests for both the functionality and integration, to ensure that the compatibility issues are addressed.
-
-4.  After the application passes all of the required functionality and integration tests, the tester can send Custom DB2 to the team that manages the central compatibility-fix database.
-
-5.  The team that manages the centralized database opens Custom DB1 and uses the Compatibility Administrator to include the new compatibility fixes that were included in Custom DB2.
-
-    > [!NOTE]  
-    > Custom DB1 contains a unique GUID that makes updating the database easier. For example, if you install a new version of the custom compatibility-fix database that uses the same GUID as the previous version, the computer will automatically uninstall the old version.
-
-
-
-6.  The centralized management team then redeploys the new version of Custom DB1 to all of the end users in your organization.
-
-### Deploying Your Custom Compatibility-Fix Databases
-
-Deploying your custom compatibility-fix database into your organization requires you to perform the following actions:
-
-1.  Store your custom compatibility-fix database (.sib file) in a location that is accessible to all of your organization's computers.
-
-2.  Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally.
-
-In order to meet the two requirements above, we recommend that you use one of the following two methods:
-
--   **Using a Windows Installer package and a custom script**
-
-    You can package your .sib file and a custom deployment script into a file with the .msi extension, and then deploy the .msi file into your organization.
-
-    > [!IMPORTANT]
-    > Ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft&reg; Visual Basic&reg; Scripting Edition (VBScript), the custom action type would be:
-    >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)`
-
-
--   **Using a network share and a custom script**
-
-You can store the .sib file on your network share, and then call to a script available on your specified computers.
-
-> [!IMPORTANT]  
-> Ensure that you call the script at a time when it can receive elevated rights. For example, you should call the script by using computer startup scripts instead of a user logon script. You must also ensure that the installation of the custom compatibility-fix database occurs with Administrator rights.
-
-
-
-### Example Script for installation of .sib File based on .msi File
-
-The following examples show an installation of a custom compatibility-fix database based on a .msi file.
-
-```
-'InstallSDB.vbs
-Function Install
-Dim WshShell
-Set WshShell = CreateObject("WScript.Shell")
-WshShell.Run "sdbinst.exe -q " & CHR(34) & "%ProgramFiles%\MyOrganizationSDB\MyOrg.sdb" & CHR(34), 0, true
-WshShell.Run "cmd.exe /c " & CHR(34) & "del " & CHR(34) & "%ProgramFiles%\MyOrganizationSDB\MyOrg.sdb" & CHR(34) & CHR(34), 0
-WshShell.Run "reg.exe delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{guidFromMyOrgsSdb}.sdb /f", 0
-End Function
-
-Function UnInstall
-Dim WshShell
-Set WshShell = CreateObject("WScript.Shell")
-WshShell.Run "sdbinst.exe -q -u -g {guidFromMyOrgsSdb}", 0
-End Function
-```
-
-### Initial Deployment and Updates
-
-Application-compatibility is tested, from which issues are reported, even before a new Windows operating system is deployed. To handle these issues, include the custom compatibility-fix database, which includes all of your known issues, in your corporate image. Later, update your compatibility-fix database; provide the updates by using one of the two mechanisms that are described in the "Deploying Your Custom Compatibility Fix Databases" section.
-
-## Related articles
-[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
deleted file mode 100644
index e37a77e25a..0000000000
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ /dev/null
@@ -1,162 +0,0 @@
----
-title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista
-description: Find released compatibility fixes for all Windows operating systems from Windows Vista through Windows 10.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions.
-
-> [!IMPORTANT]
-> The Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator. You must use the 32-bit version for 32-bit applications and the 64-bit version to work for 64-bit applications. You will receive an error message if you try to use the wrong version.
-
-If you start the Compatibility Administrator as an Administrator (with elevated privileges), all repaired applications can run successfully; however, virtualization and redirection might not occur as expected. To verify that a compatibility fix addresses an issue, you must test the repaired application by running it under the destination user account.
-
-## Compatibility Fixes
-
-The following table lists the known released compatibility fixes for all Windows operating systems from Windows Vista through Windows 10. The fixes are listed in alphabetical order.
-
-|Fix|Fix Description|
-|--- |--- |
-|8And16BitAggregateBlts|8/16-bit mitigation can cause performance issues in applications. This layer aggregates all the blt operations and improves performance.|
-|8And16BitDXMaxWinMode|The 8/16-bit mitigation runs applications that use DX8/9 in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode.|
-|8And16BitGDIRedraw|This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette.|
-|AccelGdipFlush|This fix increases the speed of GdipFlush, which has perf issues in DWM.|
-|AoaMp4Converter|This fix resolves a display issue for the AoA Mp4 Converter.|
-|BIOSRead|This problem is indicated when an application can't access the **Device\PhysicalMemory** object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.<p>The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the **\Device\Physical** memory information.|
-|BlockRunasInteractiveUser|This problem occurs when **InstallShield** creates installers and uninstallers that fail to complete and that generate error messages or warnings.<p>The fix blocks **InstallShield** from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](/previous-versions/windows/it-pro/windows-7/dd638336(v=ws.10)).</div>|
-|ChangeFolderPathToXPStyle|This fix is required when an application can't return shell folder paths when it uses the **SHGetFolder** API.<p>The fix intercepts the **SHGetFolder**path request to the common **appdata** file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.|
-|ClearLastErrorStatusonIntializeCriticalSection|This fix is indicated when an application fails to start.<p>The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS.|
-|CopyHKCUSettingsFromOtherUsers|This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users.<p>The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area.<p>You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: Software\MyCompany\Key1^Software\MyCompany\Key2.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](/previous-versions/windows/it-pro/windows-7/dd638375(v=ws.10)).</div>|
-|CorrectCreateBrushIndirectHatch|This problem occurs when an access violation error message displays and the application fails when you select or crop an image.<p>The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted.|
-|CorrectFilePaths|This problem occurs when: <ul><li>An application tries to write files to the hard disk and is denied access.</li><li>An application receives a file not found or path not found error message.</li></ul><p>The fix modifies the file path names to point to a new location on the hard disk.<div class="alert">**Note:** For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](/previous-versions/windows/it-pro/windows-7/cc766201(v=ws.10)). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you're applying it to a setup installation file.</div>|
-|CorrectFilePathsUninstall|This problem occurs when an uninstalled application leaves behind files, directories, and links.<p>The fix corrects the file paths that are used by the uninstallation process of an application.<div class="alert">**Note:** For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](/previous-versions/windows/it-pro/windows-7/dd638414(v=ws.10)). We recommend that you use this fix together with the CorrectFilePaths fix if you're applying it to a setup installation file.</div>|
-|CorrectShellExecuteHWND|This problem occurs when you start an executable (.exe) and:<ul><li>A taskbar item blinks instead of an elevation prompt being opened, or when the application doesn't provide a valid HWND value when it calls the ShellExecute(Ex) function.<p>The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value.<div class="alert">**Note:** For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](/previous-versions/windows/it-pro/windows-7/cc722028(v=ws.10)).</div>|
-|CustomNCRender|This fix instructs DWM to not render the non-client area forcing the application to do its own NC rendering. This issue often gives windows an XP look.|
-|DelayApplyFlag|This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded.<p>You can control this fix further by typing the following command at the command prompt:<p>`DLL_Name;Flag_Type;Hexidecimal_Value`<br>Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64 bits long.<div class="alert">**Note:** The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash ().</div>|
-|DeprecatedServiceShim|The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays.<p>The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter.<p>You can control this fix further by typing the following command at the command prompt:<p>`Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2` where:<ul><li>Deprecated_Service is the name of the deprecated service</li><li>App_Service is the name of the specific application service that is to be modified</li></ul>For example, NtLmSsp\WMI.<div class="alert">**Note:** If you don't provide an App_Service name, the deprecated service is removed from all newly created services.</div><div class="alert">**Note:** You can separate multiple entries with a forward slash (/).</div>|
-|DirectXVersionLie|This problem occurs when an application fails because it doesn't find the correct version number for DirectX®.<p>The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version.</div><p>You can control this fix further by typing the following command at the command prompt:<br>`MAJORVERSION.MINORVERSION.LETTER`<p>For example, 9.0.c.|
-|DetectorDWM8And16Bit|This fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes aren't supported in Windows 8 .|
-|Disable8And16BitD3D|This fix improves performance of 8/16-bit color applications that render using D3D and don't mix direct draw.|
-|Disable8And16BitModes|This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes.|
-|DisableDWM|The problem occurs when some objects aren't drawn or object artifacts remain on the screen in an application.<p>The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the DisableDWM Fix](/previous-versions/windows/it-pro/windows-7/cc722418(v=ws.10)).</div>|
-|DisableFadeAnimations|The problem is indicated when an application fades animation, buttons, or other controls don't function properly.<p>The fix disables the fade animations functionality for unsupported applications.|
-|DisableThemeMenus|The problem occurs when an application behaves unpredictably when it tries to detect and use the correct Windows settings.<p>The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.|
-|DisableWindowsDefender|The fix disables Windows Defender for security applications that don't work with Windows Defender.|
-|DWM8And16BitMitigation|The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes aren't supported in Windows 8.|
-|DXGICompat|The fix allows application-specific compatibility instructions to be passed to the DirectX engine.|
-|DXMaximizedWindowedMode|Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D.|
-|ElevateCreateProcess|The problem is indicated when: <ul><li>installations</li><li>de-installations</li><li>updates</li></ul> fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message.<p>The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code is returned unchanged.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](/previous-versions/windows/it-pro/windows-7/cc722422(v=ws.10)).</div>|
-|EmulateOldPathIsUNC|The problem occurs when an application fails because of an incorrect UNC path.<p>The fix exchanges the PathIsUNC function to return a value of True for UNC paths in Windows.|
-|EmulateGetDiskFreeSpace|The problem is indicated when an application fails to install or to run. An error message is generated that there isn't enough free disk space to install or use the application. The error message occurs even though there's enough free disk space to meet the application requirements.<p>The fix determines the amount of free space. If the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB. However, if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual-free space amount.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](/previous-versions/windows/it-pro/windows-7/ff720129(v=ws.10)).</div>|
-|EmulateSorting|The problem occurs when an application experiences search functionality issues.<p>The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table.<div class="alert">**Note:** For more detailed information about this e application fix, see [Using the EmulateSorting Fix](/previous-versions/windows/it-pro/windows-7/cc749209(v=ws.10)).</div>|
-|EmulateSortingWindows61|The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs.|
-|EnableRestarts|The problem is indicated when an application and computer appear to hang because processes can't end to allow the computer to complete its restart processes.<p>The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the EnableRestarts Fix](/previous-versions/windows/it-pro/windows-7/ff720128(v=ws.10)).</div>|
-|ExtraAddRefDesktopFolder|The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed.<p>The fix invokes the AddRef() method on the Desktop folder, which the SHGetDesktopFolder function returns, to counteract the problem.|
-|FailObsoleteShellAPIs|The problem occurs when an application fails because it generated deprecated API calls.<p>The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail.<div class="alert">**Note:** You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail.</div>|
-|FailRemoveDirectory|The problem occurs when an application uninstall process doesn't remove all of the application files and folders.<p>This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path - no partial paths are supported.<p>The fix resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.|
-|FakeLunaTheme|The problem occurs when a theme application doesn't properly display: the colors are washed out or the user interface isn't detailed.<p>The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna).<div class="alert">**Note:** For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](/previous-versions/windows/it-pro/windows-7/cc766315(v=ws.10)).</div>|
-|FlushFile|This problem is indicated when a file is updated and changes don't immediately appear on the hard disk. Applications can't see the file changes.<p>The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.|
-|FontMigration|The fix replaces an application-requested font with a better font selection, to avoid text truncation.|
-|ForceAdminAccess|The problem occurs when an application fails to function during an explicit administrator check.<p>The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](/previous-versions/windows/it-pro/windows-7/cc766024(v=ws.10)).</div>|
-|ForceInvalidateOnClose|The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages.|
-|ForceLoadMirrorDrvMitigation|The fix loads the Windows 8-mirror driver mitigation for applications where the mitigation isn't automatically applied.|
-|FreestyleBMX|The fix resolves an application race condition that is related to window message order.|
-|GetDriveTypeWHook|The application presents unusual behavior during installation; for example, the setup program states that it can't install to a user-specified location.<p>The fix exchanges GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly formed file path when it tries to retrieve the drive type on which the file path exists.|
-|GlobalMemoryStatusLie|The problem occurs when a Computer memory full error message that displays when you start an application.<p>The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size.|
-|HandleBadPtr|The problem occurs when an access violation error message that displays because an API is performing pointer validation before it uses a parameter.<p>The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the more parameter validation.|
-|HandleMarkedContentNotIndexed|The problem occurs when an application that fails when it changes an attribute on a file or directory.<p>The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory. The fix then resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.|
-|HeapClearAllocation|The problem is indicated when the allocation process shuts down unexpectedly.<p>The fix uses zeros to clear out the heap allocation for an application.|
-|IgnoreAltTab|The problem occurs when an application fails to function when special key combinations are used.<p>The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](/previous-versions/windows/it-pro/windows-7/cc722093(v=ws.10)).</div>|
-|IgnoreChromeSandbox|The fix allows Google Chrome to run on systems where ntdll is loaded above 4 GB.|
-|IgnoreDirectoryJunction|The problem occurs when a read or access violation error message that displays when an application tries to find or open files.<p>The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW, and FindFirstFileA APIs to prevent them from returning directory junctions.<div class="alert">**Note:** Symbolic links appear to start in Windows Vista.</div>|
-|IgnoreException|The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen.<p>The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception.<p>You can control this fix further by typing the following command at the command prompt:<p>`Exception1;Exception2`<br>Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.<p>**Important:** You should use this compatibility fix only if you're certain that it's acceptable to ignore the exception. You might experience more compatibility issues if you choose to incorrectly ignore an exception.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the IgnoreException Fix](/previous-versions/windows/it-pro/windows-7/cc766154(v=ws.10)).</div>|
-|IgnoreFloatingPointRoundingControl|This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application.<p>Before the C runtime library supported floating point SSE2, it ignored the rounding control request and used the round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior.|
-|IgnoreFontQuality|The problem occurs when application text appears to be distorted.<p>The fix enables color-keyed fonts to properly work with anti-aliasing.|
-|IgnoreMessageBox|The problem occurs when a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system.<p>The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](/previous-versions/windows/it-pro/windows-7/cc749044(v=ws.10)).</div>|
-|IgnoreMSOXMLMF|The problem occurs when an error message that states that the operating system can't locate the MSVCR80D.DLL file.<p>The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system anytime that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix ignores the registered MSOXMLMF and fails the CoGetClassObject for its CLSID.|
-|IgnoreSetROP2|The fix ignores read-modify-write operations on the desktop to avoid performance issues.|
-|InstallComponent|The fix prompts the user to install.Net 3.5 or .NET 2.0 because .NET isn't included with Windows 8.|
-|LoadLibraryRedirect|The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application.|
-|LocalMappedObject|The problem occurs when an application unsuccessfully tries to create an object in the Global namespace.<p>The fix intercepts the function call to create the object and replaces the word Global with Local.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the LocalMappedObject Fix](/previous-versions/windows/it-pro/windows-7/cc749287(v=ws.10)).</div>|
-|MakeShortcutRunas|The problem is indicated when an application fails to uninstall because of access-related errors.<p>The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installationenabling the uninstallation to occur later.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix](/previous-versions/windows/it-pro/windows-7/dd638338(v=ws.10))</div>|
-|ManageLinks|The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs.|
-|MirrorDriverWithComposition|The fix allows mirror drivers to work properly with acceptable performance with desktop composition.|
-|MoveToCopyFileShim|The problem occurs when an application experiences security access issues during setup.<p>The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue.|
-|OpenDirectoryAcl|The problem occurs when an error message that states that you don't have the appropriate permissions to access the application.<p>The fix reduces the security privilege levels on a specified set of files and folders.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](/previous-versions/windows/it-pro/windows-7/dd638417(v=ws.10)).</div>|
-|PopCapGamesForceResPerf|The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution.|
-|PreInstallDriver|The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process.|
-|PreInstallSmarteSECURE|The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process.|
-|ProcessPerfData|The problem occurs because the application tried to read the process performance data registry value to determine if another instance of the application is running. This problem results in an Unhandled Exception error message.<p>The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it's the only instance running.<div class="alert">**Note:** This issue seems to occur most frequently with .NET applications.|
-|PromoteDAM|The fix registers an application for power state change notifications.</div>|
-|PropagateProcessHistory|The problem occurs when an application incorrectly fails to apply an application fix.<p>The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes.|
-|ProtectedAdminCheck|The problem occurs when an application fails to run because of incorrect Protected Administrator permissions.<p>The fix addresses the issues that occur when applications use non-standard Administrator checks. This issue can result in false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but the SID is set as deny-only.|
-|RedirectCRTTempFile|The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume. The fix instead redirects the calls to a temporary file in the user's temporary directory.|
-|RedirectHKCUKeys|The problem occurs when an application can't be accessed because of User Account Control (UAC) restrictions.<p>The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.|
-|RedirectMP3Codec|This problem occurs when you can't play MP3 files.<p>The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version.|
-|RedirectShortcut|The problem occurs when an application's shortcut can't be accessed, or the application uninstallation process doesn't remove application shortcuts.<p>The fix redirects all of the shortcuts created during the application setup to appear according to a specified path.<p>Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users.<br>Desktop or Quick Launch shortcuts: You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.<p>This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user can't access the shortcuts.<p>You can't apply this fix to an .exe file that includes a manifest and provides a run level.|
-|RelaunchElevated|The problem occurs when installers, uninstallers, or updaters fail when they're started from a host application.<p>The fix enables a child .exe file to run with elevated privileges when it's difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the RelaunchElevated Fix](/previous-versions/windows/it-pro/windows-7/dd638373(v=ws.10)).</div>|
-|RetryOpenSCManagerWithReadAccess|The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message.<p>The fix retries the call and requests a more restricted set of rights that include the following items:<li>SC_MANAGER_CONNECT<li>SC_MANAGER_ENUMERATE_SERVICE<li>SC_MANAGER_QUERY_LOCK_STATUS<li>STANDARD_READ_RIGHTS<div class="alert">**Note:** For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](/previous-versions/windows/it-pro/windows-7/cc721915(v=ws.10)).</div>|
-|RetryOpenServiceWithReadAccess|The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays.<p>The fix retries the OpenService() API call and verifies that the user has Administrator rights, isn't a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this fix to work<div class="alert">**Note:** For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](/previous-versions/windows/it-pro/windows-7/cc766423(v=ws.10)).</div>|
-|RunAsAdmin|The problem occurs when an application fails to function by using the Standard User or Protected Administrator account.<p>The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the RunAsAdmin Fix](/previous-versions/windows/it-pro/windows-7/dd638315(v=ws.10)).</div>|
-|RunAsHighest|The problem occurs when administrators can't view the read/write version of an application that presents a read-only view to standard users.<p>The fix enables the application to run by using the highest available permissions. This fix is the equivalent of specifying highestAvailable in an application manifest.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the RunAsHighest Fix](/previous-versions/windows/it-pro/windows-7/dd638322(v=ws.10)).</div>|
-|RunAsInvoker|The problem occurs when an application isn't detected as requiring elevation.<p>The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This fix is the equivalent of specifying asInvoker in an application manifest.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the RunAsInvoker Fix](/previous-versions/windows/it-pro/windows-7/dd638389(v=ws.10)).</div>|
-|SecuROM7|The fix repairs applications by using SecuROM7 for copy protection.|
-|SessionShim|The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter.<p>At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified.<p>**Important:** Users can't sign in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the SessionShim Fix](/previous-versions/windows/it-pro/windows-7/cc722085(v=ws.10)).</div>|
-|SetProtocolHandler|The fix registers an application as a protocol handler.<p>You can control this fix further by typing the following command at the command prompt:`Client;Protocol;App`<br>Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application.<div class="alert">**Note:** Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash ().</div>|
-|SetupCommitFileQueueIgnoreWow|The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers.<p>The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup.|
-|SharePointDesigner2007|The fix resolves an application bug that severely slows the application when it runs in DWM.|
-|ShimViaEAT|The problem occurs when an application fails, even after applying a compatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue.<p>The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion.<div class="alert">**Note:** For more information about this application fix, see [Using the ShimViaEAT Fix](/previous-versions/windows/it-pro/windows-7/cc766286(v=ws.10)).</div>|
-|ShowWindowIE|The problem occurs when a web application experiences navigation and display issues because of the tabbing feature.<p>The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window.|
-|SierraWirelessHideCDROM|The fix repairs the Sierra Wireless Driver installation preventing bugcheck.|
-|Sonique2|The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value.|
-|SpecificInstaller|The problem occurs when the GenericInstaller function fails to pick up an application installation file.<p>The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the SpecificInstaller Fix](/previous-versions/windows/it-pro/windows-7/dd638397(v=ws.10)).</div>|
-|SpecificNonInstaller|The problem occurs when an application that isn't an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function.<p>The fix flags the application to exclude it from detection by the GenericInstaller function.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](/previous-versions/windows/it-pro/windows-7/dd638326(v=ws.10)).</div>|
-|SystemMetricsLie|The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions.|
-|TextArt|The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue.|
-|TrimDisplayDeviceNames|The fix trims the names returned by the EnumDisplayDevices API of the display devices.|
-|UIPICompatLogging|The fix enables the logging of Windows messages from Internet Explorer and other processes.|
-|UIPIEnableCustomMsgs|The problem occurs when an application doesn't properly communicate with other processes because customized Windows messages aren't delivered.<p>The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code.<p>You can control this fix further by typing the following command at the command prompt:<p>`MessageString1 MessageString2`<br>Where MessageString1 and MessageString2 reflect the message strings that can pass.<div class="alert">**Note:** You must separate multiple message strings by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](/previous-versions/windows/it-pro/windows-7/dd638320(v=ws.10)).</div>|
-|UIPIEnableStandardMsgs|The problem occurs when an application doesn't communicate properly with other processes because standard Windows messages aren't delivered.<p>The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code.<p>You can control this fix further by typing the following command at the command prompt:<p>`1055 1056 1069`<p>Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass.<div class="alert">**Note:** You can separate multiple messages with spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](/previous-versions/windows/it-pro/windows-7/dd638361(v=ws.10)).</div>|
-|VirtualizeDeleteFileLayer|The fix virtualizes DeleteFile operations for applications that try to delete protected files.|
-|VirtualizeDesktopPainting|This fix improves the performance of several operations on the Desktop DC while using DWM.|
-|VirtualRegistry|The problem is indicated when a Component failed to be located error message displays when an application is started.<p>The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on.<p>For more detailed information about this application fix, see [Using the VirtualRegistry Fix](/previous-versions/windows/it-pro/windows-7/cc749368(v=ws.10)).|
-|VirtualizeDeleteFile|The problem occurs when several error messages display and the application can't delete files.<p>The fix makes the application's DeleteFile function call a virtual call to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](/previous-versions/windows/it-pro/windows-7/dd638360(v=ws.10)).</div>|
-|VirtualizeHKCRLite|The problem occurs when an application fails to register COM components at runtime.<p>The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This fix operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance.<p>HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application isn't elevated and is ignored if the application is elevated.<p>You typically use this compatibility fix with the VirtualizeRegisterTypeLib fix.<br>For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](/previous-versions/windows/it-pro/windows-7/dd638327(v=ws.10)).|
-|VirtualizeRegisterTypeLib|The fix when used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This fix functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](/previous-versions/windows/it-pro/windows-7/dd638385(v=ws.10)).</div>|
-|WaveOutIgnoreBadFormat|When this problem occurs when an Unable to initialize sound device from your audio driver error occurs; the application then closes.<p>The fix enables the application to ignore the format error and continue to function properly.|
-|WerDisableReportException|The fix turns off the silent reporting of exceptions, including those exceptions reported by Object Linking and Embedding-Database (OLE DB), to the Windows Error Reporting tool. The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message.|
-|Win7RTM/Win8RTM|The layer provides the application with Windows 7/Windows 8 compatibility mode.|
-|WinxxRTMVersionLie|The problem occurs when an application fails because it doesn't find the correct version number for the required Windows operating system.<p>All version lie compatibility fixes address the issue whereby an application fails to function because it's checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer.|
-|Wing32SystoSys32|The problem occurs when an error message that states that the WinG library wasn't properly installed.<p>The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory.<p>**Important:** The application must have Administrator privileges for this fix to work.|
-|WinSrv08R2RTM||
-|WinXPSP2VersionLie|The problem occurs when an application experiences issues because of a VB runtime DLL.<p>The fix forces the application to follow these steps:<li>Open the Compatibility Administrator, and then select None for Operating System Mode.<li>On the Compatibility Fixes page, select WinXPSP2VersionLie, and then select Parameters.<li>The Options for /<fix_name/>; dialog box appears.<li>Type vbrun60.dll into the Module Name box, select Include, and then select Add.<li>Save the custom database.<div class="alert">**Note:** For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](/previous-versions/windows/it-pro/windows-7/cc749518(v=ws.10)).</div>|
-|WRPDllRegister|The application fails when it tries to register a COM component that is released together with Windows Vista and later.<p>The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions.<p>You can control this fix further by typing the following command at the command prompt:<p>`Component1.dll;Component2.dll`<br>Where Component1.dll and Component2.dll reflect the components to be skipped.<div class="alert">**Note:** For more detailed information about this application fix, see [Using the WRPDllRegister Fix](/previous-versions/windows/it-pro/windows-7/dd638345(v=ws.10)).</div>|
-|WRPMitigation|The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access.<p>The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue.<div class="alert">**Note:** For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](/previous-versions/windows/it-pro/windows-7/dd638325(v=ws.10)).</div>|
-|WRPRegDeleteKey|The problem occurs when an access denied error message that displays when the application tries to delete a registry key.<p>The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process.|
-|XPAfxIsValidAddress|The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress.|
-
-## Compatibility Modes
-
-The following table lists the known compatibility modes.
-
-|Compatibility Mode Name|Description|Included Compatibility Fixes|
-|--- |--- |--- |
-|WinSrv03|Emulates the Windows Server 2003 operating system.|<li>Win2k3RTMVersionLie<li>VirtualRegistry<li>ElevateCreateProcess<li>EmulateSorting<li>FailObsoleteShellAPIs<li>LoadLibraryCWD<li>HandleBadPtr<li>GlobalMemoryStatus2 GB<li>RedirectMP3Codec<li>EnableLegacyExceptionHandlinginOLE<li>NoGhost<li>HardwareAudioMixer|
-|WinSrv03Sp1|Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system.|<li>Win2K3SP1VersionLie<li>VirtualRegistry<li>ElevateCreateProcess<li>EmulateSorting<li>FailObsoleteShellAPIs<li>LoadLibraryCWD<li>HandleBadPtr<li>EnableLegacyExceptionHandlinginOLE<li>RedirectMP3Codec<li>HardwareAudioMixer|
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
deleted file mode 100644
index c1946e6941..0000000000
--- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Creating a Custom Compatibility Fix in Compatibility Administrator (Windows 10)
-description: The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Creating a Custom Compatibility Fix in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Compatibility Administrator tool uses the term *fix* to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.
-
-> [!IMPORTANT]
-> Fixes apply to a single application only; therefore, you must create multiple fixes if you need to fix the same issue in multiple applications.
-
-## What is a Compatibility Fix?
-
-A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can mean anything from disabling a new feature in the current version of the operating system to emulating a particular behavior of an older version of the Windows API.
-
-## Searching for Existing Compatibility Fixes
-
-The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility fix, you can search for an existing application and then copy and paste the known fixes into your customized database.
-
-> [!IMPORTANT]
-> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
-
-**To search for an existing application**
-
-1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
-2. Click the application name to view the preloaded compatibility fixes, compatibility modes, or AppHelp messages.
-
-## Creating a New Compatibility Fix
-
-If you are unable to find a preloaded compatibility fix for your application, you can create a new one for use by your customized database.
-
-**To create a new compatibility fix**
-
-1.  In the left-side pane of Compatibility Administrator underneath the **Custom Databases** heading, right-click the name of the database to which you want to apply the compatibility fix, click **Create New**, and then click **Application Fix**.
-2. Type the name of the application to which the compatibility fix applies, type the name of the application vendor, browse to the location of the application file (.exe) on your computer, and then click **Next**.
-3. Select the operating system for which your compatibility fix applies, click any applicable compatibility modes to apply to your compatibility fix, and then click **Next**.
-4. Select any additional compatibility fixes to apply to your compatibility fix, and then click **Next**.
-5. Select any additional criteria to use to match your applications to the AppHelp message, and then click **Finish**.
-
-    By default, Compatibility Administrator selects the basic matching criteria for your application. As a best practice, use a limited set of matching information to represent your application, because it reduces the size of the database. However, make sure you have enough information to correctly identify your application.
-
-## Related topics
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
deleted file mode 100644
index 9e8137b12b..0000000000
--- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+++ /dev/null
@@ -1,67 +0,0 @@
----
-title: Create a Custom Compatibility Mode (Windows 10)
-description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Creating a Custom Compatibility Mode in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Windows® provides several *compatibility modes*, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.
-
-## What Is a Compatibility Mode?
-
-A compatibility mode is a group of compatibility fixes. A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can be anything from disabling a new feature in Windows to emulating a particular behavior of an older version of the Windows API.
-
-## Searching for Existing Compatibility Modes
-
-The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility mode, you can search for an existing application and then copy and paste the known fixes into your custom database.
-
-> [!IMPORTANT]
-> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
-
-**To search for an existing application**
-
-1.  In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
-
-2.  Click the application name to view the preloaded compatibility modes, compatibility fixes, or AppHelp messages.
-
-## Creating a New Compatibility Mode
-
-If you are unable to find a preloaded compatibility mode for your application, you can create a new one for use by your custom database.
-
-> [!IMPORTANT]  
-> A compatibility mode includes a set of compatibility fixes and must be deployed as a group. Therefore, you should include only fixes that you intend to deploy together to the database.
-
-**To create a new compatibility mode**
-
-1.  In the left-side pane of Compatibility Administrator, underneath the **Custom Databases** heading, right-click the name of the database to which you will apply the compatibility mode, click **Create New**, and then click **Compatibility Mode**.
-
-2.  Type the name of your custom-compatibility mode into the **Name of the compatibility mode** text box.
-
-3.  Select each of the available compatibility fixes to include in your custom-compatibility mode and then click **&gt;**.
-
-    > [!IMPORTANT]  
-    > If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode.
-    > If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for &lt;Compatibility\_Fix\_Name&gt;** dialog box appears, enabling you to update the parameter fields.
-
-4. After you are done selecting the compatibility fixes to include, click **OK**.
-
-   The compatibility mode is added to your custom database.
-
-## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
deleted file mode 100644
index a77208735d..0000000000
--- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-title: Create AppHelp Message in Compatibility Administrator (Windows 10)
-description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Creating an AppHelp Message in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
-
-## Blocking Versus Non-Blocking AppHelp Messages
-
-A blocking AppHelp message prevents the application from starting and displays a message to the user. You can define a specific URL where the user can download an updated driver or other fix to resolve the issue. When using a blocking AppHelp message, you must also define the file-matching information to identify the version of the application and enable the corrected version to continue.
-
-A non-blocking AppHelp message doesn't prevent the application from starting, but provides a message to the user that includes information such as security issues, updates to the application, or changes to the location of network resources.
-
-## Searching for Existing Compatibility Fixes
-
-The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new AppHelp message, you can search for an existing application and then copy and paste the known fixes into your custom database.
-
-> [!IMPORTANT]
-> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
-
-**To search for an existing application**
-
-1.  In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
-
-2.  Click the application name to view the preloaded AppHelp messages, compatibility fixes, and compatibility modes.
-
-## Creating a New AppHelp Message
-
-If you're unable to find a preloaded AppHelp message for your application, you can create a new one for use by your custom database.
-
-**To create a new AppHelp message**
-
-1.  In the left-side pane of Compatibility Administrator, below the **Custom Databases** heading, right-click the name of the database to which you'll apply the AppHelp message, click **Create New**, and then click **AppHelp Message**.
-
-2.  Type the name of the application to which this AppHelp message applies, type the name of the application vendor, browse to the location of the application file (.exe) on your computer, and then click **Next**.
-
-    The wizard shows the known **Matching Information**, which is used for program identification.
-
-3.  Select any other criteria to use to match your applications to the AppHelp message, and then click **Next**.
-
-    By default, Compatibility Administrator selects the basic matching criteria for your application.
-
-    The wizard shows the **Enter Message Type** options.
-
-4.  Click one of the following options:
-
-    -   **Display a message and allow this program to run**. This message is non-blocking, which means that you can alert the user that there might be a problem, but the application isn't prevented from starting.
-
-    -   **Display a message and do not allow this program to run**. This message is blocking, which means that the application won't start. Instead, this message points the user to a location that provides more information about fixing the issue.
-
-5.  Click **Next**.
-
-    The wizard then shows the **Enter Message Information** fields.
-
-6.  Type the website URL and the message text to appear when the user starts the application, and then click **Finish**.
-
-## Issues with AppHelp Messages and Computers Running Windows 2000
-
-The following issues might occur with computers running Windows 2000:
-
--   You might be unable to create a custom AppHelp message.
-
--   The AppHelp message text used for system database entries might not appear.
-
--   Copying an AppHelp entry for a system database or a custom-compatibility fix from a system database might cause Compatibility Administrator to hide the descriptive text.
-
-## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
deleted file mode 100644
index e37786a9a6..0000000000
--- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
-description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Enabling and Disabling Compatibility Fixes in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
-
-## Disabling Compatibility Fixes
-
-Customized compatibility databases can become quite complex as you add your fixes for the multiple applications found in your organization. Over time, you may find you need to disable a particular fix in your customized database. For example, if a software vendor releases a fix for an issue addressed in one of your compatibility fixes, you must validate that the vendor's fix is correct and that it resolves your issue. To do this, you must temporarily disable the compatibility fix and then test your application.
-
->[!IMPORTANT]
->Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
-
-**To disable a compatibility fix within a database**
-
-1.  In the left-sde pane of Compatibility Administrator, expand the custom database that includes the compatibility fix that you want to disable, and then select the specific compatibility fix.
-
-    The compatibility fix details appear in the right-hand pane.
-
-2.  On the **Database** menu, click **Disable Entry**.
-
-    **Important**  
-    When you disable an entry, it will remain disabled even if you do not save the database file.
-
-## Enabling Compatibility Fixes
-
-You can enable your disabled compatibility fixes at any time.
-
-**To enable a compatibility fix within a database**
-
-1.  In the left-side pane of Compatibility Administrator, expand the custom database that includes the compatibility fix that you want to enable, and then select the specific compatibility fix.
-
-    The compatibility fix details appear in the right-side pane.
-
-2.  On the **Database** menu, click **Enable Entry**.
-
-## Related topics
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
deleted file mode 100644
index 7155581ea8..0000000000
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Fixing Applications by Using the SUA Tool (Windows 10)
-description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Fixing Applications by Using the SUA Tool
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
-
-**To fix an application by using the SUA tool**
-
-1.  Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
-
-2.  After you finish testing, open the SUA tool.
-
-3.  On the **Mitigation** menu, click the command that corresponds to the action that you want to take. The following table describes the commands.
-
-    |Mitigation menu command|Description|
-    |--- |--- |
-    |**Apply Mitigations**|Opens the **Mitigate AppCompat Issues** dialog box, in which you can select the fixes that you intend to apply to the application.|
-    |**Undo Mitigations**|Removes the application fixes that you just applied.<p>This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using **Programs and Features** in Control Panel.|
-    |**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|
\ No newline at end of file
diff --git a/windows/deployment/planning/images/dep-win8-l-act-appcallosthroughiat.jpg b/windows/deployment/planning/images/dep-win8-l-act-appcallosthroughiat.jpg
deleted file mode 100644
index 2ab0b3c13d..0000000000
Binary files a/windows/deployment/planning/images/dep-win8-l-act-appcallosthroughiat.jpg and /dev/null differ
diff --git a/windows/deployment/planning/images/dep-win8-l-act-appredirectwithcompatfix.jpg b/windows/deployment/planning/images/dep-win8-l-act-appredirectwithcompatfix.jpg
deleted file mode 100644
index a4a4f4f616..0000000000
Binary files a/windows/deployment/planning/images/dep-win8-l-act-appredirectwithcompatfix.jpg and /dev/null differ
diff --git a/windows/deployment/planning/images/dep-win8-l-act-compatadminflowchart.jpg b/windows/deployment/planning/images/dep-win8-l-act-compatadminflowchart.jpg
deleted file mode 100644
index a6b484d53c..0000000000
Binary files a/windows/deployment/planning/images/dep-win8-l-act-compatadminflowchart.jpg and /dev/null differ
diff --git a/windows/deployment/planning/images/dep-win8-l-act-suaflowchart.jpg b/windows/deployment/planning/images/dep-win8-l-act-suaflowchart.jpg
deleted file mode 100644
index 07865c7c75..0000000000
Binary files a/windows/deployment/planning/images/dep-win8-l-act-suaflowchart.jpg and /dev/null differ
diff --git a/windows/deployment/planning/images/dep-win8-l-act-suawizardflowchart.jpg b/windows/deployment/planning/images/dep-win8-l-act-suawizardflowchart.jpg
deleted file mode 100644
index 9357e6f3bb..0000000000
Binary files a/windows/deployment/planning/images/dep-win8-l-act-suawizardflowchart.jpg and /dev/null differ
diff --git a/windows/deployment/planning/images/fig4-wsuslist.png b/windows/deployment/planning/images/fig4-wsuslist.png
deleted file mode 100644
index de35531356..0000000000
Binary files a/windows/deployment/planning/images/fig4-wsuslist.png and /dev/null differ
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
deleted file mode 100644
index a50feb249b..0000000000
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Install/Uninstall Custom Databases (Windows 10)
-description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.
-
-By default, the Windows® operating system installs a System Application Fix database for use with the Compatibility Administrator. This database can be updated through Windows Update, and is stored in the %WINDIR% \\AppPatch directory. Your custom databases are automatically stored in the %WINDIR% \\AppPatch\\Custom directory and are installed by using the Sdbinst.exe tool provided with the Compatibility Administrator.
-
-> [!IMPORTANT]
-> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
-
-In addition, you must deploy your databases to your organization's computers before the included fixes will have any effect on the application issue. For more information about deploying your database, see [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md).
-
- 
-
-## Installing a Custom Database
-
-
-Installing your custom-compatibility database enables you to fix issues with your installed applications.
-
-**To install a custom database**
-
-1.  In the left-side pane of Compatibility Administrator, click the custom database to install to your local computers.
-
-2.  On the **File** menu, click **Install**.
-
-    The Compatibility Administrator installs the database, which appears in the **Installed Databases** list.
-
-    The relationship between your database file and an included application occurs in the registry. Every time you start an application, the operating system checks the registry for compatibility-fix information and, if found, retrieves the information from your customized database file.
-
-## Uninstalling a Custom Database
-
-
-When a custom database is no longer necessary, either because the applications are no longer used or because the vendor has provided a fix that resolves the compatibility issues, you can uninstall the custom database.
-
-**To uninstall a custom database**
-
-1.  In the **Installed Databases** list, which appears in the left-side pane of Compatibility Administrator, click the database to uninstall from your local computers.
-
-2.  On the **File** menu, click **Uninstall**.
-
-## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
deleted file mode 100644
index 69b7bd6cd3..0000000000
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
-description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Managing Application-Compatibility Fixes and Custom Fix Databases
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
-
-## In this section
-
-|Topic|Description|
-|--- |--- |
-|[Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)|As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.|
-|[Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)|After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:|
-|[Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)|This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.|
-
-## Related topics
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
-[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
deleted file mode 100644
index aa27616363..0000000000
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-title: Searching for Fixed Applications in Compatibility Administrator (Windows 10)
-description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Searching for Fixed Applications in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.
-
-The **Query Compatibility Databases** tool provides additional search options. For more information, see [Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md).
-
-## Searching for Previously Applied Compatibility Fixes
-
-> [!IMPORTANT]
-> You must perform your search with the correct version of the Compatibility Administrator tool. If you are searching for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. If you are searching for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
-
-**To search for previous fixes**
-
-1.  On the Compatibility Administrator toolbar, click **Search**.
-
-2.  Click **Browse** to locate the directory location to search for .exe files.
-
-3.  Select at least one check box from **Entries with Compatibility Fixes**, **Entries with Compatibility Modes**, or **Entries with AppHelp**.
-
-4.  Click **Find Now**.
-
-    The query runs, returning your results in the lower pane.
-
-## Viewing Your Query Results
-
-Your query results display the affected files, the application location, the application name, the type of compatibility fix, and the custom database that provided the fix.
-
-## Exporting Your Query Results
-
-You can export your search results to a text (.txt) file for later review or archival.
-
-**To export your search results**
-
-1.  In the **Search for Fixes** dialog box, click **Export**.
-
-2.  Browse to the location where you want to store your search result file, and then click **Save**.
-
-## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
deleted file mode 100644
index 847fb0731b..0000000000
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ /dev/null
@@ -1,143 +0,0 @@
----
-title: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator (Windows 10)
-description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
-
-For information about the Search feature, see [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md). However, the Query tool provides more detailed search criteria, including tabs that enable you to search the program properties, the compatibility fix properties, and the fix description. You can perform a search by using SQL SELECT and WHERE clauses, in addition to searching specific types of databases.
-
-> [!IMPORTANT]
-> You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
-
-## Querying by Using the Program Properties Tab
-
-You can use the **Program Properties** tab of the Query tool to search for any compatibility fix, compatibility mode, or AppHelp for a specific application.
-
-**To query by using the Program Properties tab**
-
-1. On the Compatibility Administrator toolbar, click **Query**.
-2. In the **Look in** drop-down list, select the appropriate database type to search.
-3. Type the location of the application you are searching for into the **Search for the Application** field.
-
-    This name should be the same as the name in the **Applications** area (left pane) of Compatibility Administrator.
-
-4. Type the application executable (.exe) file name into the **Search for the File** box. If you leave this box blank, the percent (%) sign appears as a wildcard to search for any file.
-
-    You must designate the executable name that was given when the compatibility fix was added to the database.
-
-5. Optionally, select the check box for one of the following types of compatibility fix:
-
-    - **Compatibility Modes**
-    - **Compatibility Fixes**
-    - **Application Helps**
-
-    > [!IMPORTANT]
-    > If you do not select any of the check boxes, the search will look for all types of compatibility fixes. Do not select multiple check boxes because only applications that match all of the requirements will appear.
-
-6. Click **Find Now**.
-
-    The query runs and the results of the query are displayed in the lower pane.
-
-## Querying by Using the Fix Properties Tab
-
-
-You can use the **Fix Properties** tab of the Query tool to search for any application affected by a specific compatibility fix or a compatibility mode. For example, you can search for any application affected by the ProfilesSetup compatibility mode.
-
-**To query by using the Fix Properties tab**
-
-1. On the Compatibility Administrator toolbar, click **Query**.
-2. Click the **Fix Properties** tab.
-3. In the **Look in** drop-down list, select the appropriate database type to search.
-4. Type the name of the compatibility fix or compatibility mode into the **Search for programs fixed using** field.
-
-    >[!NOTE]
-    >You can use the percent (%) symbol as a wildcard in your fix-properties query, as a substitute for any string of zero or more characters
-
-5. Select the check box for either **Search in Compatibility Fixes** or **Search in Compatibility Modes**.
-
-    >[!IMPORTANT]
-    >Your text must match the type of compatibility fix or mode for which you are performing the query. For example, entering the name of a compatibility fix and selecting the compatibility mode check box will not return any results. Additionally, if you select both check boxes, the query will search for the fix by compatibility mode and compatibility fix. Only applications that match both requirements appear.
-
-6. Click **Find Now**.
-
-    The query runs and the results of the query are displayed in the lower pane.
-
-## Querying by Using the Fix Description Tab
-
-You can use the **Fix Description** tab of the Query tool to add parameters that enable you to search your compatibility databases by application title or solution description text.
-
-**To query by using the Fix Description tab**
-
-1. On the Compatibility Administrator toolbar, click **Query**.
-2. Click the **Fix Description** tab.
-3. In the **Look in** drop-down list, select the appropriate database type to search.
-4. Type your search keywords into the box **Words to look for**. Use commas to separate multiple keywords.
-
-    >[!IMPORTANT]
-    >You cannot use wildcards as part of the Fix Description search query because the default behavior is to search for any entry that meets your search criteria.
-
-5. Refine your search by selecting **Match any word** or **Match all words** from the drop-down list.
-6. Click **Find Now**.
-
-    The query runs and the results of the query are displayed in the lower pane.
-
-## Querying by Using the Advanced Tab
-
-You can use the **Fix Description** tab of the Query tool to add additional SQL Server SELECT and WHERE clauses to your search criteria.
-
-**To query by using the Advanced tab**
-
-1. On the Compatibility Administrator toolbar, click **Query**.
-2. Click the **Advanced** tab.
-3. In the **Look in** drop-down list, select the appropriate database type to search.
-4. Select the appropriate SELECT clause for your search from the **Select clauses** box. For example, **APP\_NAME**.
-
-    The **APP\_NAME** clause appears in the **SELECT** field. You can add as many additional clauses as you require. They will appear as columns in your search results.
-
-5. Select the appropriate WHERE clause for your search from the **Where clauses** box. For example, **DATABASE\_NAME**.
-
-    The **DATABASE\_NAME =** clause appears in the **WHERE** box.
-
-6. Type the appropriate clause criteria after the equal (=) sign in the **WHERE** box. For example, **DATABASE\_NAME = "Custom\_Database"**.
-
-    You must surround your clause criteria text with quotation marks (") for the clause to function properly.
-
-7. Click **Find Now**.
-
-    The query runs and the results of the query are displayed in the lower pane.
-
-## Exporting Your Search Results
-
-
-You can export any of your search results into a tab-delimited text (.txt) file for later review or for archival purposes.
-
-**To export your results**
-
-1. After you have completed your search by using the Query tool, click **Export**.
-
-    The **Save results to a file** dialog box appears.
-
-2. Browse to the location where you intend to store the search results file, and then click **Save**.
-
-## Related topics
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
deleted file mode 100644
index cb8a3ebc82..0000000000
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Showing Messages Generated by the SUA Tool (Windows 10)
-description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Showing Messages Generated by the SUA Tool
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
-
-**To show the messages that the SUA tool has generated**
-
-1.  Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
-
-2.  After you finish testing, in the SUA tool, click the **App Info** tab.
-
-3.  On the **View** menu, click the command that corresponds to the messages that you want to see. The following table describes the commands.
-
-|View menu command|Description|
-|--- |--- |
-|**Error Messages**|When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.<p>This command is selected by default.|
-|**Warning Messages**|When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.|
-|**Information Messages**|When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.|
-|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|
\ No newline at end of file
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
deleted file mode 100644
index 47b4ffba5c..0000000000
--- a/windows/deployment/planning/sua-users-guide.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: SUA User's Guide (Windows 10)
-description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# SUA User's Guide
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
-
-You can use SUA in either of the following ways:
-
--   **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for more analysis.
-
--   **Standard User Analyzer Tool.** A full-function tool in which you can perform in-depth analysis and fix issues.
-
-## In this section
-
-|Topic|Description|
-|--- |--- |
-|[Using the SUA wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.|
-|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|
\ No newline at end of file
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
deleted file mode 100644
index c6af910322..0000000000
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Tabs on the SUA Tool Interface (Windows 10)
-description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Tabs on the SUA Tool Interface
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
-
-The following table provides a description of each tab on the user interface for the SUA tool.
-
-|Tab name|Description|
-|--- |--- |
-|App Info|Provides the following information for the selected application:<li>Debugging information<li>Error, warning, and informational messages (if they are enabled)<li>Options for running the application|
-|File|Provides information about access to the file system.<p>For example, this tab might show an attempt to write to a file that only administrators can typically access.|
-|Registry|Provides information about access to the system registry.<p>For example, this tab might show an attempt to write to a registry key that only administrators can typically access.|
-|INI|Provides information about WriteProfile API issues.<p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
-|Token|Provides information about access-token checking.<p>For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.|
-|Privilege|Provides information about permissions.<p>For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.|
-|Name Space|Provides information about creation of system objects.<p>For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.|
-|Other Objects|Provides information related to applications accessing objects other than files and registry keys.|
-|Process|Provides information about process elevation.<p>For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user.|
-
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
deleted file mode 100644
index 481d2ce883..0000000000
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ /dev/null
@@ -1,82 +0,0 @@
----
-title: Testing Your Application Mitigation Packages (Windows 10)
-description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Testing Your Application Mitigation Packages
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.
-
-## Testing Your Application Mitigation Packages
-
-Testing your application mitigation package strategies is an iterative process, whereby the mitigation strategies that prove unsuccessful will need to be revised and retested. The testing process includes a series of tests in the test environment and one or more pilot deployments in the production environment.
-
-**To test your mitigation strategies**
-
-1.  Perform the following steps for each of the applications for which you have developed mitigations.
-
-    1.  Test the mitigation strategy in your test environment.
-
-    2.  If the mitigation strategy is unsuccessful, revise the mitigation strategy and perform step 1 again.
-
-    At the end of this step, you will have successfully tested all of your mitigation strategies in your test environment and can move to your pilot deployment environment.
-
-2.  Perform the following steps in the pilot deployments for each of the applications for which you have developed mitigations.
-
-    1.  Test the mitigation strategy in your pilot deployment.
-
-    2.  If the mitigation strategy is unsuccessful, revise the mitigation strategy and perform Step 2 again.
-
-    At the end of this step, you will have successfully tested all of your mitigation strategies in your pilot environment.
-
-## Reporting the Compatibility Mitigation Status to Stakeholders
-
-After testing your application mitigation package, you must communicate your status to the appropriate stakeholders before deployment begins. We recommend that you perform this communication by using the following status ratings.
-
--   **Resolved application compatibility issues**. This status indicates that the application compatibility issues are resolved and that these applications represent no risk to your environment.
-
--   **Unresolved application compatibility issues**. This status indicates that there are unresolved issues for the specifically defined applications. Because these applications are a risk to your environment, more discussion is required before you can resolve the compatibility issues.
-
--   **Changes to user experience**. This status indicates that the fix will change the user experience for the defined applications, possibly requiring your staff to receive further training. More investigation is required before you can resolve the compatibility issues.
-
--   **Changes in help desk procedures and processes**. This status indicates that the fix will require changes to your help desk's procedures and processes, possibly requiring your support staff to receive further training. More investigation is required before you can resolve the compatibility issues.
-
-## Resolving Outstanding Compatibility Issues
-
-At this point, you probably cannot resolve any unresolved application compatibility issues by automated mitigation methods or by modifying the application. Resolve any outstanding application compatibility issues by using one of the following methods.
-
--   Apply specific compatibility modes, or run the program as an Administrator, by using the Compatibility Administrator tool.
-
-    > [!NOTE]
-    > For more information about using Compatibility Administrator to apply compatibility fixes and compatibility modes, see [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md).
-
--   Run the application in a virtual environment.
-
-    Run the application in a version of Windows supported by the application in a virtualized environment. This method ensures application compatibility, because the application is running on a supported operating system.
-
--   Resolve application compatibility by using non-Microsoft tools.
-
-    If the application was developed in an environment other than Microsoft Visual Studio®, you must use non-Microsoft debugging and analysis tools to help resolve the remaining application compatibility issues.
-
--   Outsource the application compatibility mitigation.
-
-    If your developers have insufficient resources to resolve the application compatibility issues, outsource the mitigation effort to another organization within your company.
-
-## Related topics
-[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
deleted file mode 100644
index 7327ff75b9..0000000000
--- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
+++ /dev/null
@@ -1,88 +0,0 @@
----
-title: Understanding and Using Compatibility Fixes (Windows 10)
-description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Understanding and Using Compatibility Fixes
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.
-
-## How the Compatibility Fix Infrastructure Works
-
-The Compatibility Fix infrastructure uses the linking ability of APIs to redirect an application from Windows code directly to alternative code that implements the compatibility fix.
-
-The Windows Portable Executable File Format includes headers that contain the data directories that are used to provide a layer of indirection between the application and the linked file. API calls to the external binary files take place through the Import Address Table (IAT), which then directly calls the Windows operating system, as shown in the following figure.
-
-![act app calls operating system through iat.](images/dep-win8-l-act-appcallosthroughiat.jpg)
-
-Specifically, the process modifies the address of the affected Windows function in the IAT to point to the compatibility fix code, as shown in the following figure.
-
-![act app redirect with compatibility fix.](images/dep-win8-l-act-appredirectwithcompatfix.jpg)
-
->[!NOTE]
->For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API.
-
-## Design Implications of the Compatibility Fix Infrastructure
-
-There are important considerations to keep in mind when determining your application fix strategy, due to certain characteristics of the Compatibility Fix infrastructure.
-
--   The compatibility fix is not part of the Windows operating system (as shown in the previous figure). Therefore, the same security restrictions apply to the compatibility fix as apply to the application code, which means that you cannot use compatibility fixes to bypass any of the security mechanisms of the operating system. Therefore, compatibility fixes do not increase your security exposure, nor do you need to lower your security settings to accommodate compatibility fixes.
-
--   The Compatibility Fix infrastructure injects additional code into the application before it calls the operating system. This means that any remedy that can be accomplished by a compatibility fix can also be addressed by fixing the application code.
-
--   The compatibility fixes run as user-mode code inside of a user-mode application process. This means that you cannot use a compatibility fix to fix kernel-mode code issues. For example, you cannot use a compatibility fix to resolve device-driver issues.
-
-    > [!NOTE]
-    > Some antivirus, firewall, and anti-spyware code runs in kernel mode.
-
-## Determining When to Use a Compatibility Fix
-
-The decision to use compatibility fixes to remedy your compatibility issues may involve more than just technical issues. The following scenarios reflect other common reasons for using a compatibility fix.
-
-### Scenario 1
-
-**The compatibility issue exists on an application which is no longer supported by the vendor.**
-
-As in many companies, you may run applications for which the vendor has ended support. In this situation, you cannot have the vendor make the fix, nor can you access the source code to modify the issue yourself. However, it is possible that the use of a compatibility fix might resolve the compatibility issue.
-
-### Scenario 2
-
-**The compatibility issue exists on an internally created application.**
-
-While it is preferable to fix the application code to resolve the issue, this is not always possible. Your internal team might not be able to fix all of the issues prior to the deployment of the new operating system. Instead, they might choose to employ a compatibility fix anywhere that it is possible. They can then fix the code only for issues that cannot be resolved in this manner. Through this method, your team can modify the application as time permits, without delaying the deployment of the new operating system into your environment.
-
-### Scenario 3
-
-**The compatibility issue exists on an application for which a compatible version is to be released in the near future, or an application that is not critical to the organization, regardless of its version.**
-
-In the situation where an application is either unimportant to your organization, or for which a newer, compatible version is to be released shortly, you can use a compatibility fix as a temporary solution. This means that you can continue to use the application without delaying the deployment of a new operating system, with the intention of updating your configuration as soon as the new version is released.
-
-## Determining Which Version of an Application to Fix
-
-You can apply a compatibility fix to a particular version of an application, either by using the "up to or including" clause or by selecting that specific version. This means that the next version of the application will not have the compatibility fix automatically applied. This is important, because it allows you to continue to use your application, but it also encourages the vendor to fix the application.
-
-## Support for Compatibility Fixes
-
-Compatibility fixes are shipped as part of the Windows operating system and are updated by using Windows Update. Therefore, they receive the same level of support as Windows itself.
-
-You can apply the compatibility fixes to any of your applications. However, Microsoft does not provide the tools to use the Compatibility Fix infrastructure to create your own custom fixes.
-
-## Related topics
-
-[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
deleted file mode 100644
index d3c2f77b38..0000000000
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Using the Compatibility Administrator Tool (Windows 10)
-description: This section provides information about using the Compatibility Administrator tool.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Using the Compatibility Administrator Tool
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about using the Compatibility Administrator tool.
-
-## In this section
-
-|Topic|Description|
-|--- |--- |
-|[Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)|The Compatibility Administrator tool provides a way to query your custom-compatibility databases.|
-|[Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md)|With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.|
-|[Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)|You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.|
-|[Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md)|The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.|
-|[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)|Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.|
-|[Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)|The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.|
-|[Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)|The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.|
-|[Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)|You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.|
-|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|
\ No newline at end of file
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
deleted file mode 100644
index 2ae090b3f3..0000000000
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
-description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Using the Sdbinst.exe Command-Line Tool
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2016
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations.
-
-After you deploy and store the customized databases on each of your local computers, you must register the database files.
-Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application. 
-
-## Command-Line Options for Deploying Customized Database Files
-
-Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
-
-```console
-Microsoft Windows [Version 10.0.14393]
-(c) 2016 Microsoft Corporation. All rights reserved.
-
-C:\Windows\system32>Sdbinst.exe /?
-Usage: Sdbinst.exe [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name"
-
-    -? - print this help text.
-    -p - Allow SDBs containing patches.
-    -q - Quiet mode: prompts are auto-accepted.
-    -u - Uninstall.
-    -g {guid} - GUID of file (uninstall only).
-    -n "name" - Internal name of file (uninstall only).
-
-C:\Windows\system32>_
-```
-
-The command-line options use the following conventions:
-
-Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
-
-The following table describes the available command-line options.
-
-|Option|Description|
-|--- |--- |
-|-?|Displays the Help for the Sdbinst.exe tool.<p>For example,<br>`sdbinst.exe -?`|
-|-p|Allows SDBs' installation with Patches.<p>For example,<br>`sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb`|
-|-q|Does a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).<p>For example,<br>`sdbinst.exe -q`|
-|-u *filepath*|Does an uninstallation of the specified database.<p>For example,<br>`sdbinst.exe -u C:\example.sdb`|
-|-g *GUID*|Specifies the customized database to uninstall by a globally unique identifier (GUID).<p>For example,<br>`sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3`|
-|-n *"name"*|Specifies the customized database to uninstall by file name.<p>For example,<br>`sdbinst.exe -n "My_Database"`|
-
-## Related articles
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
deleted file mode 100644
index 043d002305..0000000000
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: Using the SUA Tool (Windows 10)
-description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Using the SUA Tool
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-
-The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md).
-
-In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®.
-
-In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues.
-
-## Testing an Application by Using the SUA Tool
-
-Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
-
-The following flowchart shows the process of using the SUA tool.
-
-![act sua flowchart.](images/dep-win8-l-act-suaflowchart.jpg)
-
-**To collect UAC-related issues by using the SUA tool**
-
-1.  Close any open instance of the SUA tool or SUA Wizard on your computer.
-
-    If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues.
-
-2.  Run the Standard User Analyzer.
-
-3.  In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it.
-
-4.  Clear the **Elevate** check box, and then click **Launch**.
-
-    If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
-
-5.  Exercise the aspects of the application for which you want to gather information about UAC issues.
-
-6.  Exit the application.
-
-7.  Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md).
-
-**To review and apply the recommended mitigations**
-
-1.  In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**.
-
-2.  Review the recommended compatibility fixes.
-
-3.  Click **Apply**.
-
-    The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked.
-
-## Related topics
-[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
-
-[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
-
-[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
-
-[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
deleted file mode 100644
index 8f7ed9170b..0000000000
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ /dev/null
@@ -1,75 +0,0 @@
----
-title: Using the SUA wizard (Windows 10)
-description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 10/28/2022
-ms.topic: article
-ms.subservice: itpro-deploy
----
-
-# Using the SUA wizard
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.
-
-For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.md).
-
-## Testing an Application by Using the SUA wizard
-
-Install Application Verifier before you can use the SUA wizard. If Application Verifier isn't installed on the computer that is running the SUA wizard, the SUA wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA wizard.
-
-The following flowchart shows the process of using the SUA wizard.
-
-![act sua wizard flowchart.](images/dep-win8-l-act-suawizardflowchart.jpg)
-
-**To test an application by using the SUA wizard**
-
-1.  On the computer where the SUA wizard is installed, sign in by using a non-administrator account.
-
-2.  Run the Standard User Analyzer wizard.
-
-3.  Click **Browse for Application**, browse to the folder that contains the application that you want to test, and then double-click the executable file for the application.
-
-4.  Click **Launch**.
-
-    If you're prompted, elevate your permissions. The SUA wizard may require elevation of permissions to correctly diagnose the application.
-
-    If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
-
-5.  In the application, exercise the functionality that you want to test.
-
-6.  After you finish testing, exit the application.
-
-    The SUA wizard displays a message that asks whether the application ran without any issues.
-
-7.  Click **No**.
-
-    The SUA wizard shows a list of potential remedies that you might use to fix the application.
-
-8.  Select the fixes that you want to apply, and then click **Launch**.
-
-    The application appears again, with the fixes applied.
-
-9.  Test the application again, and after you finish testing, exit the application.
-
-    The SUA wizard displays a message that asks whether the application ran without any issues.
-
-10. If the application ran correctly, click **Yes**.
-
-    The SUA wizard closes the issue as resolved on the local computer.
-
-    If the remedies don't fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies don't fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md).
-
-## Related articles
-[SUA User's Guide](sua-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
deleted file mode 100644
index 38b8b8cf10..0000000000
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
-description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Viewing the Events Screen in Compatibility Administrator
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
-
->[!IMPORTANT]
->The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list.
-
- **To open the Events screen**
-
-- On the **View** menu, click **Events**.
-
-## Handling Multiple Copies of Compatibility Fixes
-
-Compatibility Administrator enables you to copy your compatibility fixes from one database to another, which can become confusing after adding multiple fixes, compatibility modes, and databases. For example, you can copy a fix called MyFix from Database 1 to Database 2. However, if there is already a fix called MyFix in Database 2, Compatibility Administrator renames the fix as MyFix (1) to avoid duplicate names.
-
-If you open the **Events** screen and then perform the copy operation, you can see a description of the action, along with the time stamp, which enables you to view your fix information without confusion.
-
-## Related topics
-[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)<br>
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
deleted file mode 100644
index 83227970dd..0000000000
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Windows 10 compatibility (Windows 10)
-description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Windows 10 compatibility
-
-**Applies to**
-
--   Windows 10
-
-Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
-
-For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
-
-Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Those applications that interface with Windows at a low level, those applications that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
-
-Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
-
-For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](/internet-explorer/ie11-deploy-guide/)
-
-## Recommended application testing process
-
-Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level:
-
--   Identify mission-critical applications and websites, those applications and websites that are essential to the organization's operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
-
--   For less critical applications, apply an "internal flighting" or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
-
-## Related articles
-
-
-[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
-
-[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
-
-[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
deleted file mode 100644
index 434b7da17f..0000000000
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: Windows 10 deployment considerations (Windows 10)
-description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Windows 10 deployment considerations
-
-**Applies to**
-
--   Windows 10
-
-There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
-
-For many years, organizations have deployed new versions of Windows using a "wipe and load" deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
-
-Windows 10 also introduces two additional scenarios that organizations should consider:
-
--   **In-place upgrade**, which provides a simple, automated process that uses the Windows setup process to automatically upgrade from an earlier version of Windows. This process automatically migrates existing data, settings, drivers, and applications.
-
--   **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
-
-    Both of these scenarios eliminate the image creation process altogether, which can greatly simplify the deployment process.
-
-    So how do you choose? At a high level:
-
-| Consider ... | For these scenarios  |
-|---|---|
-| In-place upgrade  | - When you want to keep all (or at least most) existing applications<br/>- When you don't plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)<br/>- To migrate from Windows 10 to a later Windows 10 release |
-| Traditional wipe-and-load | - When you upgrade significant numbers of applications along with the new Windows OS<br/>- When you make significant device or operating system configuration changes<br/>- When you "start clean". For example, scenarios where it isn't necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs<br/>- When you migrate from Windows Vista or other previous operating system versions |
-| Dynamic provisioning | - For new devices, especially in "choose your own device" scenarios when simple configuration (not reimaging) is all that is required. <br/>- When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps |
-
-## Migration from previous Windows versions
-
-For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
-
-The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
-
-For PCs running operating systems older than Windows 7, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
-
-For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be used (with in-place upgrade being the preferred method, as previously discussed).
-
-For organizations that didn't take advantage of the free upgrade offer and aren't enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
-
-## Setting up new computers
-
-For new computers acquired with Windows 10 preinstalled, you can use dynamic provisioning scenarios to transform the device from its initial state into a fully configured organization PC. There are two primary dynamic provisioning scenarios you can use:
-
--   **User-driven, from the cloud.** By joining a device into Microsoft Entra ID and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Microsoft Entra account and password (called their "work or school account" within Windows 10). The MDM service can then transform the device into a fully configured organization PC. For more information, see [Microsoft Entra integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
-
--   **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully configured organization PC. For more information, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-
-In either of these scenarios, you can make various configuration changes to the PC:
-
--   Transform the edition (SKU) of Windows 10 that is in use.
--   Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
--   Install apps, language packs, and updates.
--   Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
-
-## Stay up to date
-
-For computers using the [General Availability Channel](../update/waas-overview.md#general-availability-channel), you can deploy these upgrades by using various methods:
-
--   Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
--   Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they're approved (deploying like an update). 
--   Configuration Manager task sequences.
--   Configuration Manager software update capabilities (deploying like an update).
-
-These upgrades (which are installed differently than monthly updates) use an in-place upgrade process. Unlike updates, which are relatively small, these upgrades include a full operating system image (around 3 GB for 64-bit operating systems), which requires time (1-2 hours) and disk space (approximately 10 GB) to complete. Ensure that the deployment method you use can support the required network bandwidth and/or disk space requirements.
-
-The upgrade process is also optimized to reduce the overall time and network bandwidth consumed.
-
-## Related articles
-
-[Windows 10 compatibility](windows-10-compatibility.md)<br>
-[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
deleted file mode 100644
index 9bf7a86f35..0000000000
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ /dev/null
@@ -1,155 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: Windows 10 Enterprise FAQ for IT pros (Windows 10)
-  description: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
-  keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage updates, Windows as a service, servicing channels, deployment tools
-  ms.service: windows-client
-  ms.subservice: itpro-deploy
-  ms.mktglfcycl: plan
-  ms.localizationpriority: medium
-  ms.sitesec: library
-  ms.date: 10/28/2022
-  ms.reviewer:
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: itpro
-  ms.topic: faq
-title: 'Windows 10 Enterprise: FAQ for IT professionals'
-summary: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
-
-
-sections:
-  - name: Download and requirements
-    questions:
-      - question: |
-          Where can I download Windows 10 Enterprise?
-        answer: |
-          If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you don't have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/Licensing/how-to-buy/how-to-buy.aspx).
-
-      - question: |
-          What are the system requirements?
-        answer: |
-          For details, see [Windows 10 Enterprise system requirements](https://www.microsoft.com/windows/Windows-10-specifications#areaheading-uid09f4).
-
-      - question: |
-          What are the hardware requirements for Windows 10?
-        answer: |
-          Most computers that are compatible with Windows 8.1 will be compatible with Windows 10. You may need to install updated drivers in Windows 10 for your devices to properly function. For more information, see [Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications).
-
-      - question: |
-          Can I evaluate Windows 10 Enterprise?
-        answer: |
-          Yes, a 90-day evaluation of Windows 10 Enterprise is available through the [Evaluation Center](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). The evaluation is available in Chinese (Simplified), Chinese (Traditional), English, French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish (Spain, International Sort). We highly recommend that organizations make use of the Windows 10 Enterprise 90-day Evaluation to try out deployment and management scenarios, test compatibility with hardware and applications, and to get hands on experience with Windows 10 Enterprise features.
-
-  - name: Drivers and compatibility
-    questions:
-      - question: |
-          Where can I find drivers for my devices for Windows 10 Enterprise?
-        answer: |
-          For many devices, drivers will be automatically installed in Windows 10 and there will be no need for further action.
-          - For some devices, Windows 10 may be unable to install drivers that are required for operation. If your device drivers aren't automatically installed, visit the manufacturer's support website for your device to download and manually install the drivers. If Windows 10 drivers aren't available, the most up-to-date drivers for Windows 8.1 will often work in Windows 10.
-          - For some devices, the manufacturer may provide more up-to-date drivers or drivers that enable more functionality than the drivers installed by Windows 10. Always follow the recommendations of the device manufacturer for optimal performance and stability.
-          - Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
-              - [HP driver pack](https://www.hp.com/us-en/solutions/client-management-solutions/drivers-pack.html)
-              - [Dell driver packs for enterprise client OS deployment](https://www.dell.com/support/kbdoc/en-us/000124139/dell-command-deploy-driver-packs-for-enterprise-client-os-deployment)
-              - [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/solutions/ht074984)
-              - [Panasonic Driver Pack for Enterprise](https://pc-dl.panasonic.co.jp/itn/drivers/driver_packages.html)
-
-      - question: |
-          Where can I find out if an application or device is compatible with Windows 10?
-        answer: |
-          Many existing Win32 and Win64 applications already run reliably on Windows 10 without any changes. You can also expect strong compatibility and support for Web apps and devices.
-
-      - question: |
-          Is there an easy way to assess if my organization's devices are ready to upgrade to Windows 10?
-        answer: |
-          [Desktop Analytics](/mem/configmgr/desktop-analytics/overview) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without other infrastructure requirements. This service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects.
-
-  - name: Administration and deployment
-    questions:
-      - question: |
-          Which deployment tools support Windows 10?
-        answer: |
-          Updated versions of Microsoft deployment tools, including Microsoft Configuration Manager, MDT, and the Windows Assessment and Deployment Kit (Windows ADK) support Windows 10.
-
-          - [Microsoft Configuration Manager](/mem/configmgr) simplifies the deployment and management of Windows 10. If you aren't currently using it, download a free 180-day trial of [Microsoft Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager).
-
-          - [MDT](/mem/configmgr/mdt) is a collection of tools, processes, and guidance for automating desktop and server deployment.
-
-          - The [Windows ADK](/windows-hardware/get-started/adk-install) has tools that allow you to customize Windows images for large-scale deployment, and test system quality and performance. You can download the latest version of the Windows ADK for Windows 10 from the Hardware Dev Center.
-
-      - question: |
-          Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
-        answer: |
-          Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md).
-
-      - question: |
-          Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
-        answer: |
-          If you have Windows 7 Enterprise or Windows 8.1 Enterprise and current Windows 10 Enterprise E3 or E5 subscription, you're entitled to the upgrade to Windows 10 Enterprise through the rights of Software Assurance. You can find your product keys and installation media at the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-
-          For devices that are licensed under a volume license agreement for Windows that doesn't include Software Assurance, new licenses will be required to upgrade these devices to Windows 10.
-
-  - name: Managing updates
-    questions:
-      - question: |
-          What is Windows as a service?
-        answer: |
-          The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. For more information, see [Overview of Windows as a service](../update/waas-overview.md).
-
-      - question: |
-          How is servicing different with Windows as a service?
-        answer: |
-          Traditional Windows servicing has included several release types: major revisions (for example, Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality two to three times per year, and quality updates that provide security and reliability fixes at least once a month.
-
-      - question: |
-          What are the servicing channels?
-        answer: |
-          To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: General Availability Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels).
-
-      - question: |
-          What tools can I use to manage Windows as a service updates?
-        answer: |
-          There are many available tools:
-          - Windows Update
-          - Windows Update for Business
-          - Windows Server Update Services
-          - Microsoft Configuration Manager
-
-          For more information, see [Servicing Tools](../update/waas-overview.md#servicing-tools).
-
-  - name: User experience
-    questions:
-      - question: |
-          Where can I find information about new features and changes in Windows 10 Enterprise?
-        answer: |
-          For an overview of the new enterprise features in Windows 10 Enterprise, see [What's new in Windows 10](/windows/whats-new/) and [What's new in Windows 10, version 1703](/windows/whats-new/whats-new-windows-10-version-1703) in the Docs library.
-
-          Another place to track the latest information about new features of interest to IT professionals is the [Windows for IT Pros blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog). Here you'll find announcements of new features, information on updates to the Windows servicing model, and details about the latest resources to help you more easily deploy and manage Windows 10.
-
-          To find out which version of Windows 10 is right for your organization, you can also [compare Windows editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
-      - question: |
-          How will people in my organization adjust to using Windows 10 Enterprise after upgrading from Windows 7 or Windows 8.1?
-        answer: |
-          Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1.
-
-      - question: |
-          How does Windows 10 help people work with applications and data across various devices?
-        answer: |
-          The desktop experience in Windows 10 has been improved to provide a better experience for people that use a traditional mouse and keyboard. Key changes include:
-          - Start menu is a launching point for access to apps.
-          - Universal apps now open in windows instead of full screen.
-          - [Multitasking is improved with adjustable Snap](https://blogs.windows.com/windows-insider/2015/06/04/arrange-your-windows-in-a-snap/), which allows you to have more than two windows side-by-side on the same screen and to customize how those windows are arranged.
-          - Tablet Mode to simplify using Windows with a finger or pen by using touch input.
-
-  - name: Help and support
-    questions:
-      - question: |
-          Where can I ask a question about Windows 10?
-        answer: |
-          Use the following resources for additional information about Windows 10.
-          - [Microsoft Q&A](/answers/)
-          - [Microsoft Support Community](https://answers.microsoft.com/)
-
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
deleted file mode 100644
index 06a835b0ba..0000000000
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: Windows 10 infrastructure requirements (Windows 10)
-description: Review the infrastructure requirements for deployment and management of Windows 10,  prior to significant Windows 10 deployments within your organization.
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.subservice: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Windows 10 infrastructure requirements
-
-**Applies to**
-
--   Windows 10
-
-There are specific infrastructure requirements that should be in place for the deployment and management of Windows 10. Fulfill these requirements before any Windows 10-related deployments take place.
-
-## High-level requirements
-
-For initial Windows 10 deployments, and for subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to use local server storage.
-
-For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.)
-
-## Deployment tools
-
-The latest version of the Windows Assessment and Deployment Toolkit (ADK) is available for download [here](/windows-hardware/get-started/adk-install).
-
-Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which use the Windows Imaging and Configuration Designer (Windows ICD). There's also updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
-
-The latest version of the Microsoft Deployment Toolkit (MDT) is available for download [here](/mem/configmgr/mdt/release-notes).
-
-For Configuration Manager, Windows 10 version specific support is offered with [various releases](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
-
-For more information about Microsoft Configuration Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-## Management tools
-
-In addition to Microsoft Configuration Manager, Windows 10 also uses other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you're using a central policy store, follow the steps outlined [here](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) to update the ADMX files stored in that central store.
-
-No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these schema updates to support new features.
-
-Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows:
-
-| Product                                                  | Required version         |
-|----------------------------------------------------------|--------------------------|
-| Advanced Group Policy Management (AGPM)                  | AGPM 4.0 Service Pack 3  |
-| Application Virtualization (App-V)                       | App-V 5.1                |
-| Diagnostics and Recovery Toolkit (DaRT)                  | DaRT 10                  |
-| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) |
-| User Experience Virtualization (UE-V)                    | UE-V 2.1 SP1             |
-
-For more information, see the [MDOP TechCenter](/microsoft-desktop-optimization-pack/).
-
-For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10. New Windows 10 MDM settings and capabilities will require updates to the MDM services. For more information, see [Mobile device management](/windows/client-management/mdm/).
-
-Windows Server Update Services (WSUS) requires some more configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
-
-1.  Select the **Options** node, and then select **Products and Classifications**.
-2.  In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Select **OK**.
-3.  From the **Synchronizations** node, right-click and choose **Synchronize Now**.
-
-![figure 1.](images/fig4-wsuslist.png)
-
-WSUS product list with Windows 10 choices
-
-Because Windows 10 updates are cumulative in nature, each month's new update will supersede the previous month's update. Consider using "express installation" packages to reduce the size of the payload that needs to be sent to each PC each month. For more information, see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)).
-
-> [!NOTE]
-> The usage of "express installation" packages will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.
-
-## Activation
-
-Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
-
-| Product                                | Required update                                                                             |
-|----------------------------------------|---------------------------------------------------------------------------------------------|
-| Windows 10                             | None                                                                                        |
-| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
-| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
-| Windows Server 2008 R2 and Windows 7   | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821)                                                                   |
-
-Also see: [Windows Server 2016 Volume Activation Tips](/archive/blogs/askcore/windows-server-2016-volume-activation-tips)
-
-Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation). These keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
-
--   Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
--   For KMS keys, select **Licenses** and then select **Relationship Summary**. Select the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
--   For MAK keys, select **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Select the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys won't work on Windows servers running KMS.)
-
-Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
-
-## Related articles
-
-[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)<br>
-[Windows 10 deployment considerations](windows-10-deployment-considerations.md)<br>
-[Windows 10 compatibility](windows-10-compatibility.md)<br>
\ No newline at end of file
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
deleted file mode 100644
index 8e5e27c8df..0000000000
--- a/windows/deployment/s-mode.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-title: Windows Pro in S mode
-description: Overview of Windows Pro and Enterprise in S mode.
-ms.localizationpriority: high
-ms.service: windows-client
-manager: aaroncz
-author: frankroj
-ms.author: frankroj
-ms.topic: conceptual
-ms.date: 04/26/2023
-ms.subservice: itpro-deploy
----
-
-# Windows Pro in S mode
-
-S mode is a configuration that's available on all Windows Editions, and it's enabled at the time of manufacturing. Windows can be switched out of S mode at any time, as shown in the  picture below. However, the switch is a one-time operation, and can only be undone by a wipe and reload of the operating system.
-
-:::image type="content" source="images/smodeconfig.png" alt-text="Table listing the capabilities of S mode across the different Windows editions.":::
-
-## S mode key features
-
-### Microsoft-verified security
-
-With Windows in S mode, you'll find your favorite applications in the Microsoft Store, where they're Microsoft-verified for security. You can also feel secure when you're online. Microsoft Edge, your default browser, gives you protection against phishing and socially-engineered malware.
-
-### Performance that lasts
-
-Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. You'll enjoy a smooth, responsive experience, whether you're streaming videos, opening apps, or being productive on the go.
-
-### Choice and flexibility
-
-Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don't find exactly what you want, you can easily [switch out of S mode](./windows-10-pro-in-s-mode.md) to Windows Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
-
-:::image type="content" source="images/s-mode-flow-chart.png" alt-text="Switching out of S mode flow chart.":::
-
-## Deployment
-
-Windows in S mode is built for [modern management](/windows/client-management/manage-windows-10-in-your-organization-modern-management), which means using [Windows Autopilot](/mem/autopilot/windows-autopilot) for deployment, and a Mobile Device Management (MDM) solution for management, like Microsoft Intune.
-
-Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic device that can only be used to join the company Microsoft Entra tenant or Active Directory domain. Policies are then deployed automatically through MDM, to customize the device to the user and the desired environment.
-
-For the devices that are shipped in S mode, you can either keep them in S mode, use Windows Autopilot to switch them out of S mode during the first run process, or later using MDM, if desired.
-
-## Keep line of business apps functioning with Desktop Bridge
-
-[Desktop Bridge](/windows/uwp/porting/desktop-to-uwp-root) enables you to convert your line of business apps to a packaged app with UWP manifest. After testing and validating the apps, you can distribute them through an MDM solution like Microsoft Intune.
-
-## Repackage Win32 apps into the MSIX format
-
-The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through the MSIX Packaging Tool interactively, and obtain an MSIX package that you can deploy through and MDM solution like Microsoft Intune. The MSIX Packaging Tool is another way to get your apps ready to run on Windows in S mode.
-
-## Related links
-
-- [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
-- [S mode devices](https://www.microsoft.com/windows/view-all-devices)
-- [Windows Defender Application Control deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
-- [Microsoft Defender for Endpoint documentation](/microsoft-365/security/defender-endpoint/)
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
deleted file mode 100644
index adf8bfe314..0000000000
--- a/windows/deployment/update/deployment-service-overview.md
+++ /dev/null
@@ -1,123 +0,0 @@
----
-title: Overview of the deployment service
-titleSuffix: Windows Update for Business deployment service
-description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates with the deployment service.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.author: mstewart
-author: mestew
-manager: aaroncz
-ms.collection:
-  - tier1
-ms.localizationpriority: medium
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 02/14/2023
----
-
-# Windows Update for Business deployment service
-
-The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It's designed to work with your existing [Windows Update for Business](waas-manage-updates-wufb.md) policies and [Windows Update for Business reports](wufb-reports-overview.md). The deployment service provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices. The service is privacy focused and backed by leading industry compliance certifications.
-
-Windows Update for Business product family has three elements:
-
-- Client policy to govern update experiences and timing, which are available through Group Policy and CSPs
-- [Windows Update for Business reports](wufb-reports-overview.md) to monitor update deployment
-- Deployment service APIs to approve and schedule specific updates for deployment, which are available through the Microsoft Graph and associated SDKs (including PowerShell)
-
-The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the [Windows Update for Business reports workbook](wufb-reports-workbook.md).
-
-:::image type="content" source="media/7512398-deployment-service-overview.png" alt-text="Diagram displaying the three elements that are parts of the Windows Update for Business family.":::
-
-## How the deployment service works
-
-With most update management solutions, usually update policies are set on the client itself using either registry edits, Group Policy, or an MDM solution that leverages CSPs. This means that the end user experience and deployment settings for updates are ultimately determined by the individual device settings. However, with Windows Update for Business deployment service, the service is the central point of control for update deployment behavior. Because the deployment service is directly integrated with Windows Update, once the admin defines the deployment behavior, Windows Update is already aware of how device should be directed to install updates when the device scans. The deployment service creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an admin.
-
-
-Using the deployment service typically follows a common pattern:
-1. An admin uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app, or a more complete management solution such as Microsoft Intune.
-2. The chosen management tool conveys your approval, scheduling, and device selection information to the deployment service.
-3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.
-
-   :::image type="content" source="media/wufbds-interaction-small.png" alt-text="Diagram displaying ":::
-
-The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as [Microsoft Intune](/mem/intune).
-
-## Capabilities of the Windows Update for Business deployment service
-
-The deployment service is designed for IT Pros who are looking for more control than is provided through deferral policies and deployment rings. The service provides the following capabilities for updates:
-
-- **Approval and scheduling**: Approve and schedule deployment of updates to start on a specific date
-   - *Example*: Deploy the Windows 11 22H2 feature update to specified devices on February 17, 2023.
-- **Gradual rollout**: Stage deployments over a period of days or weeks by specifying gradual rollout settings
-  - *Example*: Deploy the Windows 11 22H2 feature update to 500 devices per day, beginning on February 17, 2023
-- **Expedite**: Bypass the configured Windows Update for Business policies to immediately deploy a security update across the organization
-- **Safeguard holds**: Automatically holds the deployment for devices that may be impacted by an update issue identified by Microsoft machine-learning algorithms
-
-Certain capabilities are available for specific update classifications:
-
-|Capabilities | [Quality updates](deployment-service-expedited-updates.md) | [Feature updates](deployment-service-feature-updates.md) | [Drivers and firmware](deployment-service-drivers.md)|
-|---|---|---|---|
-|Approval and scheduling | | Yes | Yes |
-|Gradual rollout | | Yes |  |
-|Expedite | Yes | | |
-|Safeguard holds| | Yes | |
-
-
-## Deployment protections
-
-The deployment service protects deployments through a combination of rollout controls and machine-learning algorithms that monitor deployments and react to issues during the rollout.
-
-### Gradual rollout
-
-The deployment service allows any update to be deployed over a period of days or weeks. Once an update has been scheduled, the deployment service optimizes the deployment based on the scheduling parameters and unique attributes spanning the devices being updated. The service follows these steps:
-
-1. Determine the number of devices to be updated in each deployment wave, based on scheduling parameters.
-2. Select devices for each deployment wave so that earlier waves have a diversity of hardware and software, to function as pilot device populations.
-3. Start deploying to earlier waves to build coverage of device attributes present in the population.
-4. Continue deploying at a uniform rate until all waves are complete and all devices are updated.
-
-This built-in piloting capability complements your existing [deployment ring](waas-quick-start.md) structure and provides another support for reducing and managing risk during an update. This capability is intended to operate within each ring. The deployment service doesn't provide a workflow for creating rings themselves. Continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and other protections within each ring.
-
-### Safeguard holds against likely and known issues
-
-Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service also extends safeguard holds to protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out. To verify whether a device is affected by a safeguard hold, see [Am I affected by a safeguard hold?](/windows/deployment/update/safeguard-holds#am-i-affected-by-a-safeguard-hold).
-
-### Monitoring deployments to detect rollback issues
-
-During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
-
-## Get started with the deployment service
-
-To use the deployment service, you use a management tool built on the platform like Microsoft Intune, script common actions using PowerShell, or build your own application.
-
-To learn more about the deployment service and the deployment process, see:
-
-- [Prerequisites for Windows Update for Business deployment service](deployment-service-prerequisites.md)
-- [Deploy feature updates using Graph Explorer](deployment-service-feature-updates.md)
-- [Deploy expedited updates using Graph Explorer](deployment-service-expedited-updates.md)
-- [Deploy driver and firmware updates using Graph Explorer](deployment-service-drivers.md)
-
-### Scripting common actions using PowerShell
-
-The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started).
-
-### Building your own application
-
-Microsoft Graph makes deployment service APIs available through. Get started with the resources below:
-
-- Learning path: [Microsoft Graph Fundamentals](/training/paths/m365-msgraph-fundamentals/)
-- Learning path: [Build apps with Microsoft Graph](/training/paths/m365-msgraph-associate/)
-
-- Windows Update for Business deployment service [sample driver deployment application](https://github.com/microsoftgraph/windowsupdates-webapplication-sample) on GitHub
-- [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview)
-
-### Use Microsoft Intune
-
-Microsoft Intune integrates with the deployment service to provide Windows client update management capabilities. For more information, see:
-
-- [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates)
-- [Expedite Windows quality updates in Microsoft Intune](/mem/intune/protect/windows-10-expedite-updates)
-
diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
deleted file mode 100644
index 1f24cbfe24..0000000000
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: Prerequisites for the deployment service
-titleSuffix: Windows Update for Business deployment service
-description: Prerequisites for using the Windows Update for Business deployment service for updating devices in your organization. 
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.author: mstewart
-author: mestew
-manager: aaroncz
-ms.collection:
-  - tier1
-ms.localizationpriority: medium
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 01/29/2024
----
-
-# Windows Update for Business deployment service prerequisites
-<!--7512398-->
-Before you begin the process of deploying updates with Windows Update for Business deployment service, ensure you meet the prerequisites.
-
-<a name='azure-and-azure-active-directory'></a>
-
-## Azure and Microsoft Entra ID
-
-- An Azure subscription with [Microsoft Entra ID](/azure/active-directory/)
-- Devices must be Microsoft Entra joined and meet the below OSrequirements.
-  - Devices can be [Microsoft Entra joined](/azure/active-directory/devices/concept-azure-ad-join) or [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
-  - Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (Workplace joined) aren't supported with Windows Update for Business
-
-## Licensing
-
-Windows Update for Business deployment service requires users of the devices to have one of the following licenses:
-
-- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
-- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
-- Windows Virtual Desktop Access E3 or E5
-- Microsoft 365 Business Premium
-
-## Operating systems and editions
-
-- Windows 11 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
-- Windows 10 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
-
-Windows Update for Business deployment service supports Windows client devices on the  **General Availability Channel**.
-
-### Windows operating system updates
-
-- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device:
-  - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
-  - As an Admin, run the following PowerShell script:  `Get-CimInstance -ClassName Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
-
-- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended
-
-## Diagnostic data requirements
-
-Deployment scheduling controls are always available. However, to take advantage of the unique deployment protections tailored to your population and to [deploy driver updates](deployment-service-drivers.md), devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the *Required* level (previously called *Basic*) for these features.
-
-When you use [Windows Update for Business reports](wufb-reports-overview.md) in conjunction with the deployment service, using diagnostic data at the following levels allows device names to appear in reporting:
-
-- *Optional* level (previously *Full*) for Windows 11 devices
-- *Enhanced* level for Windows 10 devices
-
-## Permissions
-
-- [Windows Update for Business deployment service](/graph/api/resources/adminwindowsupdates) operations require [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions)
-  - Some roles, such as the [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator), already have the permissions.
-
-> [!NOTE]
-> Leveraging other parts of the Graph API might require additional permissions. For example, to display [device](/graph/api/resources/device) information, a minimum of [Device.Read.All](/graph/permissions-reference#device-permissions) permission is needed.
-
-## Required endpoints
-
-- Have access to the following endpoints:
-
-- [Windows Update endpoints](/windows/privacy/manage-windows-1809-endpoints#windows-update)
-    - *.prod.do.dsp.mp.microsoft.com
-    - *.windowsupdate.com
-    - *.dl.delivery.mp.microsoft.com
-    - *.update.microsoft.com
-    - *.delivery.mp.microsoft.com
-    - tsfe.trafficshaping.dsp.mp.microsoft.com
-- Windows Update for Business deployment service endpoints 
-
-    - devicelistenerprod.microsoft.com
-    - login.windows.net
-    - payloadprod*.blob.core.windows.net
-
-- [Windows Push Notification Services](/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config): *(Recommended, but not required. Without this access, devices might not expedite updates until their next daily check for updates.)*
-    - *.notify.windows.com
-
-
-## Limitations
-
-<!--Using include for deployment service limitations-->
-[!INCLUDE [Windows Update for Business deployment service limitations](./includes/wufb-deployment-limitations.md)]
-
-## Policy considerations for drivers
-
-<!--Using include for Policy considerations for drivers-->
-[!INCLUDE [Windows Update for Business deployment service driver policy considerations](./includes/wufb-deployment-driver-policy-considerations.md)]
-
-
-## General tips for the deployment service
-
-Follow these suggestions for the best results with the service:
-
-- Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day).
-
-- Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors.
-
-- Avoid using different channels to manage the same resources. If you use Microsoft Intune along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
deleted file mode 100644
index da9f167b83..0000000000
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Troubleshoot the deployment service
-titleSuffix: Windows Update for Business deployment service
-description: Solutions to commonly encountered problems when using the Windows Update for Business deployment service.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: troubleshooting
-ms.author: mstewart
-author: mestew
-manager: aaroncz
-ms.collection:
-  - tier1
-ms.localizationpriority: medium
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 02/14/2023
----
-
-# Troubleshoot the Windows Update for Business deployment service
-
-This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
-
-## The device isn't receiving an update that I deployed
-
-- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
-- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](safeguard-holds.md) and [Opt out of safeguard holds](safeguard-opt-out.md).
-- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices.
-- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates).
-- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by a Microsoft Entra device resource with an update management enrollment for feature updates and have no Microsoft Entra device registration errors.
--  **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`.
-
-## The device is receiving an update that I didn't deploy
-
-- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates).
-- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by a Microsoft Entra device resource with an update management enrollment for feature updates and have no Microsoft Entra device registration errors.
-
-### The device installed a newer update then the expedited update I deployed
-
-There are some scenarios when a deployment to expedite an update results in the installation of a more recent update than specified in policy. This result occurs when the newer update includes and surpasses the specified update, and that newer update is available before a device checks in to install the update that's specified in the expedite update policy.
-
-Installing the most recent quality update reduces disruptions to the device and user while applying the benefits of the intended update. This avoids having to install multiple updates, which each might require separate reboots.
-
-A more recent update is deployed when the following conditions are met:
-
-- The device isn't targeted with a deferral policy that blocks installation of a more recent update. In this case, the most recently available update that isn't deferred is the update that might install.
-
-- During the process to expedite an update, the device runs a new scan that detects the newer update. This can occur due to the timing of:
-  - When the device restarts to complete installation
-  - When the device runs its daily scan
-  - When a new update becomes available
-
-  When a scan identifies a newer update, Windows Update attempts to stop installation of the original update, cancel the restart, and then starts the download and installation of the more recent update.
-
-While expedite update deployments will override an update deferral for the update version that's specified, they don't override deferrals that are in place for any other update version.
-
-<!--Using include for Update Health Tools log location-->
-[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-update-health-tools-logs.md)]
-
-## Policy considerations for drivers
-
-<!--Using include for Policy considerations for drivers-->
-[!INCLUDE [Windows Update for Business deployment service driver policy considerations](./includes/wufb-deployment-driver-policy-considerations.md)]
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index d12a78f404..920952b771 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -3,7 +3,7 @@ title: Evaluate infrastructure and tools
 description: Review the steps to ensure your infrastructure is ready to deploy updates to clients in your organization.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: article
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 51371de0c7..9b6dcc7052 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,44 +1,45 @@
 ---
-title: Best practices - user-initiated feature update installation
-description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
+title: Deploy feature updates for user-initiated installations
+description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation during a fixed service window.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: best-practice
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/mem/configmgr/ > Microsoft Configuration Manager</a>
 ms.date: 07/10/2018
 ---
 
-# Deploy feature updates for user-initiated installations (during a fixed service window)
+# Deploy feature updates for user-initiated installations
 
 Use the following steps to deploy a feature update for a user-initiated installation.
 
 ## Get ready to deploy feature updates
 
-### Step 1: Enable Peer Cache
-Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
+### Step 1: Enable peer cache
 
-[Enable Configuration Manager client in full OS to share content](/mem/configmgr/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update). 
+Use **peer cache** to help manage deployment of content to clients in remote locations. Peer cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
+
+[Enable Configuration Manager client in full OS to share content](/mem/configmgr/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update).
 
 ### Step 2: Override the default Windows setup priority (Windows 10, version 1709 and later)
 
-If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted. 
+If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
 
 %systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
 
-```
+```ini
 [SetupConfig]
 Priority=Normal
 ```
 
-You can use the new [Run Scripts](/mem/configmgr/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
+You can use the new [Run Scripts](/mem/configmgr/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices.
 
-```
+```powershell
 #Parameters
 Param(
   [string] $PriorityValue = "Normal"
@@ -57,179 +58,190 @@ $iniSetupConfigSlogan
 "@
 
 #Build SetupConfig content with settings
-foreach ($k in $iniSetupConfigKeyValuePair.Keys) 
+foreach ($k in $iniSetupConfigKeyValuePair.Keys)
 {
     $val = $iniSetupConfigKeyValuePair[$k]
-    
+
     $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
 }
 
-#Write content to file 
+#Write content to file
 New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
 
 <#
-Disclaimer 
-Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is 
-provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without 
-limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk 
-arising out of the use or performance of the sample script and documentation remains with you. In no event shall 
-Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable 
-for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
-loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script 
+Disclaimer
+Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is
+provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without
+limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk
+arising out of the use or performance of the sample script and documentation remains with you. In no event shall
+Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable
+for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption,
+loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script
 or documentation, even if Microsoft has been advised of the possibility of such damages.
 #>
 ```
 
->[!NOTE]
-> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/mem/configmgr/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. 
+> [!NOTE]
+> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/mem/configmgr/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
 
 ## Manually deploy feature updates in a user-initiated installation
 
 The following sections provide the steps to manually deploy a feature update.
 
 ### Step 1: Specify search criteria for feature updates
-There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying a feature update is to identify the feature updates that you want to deploy. 
 
-1. In the Configuration Manager console, select **Software Library**. 
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and select **All Windows 10 Updates**. The synchronized feature updates are displayed. 
+There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying a feature update is to identify the feature updates that you want to deploy.
+
+1. In the Configuration Manager console, select **Software Library**.
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and select **All Windows 10 Updates**. The synchronized feature updates are displayed.
 3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
-   - In the **search** text box, type a search string that filters for the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. 
+   - In the **search** text box, type a search string that filters for the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
    - Select **Add Criteria**, select the criteria that you want to use to filter software updates, select **Add**, and then provide the values for the criteria. For example, Title contains 1803, **Required** is greater than or equal to 1, and **Language** equals English.
 
-4. Save the search for future use. 
+4. Save the search for future use.
 
-### Step 2: Download the content for the feature update(s)
-Before you deploy the feature updates, you can download the content as a separate step. Do this download so you can verify that the content is available on the distribution points before you deploy the feature updates. Downloading first helps you avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. 
+### Step 2: Download the content for the feature update
 
-1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. 
+Before you deploy the feature updates, you can download the content as a separate step. Do this download so you can verify that the content is available on the distribution points before you deploy the feature updates. Downloading first helps you avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
+
+1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
 2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right-click, and select **Download**.
 
-   The **Download Software Updates Wizard** opens. 
-3. On the **Deployment Package** page, configure the following settings: 
-   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: 
-   - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It's limited to 50 characters. 
-   - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. 
-   - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or select **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. 
+   The **Download Software Updates Wizard** opens.
+3. On the **Deployment Package** page, configure the following settings:
+   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
+   - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It's limited to 50 characters.
+   - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
+   - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or select **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
 
      > [!IMPORTANT]
-     > - The deployment package source location that you specify cannot be used by another software deployment package. 
-     > - The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. 
-     > - You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. 
+     > - The deployment package source location that you specify cannot be used by another software deployment package.
+     > - The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
+     > - You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
 
-   Select **Next**. 
-4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then select **Next**. For more information about distribution points, see [Distribution point configurations](/mem/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). 
+   Select **Next**.
+4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then select **Next**. For more information about distribution points, see [Distribution point configurations](/mem/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
 
-   >[!NOTE]
-   > The Distribution Points page is available only when you create a new software update deployment package. 
-5. On the **Distribution Settings** page, specify the following settings: 
+   > [!NOTE]
+   > The Distribution Points page is available only when you create a new software update deployment package.
+5. On the **Distribution Settings** page, specify the following settings:
 
-   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there's no backlog, the package processes immediately regardless of its priority. By default, packages are sent using Medium priority. 
-   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content isn't available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/mem/configmgr/core/plan-design/hierarchy/content-source-location-scenarios). 
-   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: 
-     - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. 
+   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there's no backlog, the package processes immediately regardless of its priority. By default, packages are sent using Medium priority.
+   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content isn't available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/mem/configmgr/core/plan-design/hierarchy/content-source-location-scenarios).
+   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
+     - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
      - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
-     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This setting is the default. 
-      
-     For more information about prestaging content to distribution points, see [Use Prestaged content](/mem/configmgr/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). 
-   Select **Next**. 
-6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: 
+     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This setting is the default.
+
+     For more information about prestaging content to distribution points, see [Use Prestaged content](/mem/configmgr/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
+   Select **Next**.
+6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
 
    - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
-   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard doesn't have Internet access. 
-   
-     >[!NOTE]
+   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard doesn't have Internet access.
+
+     > [!NOTE]
      > When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
 
-   Select **Next**. 
-7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then select **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. 
-8. On the **Summary** page, verify the settings that you selected in the wizard, and then select **Next** to download the software updates. 
-9. On the **Completion** page, verify that the software updates were successfully downloaded, and then select **Close**. 
+   Select **Next**.
+7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then select **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
+8. On the **Summary** page, verify the settings that you selected in the wizard, and then select **Next** to download the software updates.
+9. On the **Completion** page, verify that the software updates were successfully downloaded, and then select **Close**.
 
 #### To monitor content status
-1. To monitor the content status for the feature updates, select **Monitoring** in the Configuration Manager console. 
-2. In the Monitoring workspace, expand **Distribution Status**, and then select **Content Status**. 
-3. Select the feature update package that you previously identified to download the feature updates. 
+
+1. To monitor the content status for the feature updates, select **Monitoring** in the Configuration Manager console.
+2. In the Monitoring workspace, expand **Distribution Status**, and then select **Content Status**.
+3. Select the feature update package that you previously identified to download the feature updates.
 4. On the **Home** tab, in the Content group, select **View Status**.
 
-### Step 3: Deploy the feature update(s) 
-After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). 
+### Step 3: Deploy the feature update
 
-1. In the Configuration Manager console, select **Software Library**. 
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and select **All Windows 10 Updates**. 
+After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
+
+1. In the Configuration Manager console, select **Software Library**.
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and select **All Windows 10 Updates**.
 3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right select, and select **Deploy**.
 
-   The **Deploy Software Updates Wizard** opens. 
-4. On the General page, configure the following settings: 
-   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>** 
-   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default. 
-   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct. 
-   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time. 
-   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment. 
-5. On the Deployment Settings page, configure the following settings: 
+   The **Deploy Software Updates Wizard** opens.
+4. On the General page, configure the following settings:
+   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**
+   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
+   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
+   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
+   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
+5. On the Deployment Settings page, configure the following settings:
 
-   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline. 
-   
-     >[!IMPORTANT]
-     > After you create the software update deployment, you cannot later change the type of deployment. 
-   
-     >[!NOTE]
-     >A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured.
+   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
 
-   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that don't require any software updates in the deployment aren't started. By default, this setting isn't enabled and is available only when **Type of deployment** is set to **Required**. 
+     > [!IMPORTANT]
+     > After you create the software update deployment, you cannot later change the type of deployment.
 
-     >[!WARNING]
-     >Before you can use this option, computers and networks must be configured for Wake On LAN. 
+     > [!NOTE]
+     > A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured.
 
-   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers. 
+   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that don't require any software updates in the deployment aren't started. By default, this setting isn't enabled and is available only when **Type of deployment** is set to **Required**.
+
+     > [!WARNING]
+     > Before you can use this option, computers and networks must be configured for Wake On LAN.
+
+   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
 6. On the Scheduling page, configure the following settings:
 
-   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. 
-   
+   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
+
    - **Software available time**: Select **Specific time** to specify when the software updates will be available to clients:
      - **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment isn't available for installation until after the specified date and time are reached and the required content has been downloaded.
- 
-   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. 
-   
-     >[!NOTE]
-     >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
 
-     - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window. 
+   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
+
+     > [!NOTE]
+     > You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
+
+     - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window.
 
      Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients start downloading the content based on a randomized time. The feature update won't be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation starts immediately when initiated.
 
-7. On the User Experience page, configure the following settings: 
-   - **User notifications**: Specify **Display in Software Center and show all notifications**. 
-   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. 
-     >[!NOTE]
-     >Remember that the installation deadline date and time will be well into the future to allow plenty of time for the user-initiated install during a fixed servicing window.
-   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation. 
+7. On the User Experience page, configure the following settings:
+   - **User notifications**: Specify **Display in Software Center and show all notifications**.
+   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window.
 
-     >[!IMPORTANT]
-     >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
-   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device. 
+     > [!NOTE]
+     > Remember that the installation deadline date and time will be well into the future to allow plenty of time for the user-initiated install during a fixed servicing window.
 
-     >[!NOTE]
-     >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. 
-   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. 
-8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
 
-   >[!NOTE]
-   >You can review recent software updates alerts from the **Software Updates** node in the **Software Library** workspace. 
-9. On the Download Settings page, configure the following settings: 
-   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. 
-   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates isn't available on a preferred distribution point. 
-   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). 
+     > [!IMPORTANT]
+     > Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
+
+   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
+
+     > [!NOTE]
+     > When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
+
+   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
+8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
+
+   > [!NOTE]
+   > You can review recent software updates alerts from the **Software Updates** node in the **Software Library** workspace.
+
+9. On the Download Settings page, configure the following settings:
+   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
+   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates isn't available on a preferred distribution point.
+   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
    - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates aren't available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
-   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. 
+   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
 
-     >[!NOTE]
-     >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/mem/configmgr/core/plan-design/hierarchy/content-source-location-scenarios). 
-10. On the Summary page, review the settings. To save the settings to a deployment template, select **Save As Template**, enter a name and select the settings that you want to include in the template, and then select **Save**. To change a configured setting, select the associated wizard page and change the setting. 
-11. Select **Next** to deploy the feature update(s). 
+     > [!NOTE]
+     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/mem/configmgr/core/plan-design/hierarchy/content-source-location-scenarios).
+
+10. On the Summary page, review the settings. To save the settings to a deployment template, select **Save As Template**, enter a name and select the settings that you want to include in the template, and then select **Save**. To change a configured setting, select the associated wizard page and change the setting.
+11. Select **Next** to deploy the feature update(s).
 
 ### Step 4: Monitor the deployment status
+
 After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
 
-1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**. 
-2. Select the software update group or software update for which you want to monitor the deployment status. 
+1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
+2. Select the software update group or software update for which you want to monitor the deployment status.
 3. On the **Home** tab, in the **Deployment** group, select **View Status**.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/forward-reverse-differentials.md
similarity index 98%
rename from windows/deployment/update/PSFxWhitepaper.md
rename to windows/deployment/update/forward-reverse-differentials.md
index c8ea253ee3..1ac187396e 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/forward-reverse-differentials.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Updates using forward and reverse differentials
-description: A technique to produce compact software updates optimized for any origin and destination revision pair
+description: A technique to produce compact software updates optimized for any origin and destination revision pair.
 ms.service: windows-client
 ms.subservice: itpro-updates
 ms.topic: reference
@@ -8,7 +8,7 @@ author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 08/21/2021
@@ -29,7 +29,7 @@ technique to build compact software update packages that are applicable to any
 revision of the base version, and then describe how Windows quality updates
 use this technique.
 
-## General Terms
+## General terms
 
 The following general terms apply throughout this document:
 
@@ -76,7 +76,7 @@ The flip side of express download is that the size of PSF files can be large dep
 
 In the following sections, we describe how quality updates use this technique based on forward and reverse differentials for newer releases of Windows  and Windows Server to overcome the challenges with express downloads.
 
-## High-level Design
+## High-level design
 
 ### Update packaging
 
@@ -86,7 +86,7 @@ There can be cases where new files are added to the system during servicing. The
 
 ![Outer box labeled .msu containing two sub-boxes: 1) Applicability Logic, 2) box labeled .cab containing four sub-boxes: 1) update metadata, 2) content manifests, 3) delta sub RTM transform to sub N (file 1, file2, etc.), and 4) delta sub N transform to RTM (file 1, file 2, etc.).](images/PSF4.png)
 
-### Hydration and installation 
+### Hydration and installation
 
 Once the usual applicability checks are performed on the update package and are determined to be applicable, the Windows component servicing infrastructure hydrates the full files during preinstallation and then proceeds with the usual installation process.
 
@@ -98,7 +98,7 @@ Below is a high-level sequence of activities that the component servicing infras
 - Resolve any dependencies and install components.
 - Clean up older state (V<sub>N-1</sub>); the previous state V<sub>N</sub> is retained for uninstallation and restoration or repair.
 
-### **Resilient Hydration**
+### Resilient hydration
 
 To ensure resiliency against component store corruption or missing files that could occur due to susceptibility of certain types of hardware to file system corruption, a corruption repair service has been traditionally used to recover the component store automatically (automatic corruption repair) or on demand (manual corruption repair) using an online or local repair source. This service will continue to offer the ability to repair and recover content for hydration and successfully install an update, if needed.
 
diff --git a/windows/deployment/update/images/WIP4Biz_Deployment.png b/windows/deployment/update/images/WIP4Biz_Deployment.png
deleted file mode 100644
index bf267aa9eb..0000000000
Binary files a/windows/deployment/update/images/WIP4Biz_Deployment.png and /dev/null differ
diff --git a/windows/deployment/update/images/champs-2.png b/windows/deployment/update/images/champs-2.png
deleted file mode 100644
index bb87469a35..0000000000
Binary files a/windows/deployment/update/images/champs-2.png and /dev/null differ
diff --git a/windows/deployment/update/images/deploy-land.png b/windows/deployment/update/images/deploy-land.png
deleted file mode 100644
index bf104b6843..0000000000
Binary files a/windows/deployment/update/images/deploy-land.png and /dev/null differ
diff --git a/windows/deployment/update/images/discover-land.png b/windows/deployment/update/images/discover-land.png
deleted file mode 100644
index 8f9e30ce10..0000000000
Binary files a/windows/deployment/update/images/discover-land.png and /dev/null differ
diff --git a/windows/deployment/update/images/plan-land.png b/windows/deployment/update/images/plan-land.png
deleted file mode 100644
index 7569da7ac1..0000000000
Binary files a/windows/deployment/update/images/plan-land.png and /dev/null differ
diff --git a/windows/deployment/update/images/update-catalog.png b/windows/deployment/update/images/update-catalog.png
deleted file mode 100644
index e199b3a23a..0000000000
Binary files a/windows/deployment/update/images/update-catalog.png and /dev/null differ
diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
deleted file mode 100644
index 5ed854edd0..0000000000
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.subservice: itpro-updates
-ms.service: windows-client
-ms.topic: include
-ms.date: 02/14/2023
-ms.localizationpriority: medium
----
-<!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
-
-Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
-
-Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DoD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 080e86b6ad..3794cdf447 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server</a>
-ms.date: 12/05/2023
+ms.date: 07/10/2024
 ---
 
 # Update Windows installation media with Dynamic Update
@@ -38,10 +38,10 @@ Devices must be able to connect to the internet to obtain Dynamic Updates. In so
 
 ## Acquire Dynamic Update packages
 
-You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://catalog.update.microsoft.com). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. Check various parts of the results to be sure you've identified the needed files. The following tables show the key values to search for or look for in the results. 
+You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://catalog.update.microsoft.com). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. Check various parts of the results to be sure you've identified the files needed. The following tables show the key values to search for or look for in the results. 
 
-### Windows 11, version 22H2 Dynamic Update packages
-**Title** can distinguish each Dynamic Package. Cumulative updates have the servicing stack embedded. The servicing stack is published only if necessary for a given cumulative update.
+### Windows 11, version 22H2 and later Dynamic Update packages
+**Title** can distinguish each Dynamic Package. Latest cumulative updates have the servicing stack embedded. The servicing stack is published only if necessary for a given cumulative update.Titles below are for Windows 11, version 22H2. Windows 11, version 23H2 and 24H2 have a similar format.
 
 | Update packages                   |Title                                                          |
 |-----------------------------------|---------------------------------------------------------------|
@@ -61,7 +61,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https
 |Latest cumulative update           | YYYY-MM Cumulative Update for Windows 11                      |                                              |                  |
 |Servicing stack Dynamic Update     | YYYY-MM Servicing Stack Update for Windows 11 Version 21H2    |                                              |                  |
 
-### For Windows 10, version 22H2 Dynamic Update packages
+### Windows 10, version 22H2 Dynamic Update packages
 **Title**, **Product** and **Description** are required to distinguish each Dynamic Package. Latest cumulative update has the servicing stack embedded. Servicing stack published separately only if necessary as a prerequisite for a given cumulative update.
 
 | Update packages                   |Title                                                          |Product                                       |Description       |
@@ -75,7 +75,7 @@ If you want to customize the image with additional languages or Features on Dema
 
 ## Update Windows installation media
 
-Properly updating the installation media involves a large number of actions operating on several different targets (image files). Some actions are repeated on different targets. The target images files include:
+Properly updating the installation media involves many actions operating on several different targets (image files). Some actions are repeated on different targets. The target images files include:
 
 - Windows Preinstallation Environment (WinPE): a small operating system used to install, deploy, and repair Windows operating systems
 - Windows Recovery Environment (WinRE): repairs common causes of unbootable operating systems. WinRE is based on WinPE and can be customized with additional drivers, languages, optional packages, and other troubleshooting or diagnostic tools.
@@ -86,7 +86,7 @@ This table shows the correct sequence for applying the various tasks to the file
 
 |Task                               |WinRE (winre.wim)  |Operating system (install.wim)  | WinPE (boot.wim) | New media |
 |-----------------------------------|-------------------|--------------------------------|------------------|-----------|
-|Add servicing stack Dynamic Update | 1                 | 9                              | 17               |           | 
+|Add servicing stack Dynamic Update | 1                 | 9                              | 17               |           |
 |Add language pack                  | 2                 | 10                             | 18               |           |
 |Add localized optional packages    | 3                 |                                | 19               |           |
 |Add font support                   | 4                 |                                | 20               |           |
@@ -119,6 +119,13 @@ You don't have to add more languages and features to the image to accomplish the
 
 Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid the cleanup failure. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
 
+
+### Checkpoint cumulative updates
+Starting with Windows 11, version 24H2, the latest cumulative update may have a prerequisite cumulative update that is required to be installed first. These are known as checkpoint cumulative updates. In these cases, the cumulative update file level differentials are based on a previous cumulative update instead of the Windows RTM release. The benefit is a smaller update package and faster installation. When you obtain the latest cumulative update from the [Microsoft Update Catalog](https://catalog.update.microsoft.com), checkpoint cumulative updates will be available from the download button. In addition, the knowledge base article for the cumulative update will provide additional information. 
+
+To install the checkpoint(s) when servicing the Windows OS (steps 9 & 12) and WinPE (steps 17 & 23), call `Add-WindowsPackage` with the target cumulative update. The folder from `-PackagePath` will be used to discover and install one or more checkpoints as needed. Only the target cumulative update and checkpoint cumulative updates should be in the `-PackagePath` folder. Cumulative update packages with a revision <= the target cumulative update will be processed. If you are not customizing the image with additional languages and/or optional features, then separate calls to `Add-WindowsPackage` (checkpoint cumulative updates first) can be used for steps 9 & 17 above. Separate calls cannot be used for steps 12 and 23.
+
+
 ## Windows PowerShell scripts to apply Dynamic Updates to an existing image
 
 These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages are stored locally in this folder structure:
@@ -150,12 +157,13 @@ $LANG_FONT_CAPABILITY = "jpan"
 # If you are using this script for Windows 10, modify to mount and use the LANGPACK ISO.
 $FOD_ISO_PATH    = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso"
 
-# Declare Dynamic Update packages
-$LCU_PATH        = "C:\mediaRefresh\packages\LCU.msu"
-$SSU_PATH        = "C:\mediaRefresh\packages\SSU_DU.msu"
-$SETUP_DU_PATH   = "C:\mediaRefresh\packages\Setup_DU.cab"
-$SAFE_OS_DU_PATH = "C:\mediaRefresh\packages\SafeOS_DU.cab"
-$DOTNET_CU_PATH  = "C:\mediaRefresh\packages\DotNet_CU.msu"
+# Declare Dynamic Update packages. A dedicated folder is used for the latest cumulative update, and as needed
+# checkpoint cumulative updates.
+$LCU_PATH        = "C:\mediaRefresh\packages\CU\LCU.msu"
+$SSU_PATH        = "C:\mediaRefresh\packages\Other\SSU_DU.msu"
+$SETUP_DU_PATH   = "C:\mediaRefresh\packages\Other\Setup_DU.cab"
+$SAFE_OS_DU_PATH = "C:\mediaRefresh\packages\Other\SafeOS_DU.cab"
+$DOTNET_CU_PATH  = "C:\mediaRefresh\packages\Other\DotNet_CU.msu"
 
 # Declare folders for mounted images and temp files
 $MEDIA_OLD_PATH  = "C:\mediaRefresh\oldMedia"
@@ -211,14 +219,14 @@ This process is repeated for each edition of Windows within the main operating s
 # Update each main OS Windows image including the Windows Recovery Environment (WinRE)
 #
 
-# Get the list of images contained within WinPE
+# Get the list of images contained within the main OS
 $WINOS_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim"
 
 Foreach ($IMAGE in $WINOS_IMAGES) {
 
     # first mount the main OS image
     Write-Output "$(Get-TS): Mounting main OS, image index $($IMAGE.ImageIndex)"
-    Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index $IMAGE.ImageIndex -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null    
+    Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index $IMAGE.ImageIndex -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null
 
     if ($IMAGE.ImageIndex -eq "1") {
 
@@ -237,19 +245,22 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
         # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined 
         # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined 
         # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the 
-        # combined cumulative update can be installed. 
+        # combined cumulative update can be installed.
 
         # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
         # Write-Output "$(Get-TS): Adding package $SSU_PATH"
-        # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null  
+        # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
 
         # Now, attempt the combined cumulative update.
         # There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should 
         # be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct 
         # packages installed.
 
+        
+        Write-Output "$(Get-TS): Adding package $LCU_PATH to WinRE"        
         try
         {
+            
             Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null  
         }
         Catch
@@ -270,29 +281,27 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
         # update. This second approach is commented out below.
 
         # Write-Output "$(Get-TS): Adding package $SSU_PATH"
-        # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null  
+        # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
 
         #
         # Optional: Add the language to recovery environment
         #
         # Install lp.cab cab
-        Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
-        Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null  
+        Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH to WinRE"
+        Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
 
         # Install language cabs for each optional package installed
         $WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT
         Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
 
-            if ( ($PACKAGE.PackageState -eq "Installed") `
-                    -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
-                    -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
+            if ( ($PACKAGE.PackageState -eq "Installed") -and ($PACKAGE.PackageName.startsWith("WinPE-")) -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
 
                 $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
                 if ($INDEX -ge 0) {
                     $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
                     if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
                         $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
-                        Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
+                        Write-Output "$(Get-TS): Adding package $OC_CAB_PATH to WinRE"
                         Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null  
                     }
                 }
@@ -301,7 +310,7 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
 
         # Add font support for the new language
         if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
-            Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
+            Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH to WinRE"
             Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
         }
 
@@ -309,16 +318,16 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
         if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
             if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
 
-                Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
+                Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH to WinRE"
                 Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
 
-                Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
+                Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH to WinRE"
                 Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
             }
         }
 
         # Add Safe OS
-        Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
+        Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH to WinRE"
         Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null
 
         # Perform image cleanup
@@ -347,54 +356,54 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
     # includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these
     # cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully
     # rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published, 
-    # and installed first before the combined cumulative update can be installed. 
+    # and installed first before the combined cumulative update can be installed.
 
     # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
     # Write-Output "$(Get-TS): Adding package $SSU_PATH"
-    # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null  
+    # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
 
     # Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e
-    Write-Output "$(Get-TS): Adding package $LCU_PATH"
-    Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null  
+    Write-Output "$(Get-TS): Adding package $LCU_PATH to main OS, index $($IMAGE.ImageIndex)"
+    Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null
 
     # The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update
     # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
     # update. This second approach is commented out below.
 
-    # Write-Output "$(Get-TS): Adding package $SSU_PATH"
-    # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null  
+    # Write-Output "$(Get-TS): Adding package $SSU_PATH to main OS, index $($IMAGE.ImageIndex)"
+    # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
 
     # Optional: Add language to main OS
-    Write-Output "$(Get-TS): Adding package $OS_LP_PATH"
-    Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null  
+    Write-Output "$(Get-TS): Adding package $OS_LP_PATH to main OS, index $($IMAGE.ImageIndex)"
+    Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null
 
     # Optional: Add a Features on Demand to the image
-    Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
+    Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
-    Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
+    Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
-    Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
+    Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
-    Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
+    Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
-    Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
+    Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
-    Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
+    Write-Output "$(Get-TS): Adding language FOD: Language.Speech~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
     # Note: If I wanted to enable additional Features on Demand, I'd add these here.
 
     # Add latest cumulative update
-    Write-Output "$(Get-TS): Adding package $LCU_PATH"
+    Write-Output "$(Get-TS): Adding package $LCU_PATH to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
 
     # Perform image cleanup
-    Write-Output "$(Get-TS): Performing image cleanup on main OS"
+    Write-Output "$(Get-TS): Performing image cleanup on main OS, index $($IMAGE.ImageIndex)"
     DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
 
     #
@@ -403,11 +412,11 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
     # the image to be booted, and thus if we tried to cleanup after installation, it would fail.
     #
 
-    Write-Output "$(Get-TS): Adding NetFX3~~~~"
+    Write-Output "$(Get-TS): Adding NetFX3~~~~ to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 
     # Add .NET Cumulative Update
-    Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH"
+    Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH to main OS, index $($IMAGE.ImageIndex)"
     Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
 
     # Dismount
@@ -420,6 +429,7 @@ Foreach ($IMAGE in $WINOS_IMAGES) {
 }
 
 Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null
+
 ```
 
 ### Update WinPE
@@ -438,7 +448,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
 
     # update WinPE
     Write-Output "$(Get-TS): Mounting WinPE, image index $($IMAGE.ImageIndex)"
-    Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null  
+    Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null
 
     # Add servicing stack update (Step 9 from the table)
 
@@ -448,11 +458,11 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined 
     # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined 
     # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the 
-    # combined cumulative update can be installed. 
+    # combined cumulative update can be installed.
 
     # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
     # Write-Output "$(Get-TS): Adding package $SSU_PATH"
-    # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null  
+    # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null
 
     # Now, attempt the combined cumulative update.
     # There is a known issue where the servicing stack update is installed, but the cumulative update will fail.
@@ -461,6 +471,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
 
     try
     {
+        Write-Output "$(Get-TS): Adding package $LCU_PATH to WinPE, image index $($IMAGE.ImageIndex)"
         Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH | Out-Null  
     }
     Catch
@@ -481,19 +492,17 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     # update. This second approach is commented out below.
 
     # Write-Output "$(Get-TS): Adding package $SSU_PATH"
-    # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null 
+    # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null
 
     # Install lp.cab cab
-    Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
-    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null  
+    Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH to WinPE, image index $($IMAGE.ImageIndex)"
+    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
 
     # Install language cabs for each optional package installed
     $WINPE_INSTALLED_OC = Get-WindowsPackage -Path $WINPE_MOUNT
     Foreach ($PACKAGE in $WINPE_INSTALLED_OC) {
 
-        if ( ($PACKAGE.PackageState -eq "Installed") `
-                -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
-                -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
+        if ( ($PACKAGE.PackageState -eq "Installed") -and ($PACKAGE.PackageName.startsWith("WinPE-")) -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
 
             $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
             if ($INDEX -ge 0) {
@@ -501,7 +510,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
                 $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
                 if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
                     $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
-                    Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
+                    Write-Output "$(Get-TS): Adding package $OC_CAB_PATH to WinPE, image index $($IMAGE.ImageIndex)"
                     Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null  
                 }
             }
@@ -510,7 +519,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
 
     # Add font support for the new language
     if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
-        Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
+        Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH to WinPE, image index $($IMAGE.ImageIndex)"
         Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
     }
 
@@ -518,10 +527,10 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
         if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
 
-            Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
+            Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH to WinPE, image index $($IMAGE.ImageIndex)"
             Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
 
-            Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
+            Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH to WinPE, image index $($IMAGE.ImageIndex)"
             Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
         }
     }
@@ -533,11 +542,11 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     }
 
     # Add latest cumulative update
-    Write-Output "$(Get-TS): Adding package $LCU_PATH"
-    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null  
+    Write-Output "$(Get-TS): Adding package $LCU_PATH to WinPE, image index $($IMAGE.ImageIndex)"
+    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
 
     # Perform image cleanup
-    Write-Output "$(Get-TS): Performing image cleanup on WinPE"
+    Write-Output "$(Get-TS): Performing image cleanup on WinPE, image index $($IMAGE.ImageIndex)"
     DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
 
     if ($IMAGE.ImageIndex -eq "2") {
@@ -545,6 +554,18 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
         # Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
         Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null
         
+        # Save setuphost.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
+        # This is only required starting with Windows 11 version 24H2
+        $TEMP = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex
+        if ([System.Version]$TEMP.Version -ge [System.Version]"10.0.26100") {
+            
+            Copy-Item -Path $WINPE_MOUNT"\sources\setuphost.exe" -Destination $WORKING_PATH"\setuphost.exe" -Force -ErrorAction stop | Out-Null
+        }
+        else {
+
+            Write-Output "$(Get-TS): Skipping copy of setuphost.exe; image version $($TEMP.Version)"
+        }
+        
         # Save serviced boot manager files later copy to the root media.
         Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -ErrorAction stop | Out-Null
         Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -ErrorAction stop | Out-Null
@@ -580,21 +601,26 @@ cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PA
 Write-Output "$(Get-TS): Copying $WORKING_PATH\setup.exe to $MEDIA_NEW_PATH\sources\setup.exe"
 Copy-Item -Path $WORKING_PATH"\setup.exe" -Destination $MEDIA_NEW_PATH"\sources\setup.exe" -Force -ErrorAction stop | Out-Null
 
+# Copy setuphost.exe from boot.wim, saved earlier.
+if (Test-Path -Path $WORKING_PATH"\setuphost.exe") {
+
+    Write-Output "$(Get-TS): Copying $WORKING_PATH\setuphost.exe to $MEDIA_NEW_PATH\sources\setuphost.exe"
+    Copy-Item -Path $WORKING_PATH"\setuphost.exe" -Destination $MEDIA_NEW_PATH"\sources\setuphost.exe" -Force -ErrorAction stop | Out-Null
+}
 
 # Copy bootmgr files from boot.wim, saved earlier.
 $MEDIA_NEW_FILES = Get-ChildItem $MEDIA_NEW_PATH -Force -Recurse -Filter b*.efi
 
 Foreach ($File in $MEDIA_NEW_FILES){
-    if (($File.Name -ieq "bootmgfw.efi") -or `
-        ($File.Name -ieq "bootx64.efi") -or `
-        ($File.Name -ieq "bootia32.efi") -or `
-        ($File.Name -ieq "bootaa64.efi")) 
+    if (($File.Name -ieq "bootmgfw.efi") -or ($File.Name -ieq "bootx64.efi") -or ($File.Name -ieq "bootia32.efi") -or ($File.Name -ieq "bootaa64.efi")) 
     {
+
         Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)"
         Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
     }
     elseif ($File.Name -ieq "bootmgr.efi") 
     {
+
         Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)"
         Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
     }
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
deleted file mode 100644
index 6801a4cca8..0000000000
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Determine application readiness
-description: How to test your apps to identify which need attention prior to deploying an update in your organization.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.author: mstewart
-author: mestew
-manager: aaroncz
-ms.localizationpriority: medium
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 12/31/2017
----
-
-# Determine application readiness
-
-Before you deploy a Windows client update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps](plan-define-readiness.md) with respect to their criticality in your organization.
-
-## Validation methods
-
-You can choose from various methods to validate apps. Exactly which ones to use depends on the specifics of your environment.
-
-
-|Validation method  |Description  |
-|---------|---------|
-|Full regression     | A full quality assurance probing. Staff that know the application well and can validate its core functionality should do this validation.        |
-|Smoke testing     | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application they're validating.        |
-|Automated testing     |  Software performs tests automatically. The software lets you know whether the tests have passed or failed, and provides detailed reporting for you automatically.    |
-|Test in pilot     | You preselect users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types.        |
-|Reactive response     | Applications are validated in late pilot, and no specific users are selected. These applications normally aren't installed on many devices and aren't handled by enterprise application distribution.        |
-
-Combining the various validation methods with the app classifications you've previously established might look like this:
-
-
-|Validation method  |Critical apps  |Important apps  |Not important apps  |
-|---------|---------|---------|---------|
-|Full regression     | x        |         |         |
-|Smoke testing     |         | x        |         |
-|Automated testing     |  x       |   x      |  x       |
-|Test in pilot     |  x       |  x       |  x       |
-
-
-### Identify users
-
-Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you have to choose which users are best suited for validation testing. Some factors to consider include:
-
-- **Location**: If users are in different physical locations, can you support them and get validation feedback from the region they're in?
-- **Application knowledge**: Do the users have appropriate knowledge of how the app is supposed to work?
-- **Technical ability**: Do the users have enough technical competence to provide useful feedback from various test scenarios?
-
-You could seek volunteers who enjoy working with new features and include them in the pilot deployment. You might want to avoid using core users like department heads or project managers. Current application owners, operations personnel, and developers can help you identify the most appropriate pilot users.
-
-### Identify and set up devices for validation
-
-In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection includes devices representing all of the hardware models in your environment.
-
-There's more than one way to choose devices for app validation:
-
-- **Existing pilot devices**: You might already have a list of devices that you regularly use for testing updates as part of release cycles.
-- **Manual selection**: Some internal groups like operations have expertise to help choose devices manually based on specifications, usage, or records of past support problems.
-- **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices.
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index 732aab35e3..def7222a70 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -1,14 +1,14 @@
 ---
 title: Prepare to deploy Windows
-description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
+description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: concept-article
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
@@ -19,7 +19,7 @@ ms.date: 12/31/2017
 Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows client. The planning phase left you with these useful items:
 
 - A clear understanding of necessary personnel and their roles and criteria for [rating app readiness](plan-define-readiness.md)
-- A plan for [testing and validating](plan-determine-app-readiness.md) apps
+- A plan for [testing and validating](/windows/compatibility/windows-11/testing-guidelines) apps
 - An assessment of your [deployment infrastructure](eval-infra-tools.md) and definitions for operational readiness
 - A [deployment plan](create-deployment-plan.md) that defines the rings you want to use
 
@@ -35,7 +35,7 @@ Your infrastructure probably includes many different components and tools. You n
 
 1.	Review all of the infrastructure changes that you've identified in your plan. It's important to understand the changes that need to be made and to detail how to implement them.  This process prevents problems later on.
 
-2.	Validate your changes. You validate the changes for your infrastructure's components and tools, to help you understand how your changes could affect your production environment. 
+2.	Validate your changes. You validate the changes for your infrastructure's components and tools, to help you understand how your changes could affect your production environment.
 
 3.	Implement the changes. Once the changes have been validated, you can implement the changes across the wider infrastructure.
 
@@ -166,11 +166,11 @@ You can also create and run scripts to perform additional cleanup actions on dev
 
 In the plan phase, you determined the specific infrastructure and configuration changes that needed to be implemented to add new capabilities to the environment. Now you can move on to implementing those changes defined in the plan phase. You need to complete these higher-level tasks to gain those new capabilities:
 
-- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions come with new policies that you use to update ADMX templates. 
+- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions come with new policies that you use to update ADMX templates.
 
 - Validate new changes to understand how they affect the wider environment.
 
-- Remediate any potential problems that have been identified through validation. 
+- Remediate any potential problems that have been identified through validation.
 
 ## Prepare users
 
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 104400de70..3472db7106 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -27,7 +27,7 @@ The safeguard holds lifespan varies depending on the time required to investigat
 
 Safeguard holds only affect devices that use the Windows Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments.
 
-IT admins managing updates using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) also benefit from safeguard holds on devices that are likely to be affected by an issue. To learn more, see [Safeguard holds against likely and known issues](/windows/deployment/update/deployment-service-overview#safeguard-holds-against-likely-and-known-issues).
+IT admins managing updates using [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) also benefit from safeguard holds on devices that are likely to be affected by an issue. To learn more, see [Safeguard holds against likely and known issues](/windows/deployment/update/deployment-service-overview#safeguard-holds-against-likely-and-known-issues).
 
 ## Am I affected by a safeguard hold?
 
diff --git a/windows/deployment/update/update-managed-unmanaged-devices.md b/windows/deployment/update/update-managed-unmanaged-devices.md
index 3f495f601a..911f059706 100644
--- a/windows/deployment/update/update-managed-unmanaged-devices.md
+++ b/windows/deployment/update/update-managed-unmanaged-devices.md
@@ -5,9 +5,9 @@ ms.service: windows-client
 ms.subservice: itpro-updates
 ms.topic: overview
 ms.date: 06/25/2024
-author: mikolding
-ms.author: v-mikolding
-ms.reviewer: mstewart,thtrombl,v-fvalentyna,arcarley
+author: v-fvalentyna
+ms.author: v-fvalentyna
+ms.reviewer: mstewart,thtrombl,arcarley
 manager: aaroncz
 ms.localizationpriority: medium
 appliesto:
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 68e010805d..2371d39921 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -142,4 +142,4 @@ The following services are part of the Windows Update for Business product famil
     - Report on devices with update compliance issues
     - Analyze and display your data in multiple ways
 
-- The [Windows Update for Business deployment service](deployment-service-overview.md) is a cloud service designed to work with your existing Windows Update for Business policies and Windows Update for Business reports. The deployment service provides additional control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices.
+- [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) is a cloud service designed to work with your existing Windows Update for Business policies. Windows Autopatch provides additional control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices.
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index fce23e0310..bc88925736 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -1,5 +1,5 @@
 ---
-title: Quick guide to Windows as a service (Windows 10)
+title: Quick guide to Windows as a service
 description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
 ms.service: windows-client
 ms.subservice: itpro-updates
@@ -8,15 +8,15 @@ author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: high
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Quick guide to Windows as a service
 
-Here's a quick guide to the most important concepts in Windows as a service. For more information, see the [extensive set of documentation](index.md).
+Here's a quick guide to the most important concepts in Windows as a service.
 
 ## Definitions
 
@@ -25,18 +25,18 @@ Some new terms have been introduced as part of Windows as a service, so you shou
 - **Feature updates** are released annually. As the name suggests, these updates add new features, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
 - **Quality updates** deliver both security and nonsecurity fixes. They're typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they're important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
 - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
-- **Servicing channels** allow organizations to choose when to deploy new features. 
+- **Servicing channels** allow organizations to choose when to deploy new features.
   - The **General Availability Channel** receives feature updates annually.
   - The **Long-Term Servicing Channel**, which is meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATMs, receives new feature releases every two to three years.
-- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. 
+- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization.
 
 For more information, see [Overview of Windows as a service](waas-overview.md).
 
-For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](PSFxWhitepaper.md).
+For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](forward-reverse-differentials.md).
 
 ## Key concepts
 
-With each release in the General Availability Channel, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. 
+With each release in the General Availability Channel, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion.
 
 Windows Enterprise LTSC versions are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
 
@@ -44,10 +44,10 @@ For more information, see [Assign devices to servicing channels for Windows clie
 
 ## Staying up to date
 
-To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Configuration Manager, and non-Microsoft products to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
+To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Configuration Manager, and non-Microsoft products to help with this process.
 
 Extensive advanced testing isn't required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
 
 This process repeats with each new feature update. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
 
-Other technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.
+Other technologies such as [BranchCache](waas-branchcache.md) and [Delivery Optimization](../do/delivery-optimization-configure.md), both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 0170408476..9d859d31c3 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -11,7 +11,7 @@ ms.collection:
   - highpri
   - tier2
 ms.localizationpriority: medium
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 10/10/2023
@@ -43,7 +43,7 @@ When **Configure Automatic Updates** is enabled in Group Policy, you can also en
 - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device restarts at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
 
 > [!NOTE]
-> When using Remote Desktop Protocol connections, only active RDP sessions are considered as logged on users. Devices that do not have locally logged on users, or active RDP sessions, will be restarted. 
+> When using Remote Desktop Protocol connections, only active RDP sessions are considered as logged on users. Devices that do not have locally logged on users, or active RDP sessions, will be restarted.
 
 You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it overrides this setting.
 
@@ -113,7 +113,7 @@ Starting in Windows 10 version 1809, you can define which Windows Update notific
 
 To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-configuration-service-provider#update-updatenotificationlevel).
 
-Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected, and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. <!--6286260--> 
+Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected, and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. <!--6286260-->
 
 To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-csp-update#update-NoUpdateNotificationDuringActiveHours).
 
@@ -209,7 +209,6 @@ There are three different registry combinations for controlling restart behavior
 
 ## More resources
 
-- [Update Windows in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Configure Delivery Optimization for Windows updates](../do/waas-delivery-optimization.md)
 - [Configure BranchCache for Windows updates](waas-branchcache.md)
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index c94c1fb34b..5b67de2653 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 04/29/2024
+ms.date: 09/03/2024
 ---
 
 # Manage additional Windows Update settings
@@ -103,9 +103,9 @@ By enabling the Group Policy setting under **Computer Configuration\Administrati
 
 ### Do not connect to any Windows Update Internet locations
 
-Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update, the Microsoft Store, or the Microsoft Store for Business.
+Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store.
 
-Use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not connect to any Windows Update Internet locations** to enable this policy. When enabled, this policy will disable the functionality described above, and may cause connection to public services such as the Microsoft Store, Microsoft Store for Business, Windows Update for Business, and Delivery Optimization to stop working.
+Use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not connect to any Windows Update Internet locations** to enable this policy. When enabled, this policy will disable the functionality described above, and may cause connection to public services such as the Microsoft Store, Windows Update for Business, and Delivery Optimization to stop working.
 
 >[!NOTE]
 >This policy applies only when the device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 80f4dcb167..1bd05f13ec 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -3,25 +3,23 @@ title: Windows Update log files
 description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: troubleshooting
+ms.topic: reference
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.collection:
   - highpri
   - tier2
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/08/2023
 ---
 
 # Windows Update log files
 
-
 The following table describes the log files created by Windows Update.
 
-
 |Log file|Location|Description|When to use |
 |-|-|-|-|
 |windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information included in the Windowsupdate.log log file to troubleshoot the issue.|
@@ -31,126 +29,131 @@ The following table describes the log files created by Windows Update.
 
 ## Generating WindowsUpdate.log
 
-To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](/powershell/module/windowsupdate/get-windowsupdatelog?preserve-view=tru&view=win10-ps). 
+To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](/powershell/module/windowsupdate/get-windowsupdatelog?preserve-view=tru&view=win10-ps).
+
+> [!NOTE]
+> When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run **Get-WindowsUpdateLog** again.
 
->[!NOTE]
->When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run **Get-WindowsUpdateLog** again. 
- 
 ## Windows Update log components
 
-The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file: 
+The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
 
-- AGENT- Windows Update agent 
-- AU - Automatic Updates is performing this task 
-- AUCLNT- Interaction between AU and the logged-on user 
-- CDM- Device Manager 
-- CMPRESS- Compression agent 
-- COMAPI- Windows Update API 
-- DRIVER- Device driver information 
-- DTASTOR- Handles database transactions 
-- EEHNDLER- Expression handler that's used to evaluate update applicability 
-- HANDLER- Manages the update installers 
-- MISC- General service information 
-- OFFLSNC- Detects available updates without network connection 
-- PARSER- Parses expression information 
-- PT- Synchronizes updates information to the local datastore 
-- REPORT- Collects reporting information 
-- SERVICE- Startup/shutdown of the Automatic Updates service 
-- SETUP- Installs new versions of the Windows Update client when it's available 
-- SHUTDWN- Install at shutdown feature 
-- WUREDIR- The Windows Update redirector files 
-- WUWEB- The Windows Update ActiveX control 
-- ProtocolTalker - Client-server sync 
-- DownloadManager - Creates and monitors payload downloads 
-- Handler, Setup -  Installer handlers (CBS, and so on) 
-- EEHandler -  Evaluating update applicability rules 
-- DataStore - Caching update data locally 
-- IdleTimer - Tracking active calls, stopping a service 
- 
->[!NOTE]
->Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what's important. 
- 
-## Windows Update log structure 
-The Windows update log structure is separated into four main identities: 
+- AGENT- Windows Update agent
+- AU - Automatic Updates is performing this task
+- AUCLNT- Interaction between AU and the logged-on user
+- CDM- Device Manager
+- CMPRESS- Compression agent
+- COMAPI- Windows Update API
+- DRIVER- Device driver information
+- DTASTOR- Handles database transactions
+- EEHNDLER- Expression handler that's used to evaluate update applicability
+- HANDLER- Manages the update installers
+- MISC- General service information
+- OFFLSNC- Detects available updates without network connection
+- PARSER- Parses expression information
+- PT- Synchronizes updates information to the local datastore
+- REPORT- Collects reporting information
+- SERVICE- Startup/shutdown of the Automatic Updates service
+- SETUP- Installs new versions of the Windows Update client when it's available
+- SHUTDWN- Install at shutdown feature
+- WUREDIR- The Windows Update redirector files
+- WUWEB- The Windows Update ActiveX control
+- ProtocolTalker - Client-server sync
+- DownloadManager - Creates and monitors payload downloads
+- Handler, Setup -  Installer handlers (CBS, and so on)
+- EEHandler -  Evaluating update applicability rules
+- DataStore - Caching update data locally
+- IdleTimer - Tracking active calls, stopping a service
 
-- Time Stamps 
-- Process ID and Thread ID 
-- Component Name 
-- Update Identifiers    
-   - Update ID and Revision Number 
-   - Revision ID 
-   - Local ID 
-   - Inconsistent terminology 
+> [!NOTE]
+> Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what's important.
 
-The WindowsUpdate.log structure is discussed in the following sections. 
+## Windows Update log structure
 
-### Time stamps  
-The time stamp indicates the time at which the logging occurs. 
-- Messages are usually in chronological order, but there may be exceptions. 
-- A pause during a sync can indicate a network problem, even if the scan succeeds. 
-- A long pause near the end of a scan can indicate a supersedence chain issue.   
+The Windows update log structure is separated into four main identities:
+
+- Time stamps
+- Process ID and thread ID
+- Component name
+- Update identifiers
+  - Update ID and revision number
+  - Revision ID
+  - Local ID
+  - Inconsistent terminology
+
+The WindowsUpdate.log structure is discussed in the following sections.
+
+### Time stamps
+
+The time stamp indicates the time at which the logging occurs.
+
+- Messages are usually in chronological order, but there may be exceptions.
+- A pause during a sync can indicate a network problem, even if the scan succeeds.
+- A long pause near the end of a scan can indicate a supersedence chain issue.
    ![Windows Update time stamps.](images/update-time-log.png)
 
+### Process ID and thread ID
 
-### Process ID and thread ID  
-The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log. 
-- The first four digits, in hex, are the process ID. 
-- The next four digits, in hex, are the thread ID. 
-- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.   
+The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.
+
+- The first four digits, in hex, are the process ID.
+- The next four digits, in hex, are the thread ID.
+- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.
    ![Windows Update process and thread IDs.](images/update-process-id.png)
 
+### Component name
 
-### Component name  
-Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows: 
+Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:
 
-- ProtocolTalker - Client-server sync 
-- DownloadManager - Creates and monitors payload downloads 
-- Handler, Setup - Installer handlers (CBS, etc.) 
-- EEHandler - Evaluating update applicability rules 
-- DataStore - Caching update data locally 
-- IdleTimer - Tracking active calls, stopping service 
+- ProtocolTalker - Client-server sync
+- DownloadManager - Creates and monitors payload downloads
+- Handler, Setup - Installer handlers (CBS, etc.)
+- EEHandler - Evaluating update applicability rules
+- DataStore - Caching update data locally
+- IdleTimer - Tracking active calls, stopping service
 
 ![Windows Update component name.](images/update-component-name.png)
 
-
-### Update identifiers  
+### Update identifiers
 
 The following items are update identifiers:
 
-#### Update ID and revision number 
+#### Update ID and revision number
 
-There are different identifiers for the same update in different contexts. It's important to know the identifier schemes. 
-- Update ID: A GUID (indicated in the previous screenshot) assigned to a given update at publication time 
-- Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service 
-- Revision numbers are reused from one update to another (not a unique identifier). 
-- The update ID and revision number are often shown together as "{GUID}.revision." 
+There are different identifiers for the same update in different contexts. It's important to know the identifier schemes.
+
+- Update ID: A GUID (indicated in the previous screenshot) assigned to a given update at publication time
+- Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
+- Revision numbers are reused from one update to another (not a unique identifier).
+- The update ID and revision number are often shown together as "{GUID}.revision."
    ![Windows Update update identifiers.](images/update-update-id.png)
 
-
 #### Revision ID
 
-- A Revision ID (don't confuse this value with "revision number") is a serial number issued when an update is initially published or revised on a given service. 
-- An existing update that is revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that isn't related to the previous ID. 
-- Revision IDs are unique on a given update source, but not across multiple sources. 
-- The same update revision might have different revision IDs on Windows Update and WSUS. 
-- The same revision ID might represent different updates on Windows Update and WSUS. 
+- A Revision ID (don't confuse this value with "revision number") is a serial number issued when an update is initially published or revised on a given service.
+- An existing update that is revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that isn't related to the previous ID.
+- Revision IDs are unique on a given update source, but not across multiple sources.
+- The same update revision might have different revision IDs on Windows Update and WSUS.
+- The same revision ID might represent different updates on Windows Update and WSUS.
 
 #### Local ID
 
-- Local ID is a serial number issued by a given Windows Update client when an update is received from a service. 
-- Typically seen in debug logs, especially involving the local cache for update info (Datastore) 
-- Different client PCs assign different Local IDs to the same update 
-- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file 
+- Local ID is a serial number issued by a given Windows Update client when an update is received from a service.
+- Typically seen in debug logs, especially involving the local cache for update info (Datastore)
+- Different client PCs assign different Local IDs to the same update
+- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
 
-#### Inconsistent terminology 
-- Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs. 
-- Recognize IDs by form and context: 
-    
-   - GUIDs are update IDs 
-   - Small integers that appear alongside an update ID are revision numbers 
-   - Large integers are typically revision IDs 
-   - Small integers (especially in Datastore) can be local IDs 
+#### Inconsistent terminology
+
+- Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs.
+- Recognize IDs by form and context:
+
+  - GUIDs are update IDs
+  - Small integers that appear alongside an update ID are revision numbers
+  - Large integers are typically revision IDs
+  - Small integers (especially in Datastore) can be local IDs
       ![Windows Update inconsisten terminology.](images/update-inconsistent.png)
 
 ## Windows Setup log files analysis using SetupDiag tool
-SetupDiag is a diagnostic tool that can be used for analysis of logs related to installation of Windows Updates. For detailed information, see [SetupDiag](../upgrade/setupdiag.md).
+
+SetupDiag is a diagnostic tool that can be used for analysis of logs related to installation of Windows Updates. For more information, see [SetupDiag](../upgrade/setupdiag.md).
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index 1d7ec557b6..013dcffe27 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -10,7 +10,7 @@ ms.author: mstewart
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 08/28/2023
+ms.date: 08/15/2024
 ---
 
 # Windows Update security
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index 545ebbed48..5cbf3748b6 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 12/15/2023
+ms.date: 07/09/2024
 ---
 
 # Manually configure devices for Windows Update for Business reports
diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
index e216694bc7..2d3b3f14b0 100644
--- a/windows/deployment/update/wufb-reports-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 07/11/2023
+ms.date: 07/09/2024
 ---
 
 # Configuring devices through the Windows Update for Business reports configuration script
@@ -22,9 +22,9 @@ The Windows Update for Business reports configuration script is the recommended
 
 ## About the script
 
-The configuration script configures registry keys directly. Be aware that registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script doesn't reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md), device data might not appear in Windows Update for Business reports correctly. 
+The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script doesn't reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md), device data might not appear in Windows Update for Business reports correctly. 
 
-You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
+You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086).
 
 ## How this script is organized
 
@@ -39,11 +39,11 @@ Edit the `RunConfig.bat` file to configure the following variables, then run the
 
 | Variable | Allowed values and description | Example |
 |---|---|---|
-| runMode | **Pilot** (default): Verbose mode with additional diagnostics with additional logging. Pilot mode is best for a testing run of the script or for troubleshooting. <br> **Deployment**: Doesn't run any additional diagnostics or add extra logging | `runMode=Pilot` |
-| logPath | Path where the logs will be saved. The default location of the logs is `.\UCLogs`. | `logPath=C:\temp\logs` |
-| logMode | **0**: Log to the console only </br> **1** (default): Log to file and console. </br> **2**: Log to file only. | `logMode=2` |
-| DeviceNameOptIn | **true** (default): Device name is sent to Microsoft. </br> **false**: Device name isn't sent to Microsoft. | `DeviceNameOptIn=true` |
-| ClientProxy | **Direct** (default): No proxy is used. The connection to the endpoints is direct. </br> **System**: The system proxy, without authentication, is used. This type of proxy is typically configured with [netsh](/windows-server/networking/technologies/netsh/netsh-contexts) and can be verified using `netsh winhttp show proxy`.  </br> **User**: The proxy is configured through IE and it might or might not require user authentication. </br> </br> For more information, see [How the Windows Update client determines which proxy server to use to connect to the Windows Update website](https://support.microsoft.com/en-us/topic/how-the-windows-update-client-determines-which-proxy-server-to-use-to-connect-to-the-windows-update-website-08612ae5-3722-886c-f1e1-d012516c22a1) | `ClientProxy=Direct` | 
+| runMode | **Pilot** (default): Verbose mode with additional diagnostics and logging. Pilot mode is best for a testing run of the script or for troubleshooting. <br> **Deployment**: Doesn't run any additional diagnostics or add extra logging | `runMode=Pilot` |
+| logPath | Path where the logs are saved. The default location of the logs is `.\UCLogs`.| `logPath=C:\temp\logs` |
+| logMode | **0**: Log to the console only </br> **1** (default): Log to file and console.</br> **2**: Log to file only. | `logMode=2` |
+| DeviceNameOptIn | **true** (default): Device name is sent to Microsoft.</br> **false**: Device name isn't sent to Microsoft. | `DeviceNameOptIn=true` |
+| ClientProxy | **Direct** (default): No proxy is used. The connection to the endpoints is direct.</br> **System**: The system proxy, without authentication, is used. This type of proxy is typically configured with [netsh](/windows-server/networking/technologies/netsh/netsh-contexts) and can be verified using `netsh winhttp show proxy`.  </br> **User**: The proxy is configured through IE and it might or might not require user authentication. </br> </br> For more information, see [How the Windows Update client determines which proxy server to use to connect to the Windows Update website](https://support.microsoft.com/en-us/topic/how-the-windows-update-client-determines-which-proxy-server-to-use-to-connect-to-the-windows-update-website-08612ae5-3722-886c-f1e1-d012516c22a1) | `ClientProxy=Direct` | 
 | source | Used by the .bat file and PowerShell script to locate dependencies. It's recommended that you don't change this value. | `source=%~dp0` |
 
 
diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md
index eca5fbdfa8..c38fa013ab 100644
--- a/windows/deployment/update/wufb-reports-do.md
+++ b/windows/deployment/update/wufb-reports-do.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 04/12/2023
+ms.date: 09/03/2024
 ---
 
 # Delivery Optimization data in Windows Update for Business reports
@@ -59,7 +59,7 @@ Windows Update for Business reports uses the following Delivery Optimization ter
 
 ## Calculations for Delivery Optimization
 
-Each calculated values used in the Delivery Optimization report are listed below.
+The calculated values used in the Delivery Optimization report are listed below.
 
 **Efficiency (%) Calculations**:
 
@@ -154,7 +154,7 @@ There are many Microsoft [content types](waas-delivery-optimization.md#types-of-
 
 | Content Category | Content Types Included |
 | --- | --- |
-| Apps | Windows 10 Store apps,  Windows 10 Store for Business apps, Windows 11 UWP Store apps |
+| Apps | Windows 10 Store apps, Windows 11 UWP Store apps |
 | Driver Updates | Windows Update [Driver updates](get-started-updates-channels-tools.md#types-of-updates) |
 | Feature Updates | Windows Update [Feature updates](get-started-updates-channels-tools.md#types-of-updates) |
 | Office | Microsoft 365 Apps and updates |
@@ -188,7 +188,7 @@ A row in UCDOAggregatedStatus represents data summarized at the tenant level (Az
 If there's a Connected Cache server at the ISP level, BytesFromCache filters out any bytes coming the ISP's Connected Cache.
 
 - **How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?**
-[Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-setup.md#monitor-delivery-optimization) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization telemetry events.
+[Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-reference.md) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization telemetry events.
 
 - **The report represents the last 28 days of data, why do some queries include >= seven days?**
 The data in the report does represent the last 28 days of data. The query for last seven days is just to get the data for the latest snapshot from past seven days. It's possible that data is delayed for sometime and not available for current day, so we look for past 7 day snapshot in log analytics and show the latest snapshot.
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index 1502d549d2..157adbc776 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -11,7 +11,7 @@ manager: aaroncz
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 07/11/2023
+ms.date: 07/09/2024
 ---
 
 # Enable Windows Update for Business reports
@@ -34,7 +34,7 @@ After verifying the [prerequisites](wufb-reports-prerequisites.md) are met, you
 
 ## <a name="bkmk_add"></a> Add Windows Update for Business reports to your Azure subscription
 
-Before you configure clients to send data, you'll need to add Windows Update for Business reports to your Azure subscription so the data can be received. First, you'll select or create a new Log Analytics workspace to use. Second, you'll enroll Windows Update for Business reports to the workspace.
+Before you configure clients to send data, you need to add Windows Update for Business reports to your Azure subscription so the data can be received. First, you select or create a new Log Analytics workspace to use. Second, you enroll Windows Update for Business reports to the workspace.
 
 ## <a name="bkmk_workspace"></a> Select or create a new Log Analytics workspace for Windows Update for Business reports
 
@@ -69,7 +69,7 @@ Enroll into Windows Update for Business reports by configuring its settings thro
    > [!Tip]
    > If a `403 Forbidden` error occurs, verify the account you're using has [permissions](wufb-reports-prerequisites.md#permissions) to enroll into Windows Update for Business reports.
 1. The initial setup can take up to 24 hours. During this time, the workbook will display that it's **Waiting for Windows Update for Business reports data**.
-   - Enrolling into Windows Update for Business reports doesn't influence the rate that required data is uploaded from devices. Device connectivity to the internet and how active the device is influences how long it will take before the device appears in reporting. Devices that are active and connected to the internet daily can expect to be fully uploaded within one week (usually less than 72 hours). Devices that are less active can take up to two weeks before data is fully available. 
+   - Enrolling into Windows Update for Business reports doesn't influence the rate that required data is uploaded from devices. Device connectivity to the internet and how active the device is influences how long it takes before the device appears in reporting. Devices that are active and connected to the internet daily can expect to be fully uploaded within one week (usually less than 72 hours). Devices that are less active can take up to two weeks before data is fully available. 
 
 ##### <a name="bkmk_admin-center"></a> Enroll through the Microsoft 365 admin center
 <!--Using include for onboarding Windows Update for Business reports through the Microsoft 365 admin center-->
diff --git a/windows/deployment/update/wufb-reports-faq.yml b/windows/deployment/update/wufb-reports-faq.yml
index 6bb4fce480..07593e4a77 100644
--- a/windows/deployment/update/wufb-reports-faq.yml
+++ b/windows/deployment/update/wufb-reports-faq.yml
@@ -20,7 +20,7 @@ summary: |
   - [Is Windows Update for Business reports free?](#is-windows-update-for-business-reports-free)
   - [What Windows versions are supported?](#what-windows-versions-are-supported)
 
-  **Set up questions**:
+  **Setup questions**:
 
   - [How do you set up Windows Update for Business reports?](#how-do-you-set-up-windows-update-for-business-reports)
   - [Why is "Waiting for Windows Update for Business reports data" displayed on the page](#why-is--waiting-for-windows-update-for-business-reports-data--displayed-on-the-page)
@@ -183,7 +183,7 @@ sections:
             If there's a Connected Cache server at the ISP level, BytesFromCache filters out any bytes coming the ISP's Connected Cache.
       - question: How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?
         answer: |
-            [Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-setup.md#monitor-delivery-optimization) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization events.
+            [Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-reference.md) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization events.
       - question: The report represents the last 28 days of data, why do some queries include >= seven days?
         answer: |
             The data in the report does represent the last 28 days of data. The query for last seven days is just to get the data for the latest snapshot from past seven days. It's possible that data is delayed for sometime and not available for current day, so we look for past seven day snapshot in log analytics and show the latest snapshot.
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index 3580a4810a..4561a0045f 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -4,14 +4,14 @@ titleSuffix: Windows Update for Business reports
 description: Windows Update for Business reports support, feedback, and troubleshooting information.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: article
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 02/10/2023
+ms.date: 07/09/2024
 ---
 
 # Windows Update for Business reports feedback, support, and troubleshooting
@@ -52,7 +52,7 @@ You can open support requests directly from the Azure portal. If  the **Help + S
    - **Service type** - Select ***Windows Update for Business reports*** under ***Monitoring and Management***
 
 
-1. Based on the information you provided, you'll be shown some **Recommended solutions** you can use to try to resolve the problem.
+1. Based on the information you provided, you are shown some **Recommended solutions** you can use to try to resolve the problem.
 1. Complete the **Additional details** tab and then create the request on the **Review + create** tab.
 
 ## Documentation feedback
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
index 080f273243..288612926f 100644
--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -27,7 +27,6 @@ Windows Update for Business reports is a cloud-based solution that provides info
 
 Some of the benefits of Windows Update for Business reports are:
 
-- Integration with [Windows Update for Business deployment service](deployment-service-overview.md) to enable per deployment reporting, monitoring, and troubleshooting.
 - Compatibility with [feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune.
 - A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues.
 
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index 505c3eeaee..8bd8aec2da 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -27,7 +27,7 @@ Before you begin the process of adding Windows Update for Business reports to yo
   - Devices can be [Microsoft Entra joined](/azure/active-directory/devices/concept-azure-ad-join) or [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
 - Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (workplace joined) aren't supported with Windows Update for Business reports.
 - The Log Analytics workspace must be in a [supported region](#log-analytics-regions).
-- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md).
+- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview).
 
 ## Permissions
 
diff --git a/windows/deployment/update/wufb-reports-schema-enumerated-types.md b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
index ec7e675fd1..5ce2780b48 100644
--- a/windows/deployment/update/wufb-reports-schema-enumerated-types.md
+++ b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
@@ -75,9 +75,9 @@ Compliance status
 
 |Value | Description |
 |---|---|
-| **Compliant** | The latest deployment from the Windows Update for Business deployment service is installed on the client |
-| **NotCompliant** |  The latest deployment from the Windows Update for Business deployment service isn't installed on the client|
-| **NotApplicable** | Client isn't part of any Windows Update for Business deployment service deployments |
+| **Compliant** | The latest deployment from Windows Autopatch is installed on the client |
+| **NotCompliant** |  The latest deployment from Windows Autopatch isn't installed on the client|
+| **NotApplicable** | Client isn't part of any Windows Autopatch deployments |
 
 ## OSServicingChannel
 
@@ -98,7 +98,7 @@ High-level service state OSServicingChannel
 
 |Value | Description |
 |---|---|
-| **Pending** | Windows Update for Business deployment service isn't targeting this update to this device because the update isn't ready. |
+| **Pending** | Windows Autopatch isn't targeting this update to this device because the update isn't ready. |
 | **Offering** | Service is offering the update to the device. The update is available for the device to get if it scans Windows Update. |
 | **OnHold** | Service is holding off on offering update to the device indefinitely. Until either the service or admin changes some condition, devices remain in this state. |
 | **Canceled** | Service canceled offering update to the device, and the device is confirmed to not be installing the update. |
@@ -207,9 +207,9 @@ Type of alert.
 
 |Value | Description |
 |---|---|
-| **ServiceUpdateAlert** | Alert is relevant to Windows Update for Business deployment service's offering of the content to the client. |
+| **ServiceUpdateAlert** | Alert is relevant to Windows Autopatch's offering of the content to the client. |
 | **ClientUpdateAlert** | Alert is relevant to client's ability to progress through the installation of the update content. |
-| **ServiceDeviceAlert** | Alert is relevant to device's status within Windows Update for Business deployment service |
+| **ServiceDeviceAlert** | Alert is relevant to device's status within Windows Autopatch |
 | **ClientDeviceAlert** | Alert is relevant to device's state |
 | **DeploymentAlert** | Alert is relevant to an entire deployment, or a significant number of devices in the deployment. |
 
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index 993c45e682..a0c9a45bba 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -39,15 +39,15 @@ UCClient acts as an individual device's record. It contains data such as the cur
 | **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
 | **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `22621` | The major build number, in int format, the device is using. |
 | **OSEdition** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Professional` | The Windows edition |
-| **OSFeatureUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Compliant` | Whether the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSFeatureUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Compliant` | Whether the device is on the latest feature update that's offered from Windows Autopatch, else NotApplicable. |
 | **OSFeatureUpdateEOSTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime)  | No |  `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. |
 | **OSFeatureUpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime)  | No |  `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. |
 | **OSFeatureUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `InService;EndOfService` | Whether the device is on the latest available feature update, for its feature update. |
-| **OSQualityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSQualityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest quality update that's offered from Windows Autopatch, else NotApplicable. |
 | **OSQualityUpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime)  | No |  `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. |
 | **OSQualityUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Latest;NotLatest` | Whether the device is on the latest available quality update, for its feature update. |
 | **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `836` | The revision, in int format, this device is on. |
-| **OSSecurityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSSecurityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest security update (quality update where the Classification=Security) that's offered from Windows Autopatch, else NotApplicable. |
 | **OSSecurityUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether the device is on the latest available security update, for its feature update. |
 | **OSServicingChannel** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `SAC` | The elected Windows 10 servicing channel of the device. |
 | **OSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index e75f3bed7e..af30fb0d1b 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -25,7 +25,7 @@ Update Event that combines the latest client-based data with the latest service-
 |---|---|---|---|---|
 | **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
 | **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Autopatch. |
 | **ClientState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Installing` | This field applies to drivers only. Higher-level bucket of ClientSubstate. |
 | **ClientSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DownloadStart` | Last-known state of this update relative to the device, from the client. |
 | **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `2300` | Ranking of client substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index c6f38d89f3..9a8a2cda3a 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -16,7 +16,7 @@ ms.date: 12/06/2023
 
 # UCDeviceAlert
 <!--37063317, 30141258, 37063041-->
-These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in the Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered.
+These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in Windows Autopatch will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered.
 
 ## Schema for UCDeviceAlert
  <!--8506381-->
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index f01a18f679..3c6a26b80c 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -24,7 +24,7 @@ Update Event that comes directly from the service-side. The event has only servi
 |---|---|---|---|---|
 | **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
 | **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Autopatch. |
 | **DeploymentApprovedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No |  `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time of the update approval |
 | **DeploymentId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID maps to that policy, otherwise it's empty. |
 | **DeploymentIsExpedited** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `1` | Currently, data isn't gathered to populate this field. It indicated whether the content is being expedited |
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index 331547385e..c8239fc4a2 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -31,7 +31,7 @@ Alert for both client and service updates. Contains information that needs atten
 | **AlertType** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | Yes | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields are present. |
 | **AzureADDeviceId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
 | **AzureADTenantId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **CatalogId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **CatalogId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Autopatch. |
 | **ClientSubstate** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | Yes | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
 | **ClientSubstateRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | `2300` | Rank of ClientSubstate |
 | **DeploymentId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string)  | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index a8e2e42be7..3d76c81910 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -75,7 +75,7 @@ The **Quality updates** tab displays generalized data at the top by using tiles.
 | **Missing one security update** | Count of devices that haven't installed the latest security update.| - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).|
 | **Missing multiple security updates** | Count of devices that are missing two or more security updates. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
 | **Active alerts** | Count of active update and device alerts for quality updates. | |
-| **Expedite status** | Overview of the progress for the expedited deployments of the latest security update. | Select **View details** to display a flyout with two tabs: **Deployments** and **Readiness** </br> </br> - The **Deployments** tab contins a chart that displays the total progress of each deployment, number of alerts, and count of devices.  <ul><li> Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert.</li><li> Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. <!--7626683--> </li></ul> </br> - The **Readiness** tab contains a chart that displays the number of devices that are **Eligible** and **Ineligible** to install expedited udpates. The **Readiness** tab also contains a table listing the deployments for expedited updates. <!--8682382--> <ul><li> Select the count from the **Alerts** column to display devices with a status of **RegistrationMissingUpdateClient**, which means the device is missing the Update Health Tools. The Update Health Tools are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057) or from a [stand-alone package from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=103324). Example PowerShell script to verify tools installation: `Get-CimInstance -ClassName Win32_Product \| Where-Object {$_.Name -match "Microsoft Update Health Tools"}` </li><li> Select the count of **TotalDevices** to display a list of devices in the deployment. <!--8682382-->|
+| **Expedite status** | Overview of the progress for the expedited deployments of the latest security update. | Select **View details** to display a flyout with two tabs: **Deployments** and **Readiness** </br> </br> - The **Deployments** tab contains a chart that displays the total progress of each deployment, number of alerts, and count of devices.  <ul><li> Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert.</li><li> Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. <!--7626683--> </li></ul> </br> - The **Readiness** tab contains a chart that displays the number of devices that are **Eligible** and **Ineligible** to install expedited updates. The **Readiness** tab also contains a table listing the deployments for expedited updates. <!--8682382--> <ul><li> Select the count from the **Alerts** column to display devices with a status of **RegistrationMissingUpdateClient**, which means the device is missing the Update Health Tools. The Update Health Tools are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057) or from a [stand-alone package from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=103324). Example PowerShell script to verify tools installation: `Get-CimInstance -ClassName Win32_Product \| Where-Object {$_.Name -match "Microsoft Update Health Tools"}` </li><li> Select the count of **TotalDevices** to display a list of devices in the deployment. <!--8682382-->|
 
 Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end users are impacted.
 
@@ -142,11 +142,11 @@ The **Device status** group for feature updates contains the following items:
 
 ## Driver updates tab
 
-The **Driver update** tab provides information on driver and firmware update deployments from [Windows Update for Business deployment service](deployment-service-overview.md). Generalized data is at the top of the page in tiles. The data becomes more specific as you navigate lower in this tab. The top of the driver updates tab contains tiles with the following information:
+The **Driver update** tab provides information on driver and firmware update deployments from [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview). Generalized data is at the top of the page in tiles. The data becomes more specific as you navigate lower in this tab. The top of the driver updates tab contains tiles with the following information:
 
 **Devices taking driver updates**: Count of devices that are installing driver and firmware updates.
 **Approved updates**: Count of approved driver updates
-**Total policies**: The total number of deployment polices for driver and firmware updates from [Windows Update for Business deployment service](deployment-service-overview.md)
+**Total policies**: The total number of deployment polices for driver and firmware updates from [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)
 **Active alerts**: Count of active alerts for driver deployments
 
 Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
@@ -199,7 +199,7 @@ Updates can go though many phases from when they're initially deployed to being
 - **Offering**: The update is being offered to the device for installation
 - **Installing**: The update is in the process of being installed on the device
 - **Installed**: The update has been installed on the device
-- **Cancelled**: The update was cancelled from the [deployment service](deployment-service-overview.md) before it was installed
+- **Canceled**: The update was canceled from the [deployment service](deployment-service-overview.md) before it was installed
 - **Uninstalled**: The update was uninstalled from the device by either an admin or a user
 - **OnHold**: The update was put on hold from the [deployment service](deployment-service-overview.md) before it was installed
 - **Unknown**: This state occurs when there's a record for the device in the [UCClient](wufb-reports-schema-ucclient.md) table, but there isn't a record for the specific update for the specific device in the [UCClientUpdateStatus](wufb-reports-schema-ucclientupdatestatus.md) table. This means that there is no record of the update for the device in question.
diff --git a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
index db42df75b3..da72341ab0 100644
--- a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
@@ -5,7 +5,7 @@ ms.author: frankroj
 description: Resolve Windows upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
 author: frankroj
 ms.localizationpriority: medium
-ms.topic: article
+ms.topic: conceptual
 ms.service: windows-client
 ms.subservice: itpro-deploy
 ms.date: 01/18/2024
diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md
index 16cae375b4..48726194a2 100644
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@@ -6,7 +6,7 @@ description: Download the Feedback Hub app, and then submit Windows upgrade erro
 ms.service: windows-client
 author: frankroj
 ms.localizationpriority: medium
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 ms.date: 01/18/2024
 appliesto:
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
deleted file mode 100644
index 482d812e39..0000000000
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Windows 10 upgrade paths
-description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported.
-ms.service: windows-client
-ms.localizationpriority: medium
-author: frankroj
-manager: aaroncz
-ms.author: frankroj
-ms.topic: conceptual
-ms.collection:
-  - highpri
-  - tier2
-ms.subservice: itpro-deploy
-ms.date: 02/13/2024
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
----
-
-# Windows 10 upgrade paths
-
-> [!IMPORTANT]
->
-> This article deals with upgrading from Windows versions that are out of support. For a current version of this article, please see [Windows upgrade paths](windows-upgrade-paths.md) that deals with currently supported versions of Windows.
->
-> For more information, see:
->
-> - [Windows 8.1 support ended on January 10, 2023](https://support.microsoft.com/windows/windows-8-1-support-ended-on-january-10-2023-3cfd4cde-f611-496a-8057-923fba401e93).
-> - [Windows 7 support ended on January 14, 2020](https://support.microsoft.com/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962).
-> - [FAQ about Windows 7 ESU](/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faq).
-
-## Upgrade paths
-
-This article provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. Paths include upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported.
-
-If you're also migrating to a different edition of Windows, see [Windows edition upgrade](windows-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths. However, applications and settings aren't maintained when the Windows edition is downgraded.
-
-- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information.
-
-- **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC isn't supported. Windows 10 LTSC 2015 didn't block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options.
-
-  You can upgrade from Windows 10 LTSC to Windows 10 General Availability Channel if you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process using Windows setup. The Product Key switch needs to be used if you want to keep your apps. If you don't use the switch, the option **Keep personal files and apps** option is grayed out. The command line would be `setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx`, using your relevant Windows 10 GA Channel product key. For example, if using a KMS, the command line would be `setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43`.
-
-- **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown in the following tables. If the pre-upgrade and post-upgrade editions aren't the same type (for example, Windows 8.1 Pro N to Windows 10 Pro), personal data is kept but applications and settings are removed during the upgrade process.
-
-- **Windows 8.0**: You can't upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
-
-## Windows 10
-
-✔ = Full upgrade is supported including personal data, settings, and applications.
-
-D = Edition downgrade; personal data is maintained, applications and settings are removed.
-
----
-| | Windows 10 Home | Windows 10 Pro | Windows 10 Pro Education | Windows 10 Education | Windows 10 Enterprise |
-|---|---|---|---|---|---|
-| **Home**  | | ✔  | ✔  | ✔  | |
-| **Pro**   | D | | ✔   | ✔  | ✔  |
-| **Education**  | | | | | D  |
-| **Enterprise**  | | | | ✔ | |
-
----
-
-## Windows 8.1
-
-✔ = Full upgrade is supported including personal data, settings, and applications.
-
-D = Edition downgrade; personal data is maintained, applications and settings are removed.
-
----
-|  | Windows 10 Home | Windows 10 Pro | Windows 10 Pro Education | Windows 10 Education | Windows 10 Enterprise |
-|---|---|---|---|---|---|
-| **(Core)**  | ✔  | ✔  | ✔  | ✔  | |
-| **Connected**   | ✔  | ✔  | ✔  | ✔  | |
-| **Pro**  | D   | ✔  | ✔   | ✔  | ✔  |
-| **Pro Student**  | D | ✔  | ✔  | ✔  | ✔  |
-| **Pro WMC**  | D  | ✔  | ✔  | ✔  | ✔  |
-| **Enterprise**  | | | | ✔  | ✔  |
-| **Embedded Industry** | | | | | ✔  |
-
----
-
-## Windows 7
-
-✔ = Full upgrade is supported including personal data, settings, and applications.
-
-D = Edition downgrade; personal data is maintained, applications and settings are removed.
-
----
-|  | Windows 10 Home | Windows 10 Pro | Windows 10 Pro Education | Windows 10 Education | Windows 10 Enterprise |
-|---|---|---|---|---|---|
-| **Starter**   | ✔  | ✔  | ✔  | ✔  | |
-| **Home Basic**  | ✔  | ✔  | ✔  | ✔  | |
-| **Home Premium**  | ✔  | ✔  | ✔  | ✔  | |
-| **Professional**  | D  | ✔  | ✔ | ✔  | ✔  |
-| **Ultimate**  | D  | ✔   | ✔   | ✔  | ✔  |
-| **Enterprise**  |  |  |  | ✔  | ✔  |
-
----
-
-## Related articles
-
-- [Windows 10 deployment scenarios](../windows-deployment-scenarios.md).
-- [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md).
-- [Windows 10 edition upgrade](windows-edition-upgrades.md).
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index 6bf70a9220..c7251d75b2 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -6,7 +6,7 @@ description: Learn how to review the events generated by Windows Error Reporting
 ms.service: windows-client
 author: frankroj
 ms.localizationpriority: medium
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 ms.date: 01/18/2024
 appliesto:
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 90b71af916..125f0fd64a 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -1,72 +1,70 @@
 ---
-title: Windows Upgrade and Migration Considerations (Windows 10)
-description: Discover the Microsoft tools you can use to move files and settings between installations including special considerations for performing an upgrade or migration.
+title: Windows Upgrade and Migration Considerations
+description: Discover the Microsoft tools that can be used to move files and settings between installations including special considerations for performing an upgrade or migration.
 manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
-ms.date: 08/09/2023
+ms.date: 08/30/2024
 ---
 
 # Windows upgrade and migration considerations
-Files and application settings can be migrated to new hardware running the Windows® operating system, or they can be maintained during an operating system upgrade on the same computer. This topic summarizes the Microsoft® tools you can use to move files and settings between installations in addition to special considerations for performing an upgrade or migration.
+
+Files and application settings can be migrated to new hardware running the Windows operating system, or they can be maintained during an operating system upgrade on the same computer. This article summarizes the Microsoft tools that can be used to move files and settings between installations in addition to special considerations for performing an upgrade or migration.
 
 ## Upgrade from a previous version of Windows
-You can upgrade from an earlier version of Windows, which means you can install the new version of Windows and retain your applications, files, and settings as they were in your previous version of Windows. If you decide to perform a custom installation of Windows instead of an upgrade, your applications and settings won't be maintained. Your personal files, and all Windows files and directories, will be moved to a Windows.old folder. You can access your data in the Windows.old folder after Windows Setup is complete.
+
+Earlier versions of Windows can be upgraded to later versions. As part of the upgrade experience, the newer version of Windows can be installed while retaining applications, files, and settings as they were in the previous version of Windows. If a custom installation of Windows is performed instead of an upgrade, applications and settings aren't maintained. Personal files and all Windows files and directories are moved to a **Windows.old** folder. The data can be accessed in the **Windows.old** folder after Windows Setup is complete.
 
 ## Migrate files and settings
-Migration tools are available to transfer settings from one computer that is running Windows to another. These tools transfer only the program settings, not the programs themselves.
 
-For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](/previous-versions/windows/server/cc722055(v=ws.10)).
+The [User State Migration Tool (USMT)](../usmt/usmt-overview.md) is available to transfer settings:
 
-The User State Migration Tool (USMT) 10.0 is an application intended for administrators who are performing large-scale automated deployments. For deployment to a few computers or for individually customized deployments, you can use Windows Easy Transfer.
+- Between two computers running Windows, also known as a *side-by-side* migration.
+- On a single computer upgrading the version of Windows when not using an in-place upgrade, also known as a *wipe-and-load* or *refresh* migration.
 
-### Migrate with Windows Easy Transfer
-Windows Easy Transfer is a software wizard for transferring files and settings from one computer that is running Windows to another. It helps you select what to move to your new computer, enables you to set which migration method to use, and then performs the transfer. When the transfer has completed, Windows Easy Transfer Reports shows you what was transferred and provides a list of programs you might want to install on your new computer, in addition to links to other programs you might want to download.
-
-With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you can't use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store.
-
-> [!NOTE]
->
-> Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10).
+USMT only transfers the program settings, not the programs themselves. USMT is an application intended for administrators who are performing large-scale automated deployments, but it can also be used in smaller migrations.
 
 ### Migrate with the User State Migration Tool
-You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they're migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded.
+
+USMT can be used to automate migration during large deployments of the Windows operating system. USMT uses XML files that define migration rules. The migration rules can be configured to control exactly what USMT migrates and how it migrates the items. For example, USMT can migrate:
+
+- User accounts, including which specific accounts to migrate.
+- User files, including which specific files to migrate.
+- Operating system settings, including which specific operating system settings to migrate.
+- Settings for some applications, including which specific application settings to migrate.
+
+USMT can be used for the following scenarios:
+
+- **Side-by-side** - migration where one device is replaced with a different device.
+- **Wipe-and-load**/**refresh** - migration where Windows is upgraded on a single device.
 
 > [!IMPORTANT]
 >
-> USMT only supports devices that are joined to a local Active Directory domain. USMT doesn't support Microsoft Entra joined devices. 
+> USMT only supports devices that are joined to a local Active Directory domain. USMT doesn't support Microsoft Entra joined devices.
 
 ## Upgrade and migration considerations
-Whether you're upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
+
+When upgrading or migrating to a new version of Windows, be aware of the following issues and considerations:
 
 ### Application compatibility
-For more information about application compatibility in Windows, see [Use Upgrade Readiness to manage Windows upgrades](/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades).
+
+For more information about application compatibility in Windows, see [Compatibility for Windows 11](/windows/compatibility/windows-11/).
 
 ### Multilingual Windows image upgrades
-When performing multilingual Windows upgrades, cross-language upgrades aren't supported by USMT. If you're upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
 
-If you're using a single-language Windows image that matches the system default UI language of your multilingual operating system, the migration will work. However, all of the language packs will be removed, and you'll have to reinstall them after the upgrade is completed.
+USMT doesn't support cross-language upgrades when performing multilingual Windows upgrades. If upgrading or migrating an operating system with multiple language packs installed, only the system default user interface (UI) language can be upgraded or migrated to. For example, if English is the default but a Spanish language pack is installed, only English can be upgraded or migrated to.
+
+If a single-language Windows image that matches the system default UI language of a multilingual operating system is being used for a *wipe-and-load*/*refresh* migration, the migration works. However, all of the language packs are removed. The language packs will need to be reinstalled after the upgrade is completed.
 
 ### Errorhandler.cmd
-When upgrading from an earlier version of Windows, if you intend to use Errorhandler.cmd, you must copy Errorhandler.cmd into the %WINDIR%\\Setup\\Scripts directory on the old installation. This makes sure that if there are errors during the down-level phase of Windows Setup, the commands in Errorhandler.cmd will run.
 
-### Data drive ACL migration
-During the configuration pass of Windows Setup, the root access control list (ACL) on drives formatted for NTFS that don't appear to have an operating system will be changed to the default Windows XP ACL format. The ACLs on these drives are changed to enable authenticated users to modify access on folders and files.
+If using **Errorhandler.cmd** when upgrading from an earlier version of Windows, copy **Errorhandler.cmd** into the `%WINDIR%\Setup\Scripts` directory on the original installation of Windows. Copying **Errorhandler.cmd** into the `%WINDIR%\Setup\Scripts` directory on the original installation of Windows makes sure that if there are errors during the down-level phase of Windows Setup, the commands in **Errorhandler.cmd** run. For more information, see [Run a script if Windows Setup encounters a fatal error (ErrorHandler.cmd)](/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup#run-a-script-if-windowssetup-encounters-a-fatal-error-errorhandlercmd).
 
-Changing the ACLs may affect the performance of Windows Setup if the default Windows XP ACLs are applied to a partition with a large amount of data. Because of these performance concerns, you can change the following registry value to disable this feature:
+## Related content
 
-``` syntax
-Key: HKLM\System\Setup
-Type: REG_DWORD 
-Value: "DDACLSys_Disabled" = 1
-```
-
-This feature is disabled if this registry key value exists and is configured to `1`.
-
-## Related articles
-[User State Migration Tool (USMT) Overview Topics](../usmt/usmt-topics.md)<BR>
-[Windows 10 upgrade paths](windows-10-upgrade-paths.md)<BR>
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
+- [User State Migration Tool (USMT) overview](../usmt/usmt-overview.md).
+- [Windows upgrade paths](windows-upgrade-paths.md).
+- [Windows edition upgrade](windows-edition-upgrades.md).
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 398bf0db0c..9e1d97ccac 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -6,9 +6,9 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
-ms.date: 01/09/2024
+ms.date: 08/30/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -65,17 +65,17 @@ This article outlines the general process to follow to migrate files and setting
      >
      > USMT fails if it can't migrate a file or setting unless the `/c` option is specified. When the `/c` option is specified, USMT ignores the errors, and logs an error every time that it encounters a file that is being used that USMT didn't migrate. The `<ErrorControl>` section in the `Config.xml` file can be used to specify which errors should be ignored, and which should cause the migration to fail.
 
-1. Run the `ScanState.exe` command on the source computer to collect files and settings. All of the **.xml** files that the `ScanState.exe` command needs to use should be specified. For example,
+1. To collect files and settings, run the `ScanState.exe` command on the source computer. All of the **.xml** files that the `ScanState.exe` command needs to use should be specified. For example,
 
      ```cmd
-        ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
+     ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
      ```
 
      > [!NOTE]
      >
      > The `ScanState.exe` command must be run in **Administrator** mode on the source computer. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md).
 
-1. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the created store isn't corrupted.
+1. To ensure that the created store isn't corrupted, run the `UsmtUtils.exe` command with the `/Verify` option.
 
 ## Step 3: Prepare the destination computer and restore files and settings
 
diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md
index 0c0c0cd136..d189141607 100644
--- a/windows/deployment/usmt/migrate-application-settings.md
+++ b/windows/deployment/usmt/migrate-application-settings.md
@@ -6,8 +6,8 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.date: 01/09/2024
-ms.topic: article
+ms.date: 08/30/2024
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -28,13 +28,13 @@ A test computer that contains the operating system of the source computers shoul
 
 ## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer
 
-Before USMT migrates the settings, check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, USMT still spends time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it could migrate settings that cause the destination computer to function incorrectly. Also determine whether there's more than one version of the application because the new version could store the settings in a different location.  Mismatched application versions could lead to unexpected results on the destination computer.
+Before USMT migrates the settings, check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, USMT still spends time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it could migrate settings that cause the destination computer to function incorrectly. Also determine whether there's more than one version of the application because the new version could store the settings in a different location. Mismatched application versions could lead to unexpected results on the destination computer.
 
-There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It's important to check for both of these items, because sometimes different versions of the same application share the same uninstall key. Even if the key is there, it could correspond to a different version of the application that is wanted.
+There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry. The computer can then be searched for the executable file that installed the application. It's important to check for both of these items, because sometimes different versions of the same application share the same uninstall key. Even if the key is there, it could correspond to a different version of the application that is wanted.
 
 ### Check the registry for an application uninstall key
 
-When many applications are installed (especially those installed using the Microsoft Windows Installer technology), an application uninstall key is created under:
+When many applications are installed, especially those installed using the Microsoft Windows Installer technology, an application uninstall key is created under:
 
 `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall`
 
@@ -44,11 +44,17 @@ For example, when Adobe Acrobat Reader 7 is installed, it creates a key named:
 
 Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. The existence of a registry key can be checked using the `DoesObjectExist` helper function.
 
-Usually, this key can be found by searching under:
+The **Uninstall** registry key for a particular application can be found under the following registry key:
 
 `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall`
 
-for the name of the application, the name of the application executable file, or for the name of the company that makes the application. The Registry Editor, `Regedit.exe` located in the `%SystemRoot%`, can be used to search the registry.
+To find the **Uninstall** key for a specific application, search for one of the following items under the **Uninstall** registry key:
+
+- Name of the application.
+- Name of the application executable file.
+- Name of the company that makes the application.
+
+To search the registry, use the Registry Editor `Regedit.exe`. `Regedit.exe` is located in the path stored in `%SystemRoot%`, normally `C:\Windows`.
 
 ### Check the file system for the application executable file
 
@@ -76,7 +82,7 @@ Next, go through the user interface and make a list of all of the available sett
      >
      > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the `%UserProfile%` directory, and the settings stored in the registry are under the `HKEY_CURRENT_USER` hive. For these applications, the output of the file and registry monitoring tools can be filtered to show activity only under these locations. This filtering considerably reduces the amount of output that needs to be examined.
 
-1. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when the setting was changed. Make sure the changes made actually take effect. For example, if changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically doesn't take effect until the dialog box is closed by selecting **OK**.
+1. Start the monitoring tools, change a setting, and look for registry and file system writes that occurred when the setting was changed. Make sure the changes made actually take effect. For example, if changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically doesn't take effect until the dialog box is closed by selecting **OK**.
 
 1. When the setting is changed, note the changes to the file system and registry. There could be more than one file or registry values for each setting. The minimal set of file and registry changes that are required to change this setting should be identified. This set of files and registry keys is what needs to be migrated in order to migrate the setting.
 
diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md
index a78ca35e20..f0fdf74531 100644
--- a/windows/deployment/usmt/migration-store-types-overview.md
+++ b/windows/deployment/usmt/migration-store-types-overview.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md
index 37d0ee09aa..8e72361a5d 100644
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md
index a0a19e6b05..3adb68387b 100644
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index 389249762f..4ebf6ff55f 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md
index 3fa1d56d53..1847cce5d9 100644
--- a/windows/deployment/usmt/usmt-choose-migration-store-type.md
+++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md
index 7910d461e3..4844937b52 100644
--- a/windows/deployment/usmt/usmt-command-line-syntax.md
+++ b/windows/deployment/usmt/usmt-command-line-syntax.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md
index 3cd5309aed..1685667185 100644
--- a/windows/deployment/usmt/usmt-common-migration-scenarios.md
+++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index 4e57000ce6..c0e4682965 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
index 3bcd0d7bad..f9874a4d2f 100644
--- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md
+++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md
index 18b3331ea4..130f3031c8 100644
--- a/windows/deployment/usmt/usmt-custom-xml-examples.md
+++ b/windows/deployment/usmt/usmt-custom-xml-examples.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 ms.date: 01/09/2024
 appliesto:
diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md
index 33c3120090..8eefa733d4 100644
--- a/windows/deployment/usmt/usmt-customize-xml-files.md
+++ b/windows/deployment/usmt/usmt-customize-xml-files.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
index 68e87f678b..bad57314e9 100644
--- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md
+++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
index 8db55b2eae..014e48a76e 100644
--- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md
+++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
index 221ef98e11..354badb01a 100644
--- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
index c39ac18b5a..59234776e5 100644
--- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index f0e8b6df67..38b66a02b6 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md
index fb1b03a426..d2cae89bc7 100644
--- a/windows/deployment/usmt/usmt-hard-link-migration-store.md
+++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md
index 7008393b54..591b1d3804 100644
--- a/windows/deployment/usmt/usmt-how-it-works.md
+++ b/windows/deployment/usmt/usmt-how-it-works.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 ms.date: 01/09/2024
 appliesto:
diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md
index 5356e4e408..c3589124d1 100644
--- a/windows/deployment/usmt/usmt-how-to.md
+++ b/windows/deployment/usmt/usmt-how-to.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md
index 588764266d..feca874008 100644
--- a/windows/deployment/usmt/usmt-identify-application-settings.md
+++ b/windows/deployment/usmt/usmt-identify-application-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
index db8587a5a5..e5b15c352d 100644
--- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
index 5d8c14a899..cedbe8d1f9 100644
--- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md
+++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md
index 6f3195fe0a..736881d3b3 100644
--- a/windows/deployment/usmt/usmt-identify-users.md
+++ b/windows/deployment/usmt/usmt-identify-users.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ms.subservice: itpro-deploy
 ms.date: 01/09/2024
diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md
index aa89ea14d0..f4d79a27f2 100644
--- a/windows/deployment/usmt/usmt-include-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-include-files-and-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md
index c13a48e0c7..a4bf1f2eeb 100644
--- a/windows/deployment/usmt/usmt-loadstate-syntax.md
+++ b/windows/deployment/usmt/usmt-loadstate-syntax.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 04/30/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index 53b4df1789..70f159b544 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
index eeb1b3c15f..39944f9a6a 100644
--- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index 898de489c6..41f319446d 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md
index 17d6643a94..b5dc3eb5fe 100644
--- a/windows/deployment/usmt/usmt-migration-store-encryption.md
+++ b/windows/deployment/usmt/usmt-migration-store-encryption.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md
index 806b4afc87..20bbc09ad5 100644
--- a/windows/deployment/usmt/usmt-plan-your-migration.md
+++ b/windows/deployment/usmt/usmt-plan-your-migration.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md
index e81d243feb..9581170803 100644
--- a/windows/deployment/usmt/usmt-reference.md
+++ b/windows/deployment/usmt/usmt-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md
index cdb3d41096..26b5f86f7a 100644
--- a/windows/deployment/usmt/usmt-requirements.md
+++ b/windows/deployment/usmt/usmt-requirements.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 04/30/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
index 247311e3eb..f002c6d337 100644
--- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md
index 18a09528cb..239d7be582 100644
--- a/windows/deployment/usmt/usmt-resources.md
+++ b/windows/deployment/usmt/usmt-resources.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index 82d4e9ada4..24f73b72d1 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 04/30/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md
index 6a7de9fd90..1254f4fef0 100644
--- a/windows/deployment/usmt/usmt-technical-reference.md
+++ b/windows/deployment/usmt/usmt-technical-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md
index b4a39f6bfd..57767aecf4 100644
--- a/windows/deployment/usmt/usmt-test-your-migration.md
+++ b/windows/deployment/usmt/usmt-test-your-migration.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md
index 8b868f1fec..e3be3d8fd0 100644
--- a/windows/deployment/usmt/usmt-topics.md
+++ b/windows/deployment/usmt/usmt-topics.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md
index e3c14bf619..3e85b84a37 100644
--- a/windows/deployment/usmt/usmt-troubleshooting.md
+++ b/windows/deployment/usmt/usmt-troubleshooting.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md
index 2ccde56d88..20c70db094 100644
--- a/windows/deployment/usmt/usmt-utilities.md
+++ b/windows/deployment/usmt/usmt-utilities.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
index b069f9ac46..e03e8db9c0 100644
--- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
+++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/18/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md
index 7e06dffcf9..a4694c75a9 100644
--- a/windows/deployment/usmt/usmt-xml-elements-library.md
+++ b/windows/deployment/usmt/usmt-xml-elements-library.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 4bc9ba48e0..3b1f32fc27 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index 2f66da5edc..818a24659e 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md
index 3182faf447..7d1969ad11 100644
--- a/windows/deployment/usmt/xml-file-requirements.md
+++ b/windows/deployment/usmt/xml-file-requirements.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/09/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 0e1c0ccf66..c84c5ffc60 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -2,11 +2,11 @@
 title: Configure VDA for Windows subscription activation
 description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
+ms.subservice: activation
 ms.localizationpriority: medium
 ms.topic: how-to
 ms.date: 11/14/2023
diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
index 4c3cae83e2..77b2422ad4 100644
--- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
@@ -1,17 +1,17 @@
 ---
-title: Activate by Proxy an Active Directory Forest (Windows 10)
+title: Activate by proxy an Active Directory forest
 description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Activate by Proxy an Active Directory Forest
+# Activate by proxy an Active Directory forest
 
 You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that doesn't have Internet access. ADBA enables certain volume products to inherit activation from the domain.
 
@@ -64,4 +64,4 @@ VAMT displays the **Activating Active Directory** dialog box until it completes
 
 ## Related articles
 
-- [Add and Remove Computers](add-remove-computers-vamt.md)
+[Add and remove computers](add-remove-computers-vamt.md)
diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md
index 82278ce278..38a2b96e60 100644
--- a/windows/deployment/volume-activation/activate-forest-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-vamt.md
@@ -1,17 +1,17 @@
 ---
-title: Activate an Active Directory Forest Online (Windows 10)
+title: Activate an Active Directory forest online
 description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Activate an Active Directory Forest Online
+# Activate an Active Directory forest online
 
 You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain.
 
@@ -51,5 +51,6 @@ The activated object and the date that it was created appear in the **Active Dir
 
 ## Related articles
 
-- [Scenario 1: Online Activation](scenario-online-activation-vamt.md)
-- [Add and Remove Computers](add-remove-computers-vamt.md)
+- [Scenario 1: online activation](scenario-online-activation-vamt.md)
+
+- [Add and remove computers](add-remove-computers-vamt.md)
diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
index 1510e640eb..9db83f0d61 100644
--- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
+++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
@@ -1,18 +1,15 @@
 ---
 title: Activate using Active Directory-based activation
 description: Learn how active directory-based activation is implemented as a role service that relies on Active Directory Domain Services (ADDS) to store activation objects.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-author: frankroj
-ms.author: frankroj
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
+ms.subservice: activation
 ms.localizationpriority: medium
 ms.date: 03/29/2024
 ms.topic: how-to
-ms.collection:
-  - highpri
-  - tier2
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -28,8 +25,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 Active Directory-based activation is implemented as a role service that relies on Active Directory Domain Services (ADDS) to store activation objects. Active Directory-based activation requires updating the forest schema with `adprep.exe` on a supported server OS. After the schema is updated, older domain controllers can still activate clients.
 
diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
index edc0003a75..8b7cb6f4a1 100644
--- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
+++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
@@ -1,18 +1,15 @@
 ---
 title: Activate using Key Management Service
 description: Learn how to use Key Management Service (KMS) to activate Windows.
-ms.reviewer: nganguly
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
-author: frankroj
-manager: aaroncz
-ms.author: frankroj
+ms.subservice: activation
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
+ms.reviewer: nganguly
 ms.localizationpriority: medium
 ms.date: 03/29/2024
 ms.topic: how-to
-ms.collection:
-  - highpri
-  - tier2
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -27,8 +24,8 @@ appliesto:
 >
 > For information on retail activation, see the following articles:
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/)
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227)
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0)
 
 Volume activation can be performed via Key Management Service (KMS). KMS can be hosted either on a client version of Windows or on Windows Server.
 
diff --git a/windows/deployment/volume-activation/activate-windows-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-clients-vamt.md
index 46d76cbe54..73e7931626 100644
--- a/windows/deployment/volume-activation/activate-windows-clients-vamt.md
+++ b/windows/deployment/volume-activation/activate-windows-clients-vamt.md
@@ -1,15 +1,15 @@
 ---
 title: Activate clients running Windows
 description: Activate clients running Windows after configuring Key Management Service (KMS) or Active Directory-based activation.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
 ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -24,8 +24,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 After Key Management Service (KMS) or Active Directory-based activation is configured in a network, activating a client running Windows is easy. If the computer is configured with a Generic Volume License Key (GVLK), IT or the user don't need to take any action. It just works.
 
diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
index 3d293922bf..fd7cd2b724 100644
--- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md
+++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
@@ -1,14 +1,14 @@
 ---
-title: Active Directory-Based Activation Overview (Windows 10)
+title: Active Directory-based activation overview
 description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Active Directory-Based Activation overview
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
deleted file mode 100644
index f4fc72f1ab..0000000000
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Add and Manage Products
-description: Add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, the products that are installed in the network can be managed.
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
----
-
-# Add and manage products
-
-This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, the products that are installed in the network can be managed.
-
-## In this Section
-
-|Article |Description |
-|-------|------------|
-|[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. |
-|[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. |
-|[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. |
diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md
index 4ee747359f..b65f84be73 100644
--- a/windows/deployment/volume-activation/add-remove-computers-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md
@@ -1,14 +1,14 @@
 ---
-title: Add and Remove Computers (Windows 10)
-description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query.
+title: Add and remove computers
+description: The discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Add and remove computers
@@ -71,4 +71,6 @@ You can delete a computer by clicking on it in the product list view, and then c
 
 ## Related articles
 
-- [Add and Manage Products](add-manage-products-vamt.md)
+[Update product status](update-product-status-vamt.md)
+
+[Remove products](remove-products-vamt.md)
diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
index 89439e87f0..d9c59f7363 100644
--- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
@@ -1,14 +1,14 @@
 ---
-title: Add and Remove a Product Key (Windows 10)
+title: Add and remove a product key
 description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Add and remove a product key
@@ -38,4 +38,6 @@ Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSV
 
 ## Related articles
 
-- [Manage Product Keys](manage-product-keys-vamt.md)
+[Install a product key](install-product-key-vamt.md)
+
+[Install a KMS client key](install-kms-client-key-vamt.md)
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index 4346a5ce67..e6b79a4fad 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -1,15 +1,15 @@
 ---
-title: Appendix Information sent to Microsoft during activation
+title: Appendix information sent to Microsoft during activation
 description: Learn about the information sent to Microsoft during activation.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
+ms.subservice: activation
 ms.localizationpriority: medium
 ms.date: 03/29/2024
-ms.topic: article
+ms.topic: reference
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -24,8 +24,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 When a computer running a currently supported version of Windows is activated, the following information is sent to Microsoft:
 
@@ -78,8 +78,4 @@ Standard computer information is also sent, but the computer's IP address is onl
 
 Microsoft uses the information to confirm a properly licensed copy of the software. Microsoft doesn't use the information to contact individual consumers.
 
-For more information, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
-
-## Related content
-
-- [Volume Activation for Windows](volume-activation-windows.md).
+For more information, see [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md
index 5b39a2996e..738815801b 100644
--- a/windows/deployment/volume-activation/configure-client-computers-vamt.md
+++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md
@@ -1,14 +1,14 @@
 ---
-title: Configure Client Computers (Windows 10)
+title: Configure client computers
 description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-author: frankroj
-ms.author: frankroj
-ms.service: windows-client
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Configure client computers
@@ -62,9 +62,9 @@ Enable the VAMT to access client computers across multiple subnets using the **W
    - Windows Management Instrumentation (WMI-In)
 
 4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
-  
+
 5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
-  
+
    - On the **General** tab, select the **Allow the connection** checkbox.
 
    - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
@@ -109,4 +109,6 @@ The above configurations will open an additional port through the Windows Firewa
 
 ## Related articles
 
-- [Install and Configure VAMT](install-configure-vamt.md)
+[VAMT requirements](vamt-requirements.md)
+
+[Install VAMT](install-vamt.md)
diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md
index 888523a907..86d27603bc 100644
--- a/windows/deployment/volume-activation/import-export-vamt-data.md
+++ b/windows/deployment/volume-activation/import-export-vamt-data.md
@@ -1,12 +1,12 @@
 ---
 title: Import and export VAMT data
 description: Learn how to use the VAMT to import product-activation data from a file into SQL Server.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
-author: frankroj
+ms.subservice: activation
 ms.date: 11/07/2022
 ms.topic: how-to
 ---
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
deleted file mode 100644
index fa8087423a..0000000000
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: Install and Configure VAMT
-description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process.
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.localizationpriority: medium
-ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
----
-
-# Install and configure VAMT
-
-This section describes how to install and configure the Volume Activation Management Tool (VAMT).
-
-## In this section
-
-|Article |Description |
-|-------|------------|
-|[VAMT Requirements](vamt-requirements.md) |Provides system requirements for installing VAMT on a host computer. |
-|[Install VAMT](install-vamt.md) |Describes how to get and install VAMT. |
-|[Configure Client Computers](configure-client-computers-vamt.md) |Describes how to configure client computers in the network to work with VAMT. |
-
-## Related content
-
-- [Introduction to VAMT](introduction-vamt.md).
diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
index 0c65b30992..4ef1a2e420 100644
--- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md
+++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
@@ -1,25 +1,25 @@
 ---
-title: Install a KMS Client Key (Windows 10)
+title: Install a KMS client key
 description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Install a KMS Client Key
+# Install a KMS client key
 
 You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you're converting a MAK-activated product to KMS activation.
 
 > [!NOTE]
 > By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products.
 
-## To install a KMS Client key
+## To install a KMS client key
 
 1. Open VAMT.
 
@@ -47,4 +47,8 @@ You can use the Volume Activation Management Tool (VAMT) to install Generic Volu
 
 ## Related articles
 
-- [Perform KMS Activation](kms-activation-vamt.md)
+[Run KMS activation](kms-activation-vamt.md)
+
+[Add and remove a product key](add-remove-product-key-vamt.md)
+
+[Install a product key](install-product-key-vamt.md)
diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md
index fec886a0b7..e18cd1b595 100644
--- a/windows/deployment/volume-activation/install-product-key-vamt.md
+++ b/windows/deployment/volume-activation/install-product-key-vamt.md
@@ -1,22 +1,22 @@
 ---
-title: Install a Product Key (Windows 10)
+title: Install a product key
 description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Install a Product Key
+# Install a product key
 
 You can use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
 
-## To install a Product key
+## To install a product key
 
 1. Open VAMT.
 
@@ -47,4 +47,6 @@ You can use the Volume Activation Management Tool (VAMT) to install retail, Mult
 
 ## Related articles
 
-- [Manage Product Keys](manage-product-keys-vamt.md)
+[Add and remove a product key](add-remove-product-key-vamt.md)
+
+[Install a KMS client key](install-kms-client-key-vamt.md)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 8c43c6cda6..625715f83d 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -1,15 +1,15 @@
 ---
 title: Install VAMT
 description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
 ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index ae69a809d3..22f9870649 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -1,12 +1,12 @@
 ---
-title: Introduction to VAMT (Windows 10)
+title: Introduction to VAMT
 description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
-author: frankroj
+ms.subservice: activation
 ms.date: 11/07/2022
 ms.topic: overview
 ---
@@ -64,4 +64,4 @@ VAMT provides a single, graphical user interface for managing activations, and f
 
 ## Next steps
 
-[VAMT step-by-step scenarios](vamt-step-by-step.md)
+[VAMT requirements](vamt-requirements.md)
diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md
index 97e5bcca16..600f82bc55 100644
--- a/windows/deployment/volume-activation/kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/kms-activation-vamt.md
@@ -1,19 +1,19 @@
 ---
-title: Perform KMS Activation (Windows 10)
-description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS).
+title: Run KMS activation
+description: The Volume Activation Management Tool (VAMT) can be used to run volume activation using the Key Management Service (KMS).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Perform KMS activation
+# Run KMS activation
 
-The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products.
+The Volume Activation Management Tool (VAMT) can be used to run volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products.
 
 ## Requirements
 
@@ -47,7 +47,7 @@ Before configuring KMS activation, ensure that your network and VAMT installatio
 
 5. Select **Apply**, and then select **OK** to close the **Volume Activation Management Tool Preferences** dialog box.
 
-6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
 
     - To filter the list by computer name, enter a name in the **Computer Name** box.
 
@@ -61,3 +61,11 @@ Before configuring KMS activation, ensure that your network and VAMT installatio
 
 10. If you're supplying alternate credentials, at the prompt, type the appropriate user name and password and select **OK**.
 VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane.
+
+## Related articles
+
+[Run online activation](online-activation-vamt.md)
+
+[Run proxy activation](proxy-activation-vamt.md)
+
+[Run local reactivation](local-reactivation-vamt.md)
diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md
index 277342a97d..648bc3fb1a 100644
--- a/windows/deployment/volume-activation/local-reactivation-vamt.md
+++ b/windows/deployment/volume-activation/local-reactivation-vamt.md
@@ -1,17 +1,17 @@
 ---
-title: Perform Local Reactivation (Windows 10)
+title: Run local reactivation
 description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Perform local reactivation
+# Run local reactivation
 
 If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer.
 Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key.
@@ -19,7 +19,7 @@ Local reactivation relies upon data that was created during the initial proxy ac
 > [!NOTE]
 > During the initial proxy activation, the CID is bound to a digital "fingerprint", which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft.
 
-## To perform a local reactivation
+## To run a local reactivation
 
 1. Open VAMT. Make sure that you're connected to the desired database.
 
@@ -51,4 +51,8 @@ Local reactivation relies upon data that was created during the initial proxy ac
 
 ## Related article
 
-- [Manage Activations](manage-activations-vamt.md)
+[Run online activation](online-activation-vamt.md)
+
+[Run proxy activation](proxy-activation-vamt.md)
+
+[Run KMS activation](kms-activation-vamt.md)
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
deleted file mode 100644
index 9216ff075c..0000000000
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Manage Activations
-description: Learn how to manage activations and how to activate a client computer by using various activation methods.
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
----
-
-# Manage Activations
-
-This section describes how to activate a client computer, by using various activation methods.
-
-## In this Section
-
-|Article |Description |
-|-------|------------|
-|[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. |
-|[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that don't have Internet access. |
-|[Perform KMS Activation](kms-activation-vamt.md) |Describes how to perform volume activation using the Key Management Service (KMS). |
-|[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. |
-|[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to activate an Active Directory forest, online. |
-|[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that isn't connected to the Internet. |
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
deleted file mode 100644
index 15579d3b82..0000000000
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Manage Product Keys
-description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT).
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
----
-
-# Manage Product Keys
-
-This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After a product key is added to VAMT, that product key can be installed on a product, or products selected in the VAMT database.
-
-## In this Section
-
-|Article |Description |
-|-------|------------|
-|[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. |
-|[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. |
-|[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. |
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
deleted file mode 100644
index de933e88c8..0000000000
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-title: Manage VAMT Data
-description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
----
-
-# Manage VAMT Data
-
-This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
-
-## In this Section
-
-|Article |Description |
-|-------|------------|
-|[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
-|[Use VAMT in Windows PowerShell](use-vamt-in-windows-powershell.md) |Describes how to access Windows PowerShell and how to import the VAMT PowerShell module. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 8a59c549bd..c55011bfdc 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -1,14 +1,14 @@
 ---
 title: Monitor activation
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
 description: Understand the most common methods to monitor the success of the activation process for a computer running Windows.
-ms.service: windows-client
-author: frankroj
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
+ms.reviewer: nganguly
 ms.localizationpriority: medium
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ms.date: 03/29/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -24,8 +24,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 The success of the activation process for a computer running Windows can be monitored in several ways. The most popular methods include:
 
@@ -39,10 +39,10 @@ The success of the activation process for a computer running Windows can be moni
 
 - Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
 
-- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
+- See [Troubleshooting activation error codes](/troubleshoot/windows-server/licensing-and-activation/troubleshoot-activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
 
-- The Volume Activation Management Tool (VAMT) provides a single site from which to manage and monitor volume activations. This feature is explained in the next section.
+- The Volume Activation Management Tool (VAMT) provides a single site from which to manage and monitor volume activations. For more information, see [Introduction to VAMT](introduction-vamt.md).
 
 ## Related content
 
-- [Volume Activation for Windows](volume-activation-windows.md).
+[Volume activation for Windows](volume-activation-windows.md).
diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md
index 537f46d71e..1fe1d34886 100644
--- a/windows/deployment/volume-activation/online-activation-vamt.md
+++ b/windows/deployment/volume-activation/online-activation-vamt.md
@@ -1,35 +1,35 @@
 ---
-title: Perform Online Activation (Windows 10)
+title: Run online activation
 description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Perform online activation
+# Run online activation
 
-You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the Internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key.
+You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key.
 
 ## Requirements
 
-Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
+Before running online activation, ensure that the network and the VAMT installation meet the following requirements:
 
 - VAMT is installed on a central computer that has network access to all client computers.
 
-- Both the VAMT host and client computers have Internet access.
+- Both the VAMT host and client computers have internet access.
 
 - The products that you want to activate are added to VAMT.
 
-- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
-The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
+The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires internet access and that the remaining activation count can only be retrieved for MAKs.
 
-## To perform an online activation
+## To run an online activation
 
 1. Open VAMT.
 
@@ -54,11 +54,15 @@ The product keys that are installed on the client products must have a sufficien
     The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
 
     > [!NOTE]
-    > Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation.
+    > Online activation doesn't enable you to save the Confirmation IDs (CIDs). As a result, you can't run local reactivation.
 
-    > [!NOTE]  
+    > [!NOTE]
     > You can use online activation to select products that have different key types and activate the products at the same time.
 
 ## Related articles
 
-- [Manage activations](manage-activations-vamt.md)
+[Run proxy activation](proxy-activation-vamt.md)
+
+[Run KMS activation](kms-activation-vamt.md)
+
+[Run local reactivation](local-reactivation-vamt.md)
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index 7702949941..73cd02164b 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -1,14 +1,14 @@
 ---
 title: Plan for volume activation
 description: Product activation is the process of validating software with the manufacturer after it's installed on a specific computer.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ms.date: 03/29/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -24,8 +24,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 *Product activation* is the process of validating software with the manufacturer after it's installed on a specific computer. Activation confirms that the product is genuine and not a fraudulent copy. Activation also confirms that the product key or serial number is valid and isn't compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
 
@@ -76,7 +76,7 @@ With a retail product, the Volume Activation Management Tool (VAMT), which is di
 - Telephone activation.
 - VAMT proxy activation.
 
-Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation with retail keys is sometimes used when an IT department wants to centralize retail activations. VAMT can also be used when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, the best method or combination of methods must be determined to use in the environment. For currently supported versions of Windows Pro and Enterprise, one of the following three models can be chosen:
+Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation with retail keys is sometimes used when an IT department wants to centralize retail activations. VAMT can also be used when a computer with a retail version of the operating system is isolated from the internet but connected to the LAN. For volume-licensed products, however, the best method or combination of methods must be determined to use in the environment. For currently supported versions of Windows Pro and Enterprise, one of the following three models can be chosen:
 
 - Multiple Activation Keys (MAK).
 - KMS.
@@ -97,7 +97,7 @@ To use a MAK, the computers to be activated must have a MAK installed. The MAK i
 
 In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can help with tracking the number of performed activations with each key and how many activations remain.
 
-Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases. However, the number of activations that are available can be increased with the MAK by calling Microsoft.
+Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://admin.microsoft.com/adminportal/home#/subscriptions/vlnew) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases. However, the number of activations that are available can be increased with the MAK by calling Microsoft.
 
 ### Key Management Service
 
@@ -121,7 +121,7 @@ A modern business network has many nuances and interconnections. This section ex
 
 ### Core network
 
-The organization's core network is that part of the network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet. However, Internet connectivity isn't a requirement to use the KMS or Active Directory-based activation after the KMS server or ADDS is configured and active. The organization's core network likely consists of many network segments. In many organizations, the core network makes up most of the business network.
+The organization's core network is that part of the network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the internet. However, internet connectivity isn't a requirement to use the KMS or Active Directory-based activation after the KMS server or ADDS is configured and active. The organization's core network likely consists of many network segments. In many organizations, the core network makes up most of the business network.
 
 In the core network, a centralized KMS solution is recommended. Active Directory-based activation can also be used, but in many organizations, KMS might still be required to computers that aren't joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in the organization are running currently supported versions of Windows.
 
@@ -163,7 +163,7 @@ If the network is fully isolated, MAK-independent activation would be the recomm
 
 #### Branch offices and distant networks
 
-From mining operations to ships at sea, organizations often have a few computers that aren't easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. There are several options in these situations:
+From mining operations to ships at sea, organizations often have a few computers that aren't easily connected to the core network or the internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. There are several options in these situations:
 
 - **Active Directory-based activation**. In any site where the client computers are running currently supported versions of Windows, Active Directory-based activation is supported, and it can be activated by joining the domain.
 
@@ -183,7 +183,7 @@ Active Directory-based activation can be used on computers when they meet the fo
 - The computer is running a currently supported version of Windows or Windows Server.
 - The computer connects to the domain at least once every 180 days, either directly or through a VPN.
 
-Otherwise for computers that rarely or never connect to the network, MAK independent activation should be used either via the telephone or the Internet.
+Otherwise for computers that rarely or never connect to the network, MAK independent activation should be used either via the telephone or the internet.
 
 ### Test and development labs
 
@@ -215,13 +215,13 @@ By evaluating network connectivity and the numbers of computers at each site, th
 
 When it's know which keys are needed, the keys must be obtained. Generally speaking, volume licensing keys are collected in two ways:
 
-- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
+- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://admin.microsoft.com/adminportal/home#/subscriptions/vlnew) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
 
-- Contact the [Microsoft activation center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
+- Contact the [Microsoft activation center](https://www.microsoft.com/licensing/existing-customer/activation-centers).
 
 ### KMS host keys
 
-A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is referred to as the *KMS host key*, but it's formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Some documentation and Internet references use the term KMS key, but CSVLK is the proper name for current documentation and management tools.
+A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is referred to as the *KMS host key*, but it's formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Some documentation and internet references use the term KMS key, but CSVLK is the proper name for current documentation and management tools.
 
 A KMS host running a currently supported version of Windows Server can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in ADDS, as described later in this guide. A KMS host key is needed for any KMS that is set up. Additionally, it needs to be determined if Active Directory-based activation will be used.
 
@@ -274,4 +274,4 @@ The flow of KMS activation is shown in Figure 3, and it follows this sequence:
 
 ## Related content
 
-- [Volume Activation for Windows](volume-activation-windows.md).
+- [Volume activation for Windows](volume-activation-windows.md).
diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md
index 9e14cf5631..4c5908840c 100644
--- a/windows/deployment/volume-activation/proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/proxy-activation-vamt.md
@@ -1,30 +1,30 @@
 ---
-title: Perform Proxy Activation (Windows 10)
-description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that don't have Internet access.
+title: Run proxy activation
+description: Run proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that don't have internet access.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Perform Proxy Activation
+# Run proxy activation
 
-You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that don't have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key.
+You can use the Volume Activation Management Tool (VAMT) to run activation for client computers that don't have internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key.
 
-In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access.
+In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs internet access.
 
 > [!NOTE]
-> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet.
+> For workgroups that are completely isolated from any larger network, you can still run MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the internet.
 
 ## Requirements
 
-Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements:
+Before running proxy activation, ensure that your network and the VAMT installation meet the following requirements:
 
-- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup.
+- There's an instance of VAMT that is installed on a computer that has internet access. If you're running proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup.
 
 - The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products haven't been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key.
 
@@ -32,9 +32,9 @@ Before performing proxy activation, ensure that your network and the VAMT instal
 
 - For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
-    The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
+    The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires internet access and that the remaining activation count can only be retrieved for MAKs.
 
-## To Perform Proxy Activation
+## To run proxy activation
 
 1. Open VAMT.
 
@@ -66,3 +66,11 @@ Before performing proxy activation, ensure that your network and the VAMT instal
 
     > [!NOTE]
     You can use proxy activation to select products that have different key types and activate the products at the same time.
+
+## Related articles
+
+[Run online activation](online-activation-vamt.md)
+
+[Run KMS activation](kms-activation-vamt.md)
+
+[Run local reactivation](local-reactivation-vamt.md)
diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md
index 2b49facf89..1800bc6d71 100644
--- a/windows/deployment/volume-activation/remove-products-vamt.md
+++ b/windows/deployment/volume-activation/remove-products-vamt.md
@@ -1,14 +1,14 @@
 ---
-title: Remove Products (Windows 10)
+title: Remove products
 description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Remove products
@@ -37,4 +37,6 @@ To remove one or more products from the Volume Activation Management Tool (VAMT)
 
 ## Related articles
 
-- [Add and Manage Products](add-manage-products-vamt.md)
+[Add and remove computers](add-remove-computers-vamt.md)
+
+[Update product status](update-product-status-vamt.md)
diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
index 0dc03e90e0..8fd2902673 100644
--- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
@@ -1,19 +1,19 @@
 ---
-title: Scenario 3 KMS Client Activation (Windows 10)
+title: Scenario 3 - KMS client activation
 description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Scenario 3: KMS client activation
 
-In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This type of activation can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You don't have to enter a key to activate a product as a GVLK, unless you're converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
+In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This type of activation can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You don't have to enter a key to activate a product as a GVLK, unless you're converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS client key](install-kms-client-key-vamt.md).
 
 The procedure that is described below assumes the following configuration:
 
@@ -56,4 +56,8 @@ The same status is shown under the **Status of Last Action** column in the produ
 
 ## Related articles
 
-- [VAMT step-by-step scenarios](vamt-step-by-step.md)
+[Run KMS activation](kms-activation-vamt.md)
+
+[Activate using Key Management Service](activate-using-key-management-service-vamt.md)
+
+[Install a KMS client key](install-kms-client-key-vamt.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 1f573be911..543fd58ec8 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -1,17 +1,17 @@
 ---
-title: Scenario 1 Online Activation (Windows 10)
+title: Scenario 1 - online activation
 description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Scenario 1: Online Activation
+# Scenario 1: online activation
 
 In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types:
 
@@ -36,10 +36,10 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 ## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers
 
-- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
     > [!NOTE]
-    > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+    > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
 ## Step 3: Connect to a VAMT database
 
@@ -47,7 +47,7 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 2. Select **Connect**.
 
-3. If you're already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md)
+3. If you're already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Import and export VAMT data](import-export-vamt-data.md).
 
 ## Step 4: Discover products
 
@@ -57,11 +57,11 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query:
 
-    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a".
+    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (`*`) wildcard. For example, typing `a*` will display only those computer names that start with the letter "a".
 
     - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing.
 
-    - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
+    - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (`*`) wildcard. For example, typing `a*` will display only computer names that start with the letter "a".
 
     - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks.
 
@@ -101,7 +101,7 @@ To collect the status from select computers in the database, you can select comp
 
 - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane.
 
-  > [!NOTE]  
+  > [!NOTE]
   > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
 
 ## Step 7: Add product keys and determine the remaining activation count
@@ -156,4 +156,4 @@ To collect the status from select computers in the database, you can select comp
 
 ## Related articles
 
-- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
+[Run online activation](online-activation-vamt.md)
diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
index 654a67b2b3..f9c365a5d9 100644
--- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
@@ -1,34 +1,34 @@
 ---
-title: Scenario 2 Proxy Activation (Windows 10)
+title: Scenario 2 - proxy activation
 description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
-# Scenario 2: Proxy Activation
+# Scenario 2: proxy activation
 
-In this scenario, the Volume Activation Management Tool (VAMT) is used to activate products that are installed on workgroup computers in an isolated lab environment. For workgroups that are isolated from the larger network, you can perform proxy activation of Multiple Activation Keys (MAKs), KMS Host keys (CSVLKs), Generic Volume License Keys (GVLKs) (or KMS client keys), or retail keys. Proxy activation is performed by installing a second instance of VAMT on a computer in the isolated workgroup. You can then use removable media to transfer VAMT Computer Information Lists (CILXs) between the instance of VAMT in the isolated workgroup and another VAMT host that has Internet access. The following diagram shows a Multiple Activation Key (MAK) proxy activation scenario:
+In this scenario, the Volume Activation Management Tool (VAMT) is used to activate products that are installed on workgroup computers in an isolated lab environment. For workgroups that are isolated from the larger network, you can perform proxy activation of Multiple Activation Keys (MAKs), KMS Host keys (CSVLKs), Generic Volume License Keys (GVLKs) (or KMS client keys), or retail keys. Proxy activation is performed by installing a second instance of VAMT on a computer in the isolated workgroup. You can then use removable media to transfer VAMT Computer Information Lists (CILXs) between the instance of VAMT in the isolated workgroup and another VAMT host that has internet access. The following diagram shows a Multiple Activation Key (MAK) proxy activation scenario:
 
 ![VAMT MAK proxy activation scenario.](images/dep-win8-l-vamt-makproxyactivationscenario.jpg)
 
-## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab
+## Step 1: Install VAMT on a workgroup computer in the isolated lab
 
 1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012.
 
 2. Select the VAMT icon in the **Start** menu to open VAMT.
 
-## Step 2: Configure the Windows Management Instrumentation Firewall Exception on target computers
+## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers
 
-- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
     > [!NOTE]
-    > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+    > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
 ## Step 3: Connect to a VAMT database
 
@@ -36,7 +36,7 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa
 
 2. Select **Connect**.
 
-3. If you're already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md)
+3. If you're already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Import and export Volume Activation Management Tool data](import-export-vamt-data.md).
 
 ## Step 4: Discover products
 
@@ -46,7 +46,7 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa
 
 3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query:
 
-    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
+    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (`*`) wildcard. For example, typing `a*` will display only computer names that start with the letter "a".
 
     - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported.
 
@@ -91,10 +91,10 @@ To collect the status from select computers in the database, you can select comp
 
 - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane.
 
-  > [!NOTE]  
+  > [!NOTE]
   > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
 
-## Step 7: Add Product Keys
+## Step 7: Add product keys
 
 1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
 
@@ -106,7 +106,7 @@ To collect the status from select computers in the database, you can select comp
 
     The keys that you have added appear in the **Product Keys** list view in the center pane.
 
-## Step 8: Install the Product Keys on the Isolated Lab Computers
+## Step 8: Install the product keys on the isolated lab computers
 
 1. In the left-side pane, in the **Products** node select the product that you want to install keys onto.
 
@@ -130,7 +130,7 @@ To collect the status from select computers in the database, you can select comp
 
 ## Step 9: Export VAMT data to a `.cilx` file
 
-In this step, you export VAMT from the workgroup's host computer and save it in a `.cilx` file. Then you copy the `.cilx` file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it's critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products.
+In this step, you export VAMT from the workgroup's host computer and save it in a `.cilx` file. Then you copy the `.cilx` file to removable media so that you can take it to a VAMT host computer that is connected to the internet. In MAK proxy activation, it's critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products.
 
 1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products.
 
@@ -157,7 +157,7 @@ In this step, you export VAMT from the workgroup's host computer and save it in
 
 ## Step 10: Acquire confirmation IDs from Microsoft on the internet connected host computer
 
-1. Insert the removable media into the VAMT host that has Internet access.
+1. Insert the removable media into the VAMT host that has internet access.
 
 2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane.
 
@@ -167,9 +167,9 @@ In this step, you export VAMT from the workgroup's host computer and save it in
 
 5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Select **OK** to close the message.
 
-## Step 11: Import the `.cilx` file onto the VAMT host within the Isolated lab workgroup
+## Step 11: Import the `.cilx` file onto the VAMT host within the isolated lab workgroup
 
-1. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab.
+1. Remove the storage device that contains the `.cilx` file from the internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab.
 
 2. Open VAMT and verify that you're connected to the database that contains the computer with the product keys that you're activating.
 
@@ -181,7 +181,7 @@ In this step, you export VAMT from the workgroup's host computer and save it in
 
 6. VAMT displays a progress message while the data is being imported. Select **OK** when a message appears and confirms that the data has been successfully imported.
 
-## Step 12: Apply the CIDs and Activate the Isolated Lab Computers
+## Step 12: Apply the CIDs and activate the isolated lab computers
 
 1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products.
 
@@ -190,7 +190,7 @@ In this step, you export VAMT from the workgroup's host computer and save it in
     VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
 
-## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab
+## Step 13: (Optional) Reactivating reimaged computers in the isolated lab
 
 If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers hasn't changed, VAMT can reactivate those computers using the CIDs that are stored in the database.
 
@@ -213,4 +213,4 @@ If you have captured new images of the computers in the isolated lab, but the un
 
 ## Related articles
 
-- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
+[Run proxy activation](proxy-activation-vamt.md)
diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md
index 0a077e39bb..77abfb5a82 100644
--- a/windows/deployment/volume-activation/update-product-status-vamt.md
+++ b/windows/deployment/volume-activation/update-product-status-vamt.md
@@ -1,20 +1,20 @@
 ---
-title: Update Product Status
+title: Update product status
 description: Learn how to use the Update license status function to add the products that are installed on the computers.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Update product status
 
 After computers are added to the Volume Activation Management Tool (VAMT) database, the **Update license status** function needs to be used to add the products that are installed on the computers. The **Update license status** can also be used at any time to retrieve the most current license status for any products in the VAMT database.
-To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
 > [!NOTE]
 > The license-status query requires a valid computer name for each system queried. If the VAMT database contains computers that were added without Personally Identifiable Information, computer names will not be available for those computers, and the status for these computers will not be updated.
@@ -37,4 +37,6 @@ To retrieve license status, VAMT must have administrative permissions on all sel
 
 ## Related content
 
-- [Add and Manage Products](add-manage-products-vamt.md).
+[Add and remove computers](add-remove-computers-vamt.md)
+
+[Remove products](remove-products-vamt.md)
diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
index 3ee35bd266..87c0ac0170 100644
--- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
+++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
@@ -1,15 +1,15 @@
 ---
 title: Use the Volume Activation Management Tool
 description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
 ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -24,8 +24,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
 
@@ -35,7 +35,7 @@ For currently supported versions of Windows Server, VAMT can be installed direct
 
 For currently supported versions of Windows client, VAMT can be installed as part of the Windows Assessment and Deployment Kit (Windows ADK). The Windows ADK is a free download. For more information, including links to download the Windows ADK, see [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
 
-## Activating with the Volume Activation Management Tool
+## Activate with VAMT
 
 VAMT can be used to complete the activation process in products by using MAK and retail keys. Computers can be activated either individually or in groups. The VAMT enables two activation scenarios:
 
@@ -45,7 +45,7 @@ VAMT can be used to complete the activation process in products by using MAK and
 
     When this method is used, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where the organization has a mix of retail, MAK, and KMS-based activations.
 
-## Tracking products and computers with the Volume Activation Management Tool
+## Track products and computers
 
 The VAMT provides an overview of the activation and licensing status of computers across an organization's network, as shown in Figure 18. Several prebuilt reports are also available to help proactively manage licensing.
 
@@ -53,7 +53,7 @@ The VAMT provides an overview of the activation and licensing status of computer
 
 **Figure 18**. The VAMT showing the licensing status of multiple computers
 
-## Tracking key usage with the Volume Activation Management Tool
+## Track key usage
 
 The VAMT makes it easier to track the various keys that are issued to an organization. Each key can be entered into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it's and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage.
 
@@ -61,7 +61,7 @@ The VAMT makes it easier to track the various keys that are issued to an organiz
 
 **Figure 19**. The VAMT showing key types and usage
 
-## Other Volume Activation Management Tool features
+## Other features
 
 The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as:
 
@@ -74,7 +74,6 @@ The VAMT stores information in a Microsoft SQL Server database for performance a
 For more information, see:
 
 - [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md).
-- [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md).
 
 ## Related content
 
diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index 0add9fe565..0c5c3a2d37 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -1,14 +1,14 @@
 ---
-title: Use VAMT in Windows PowerShell (Windows 10)
+title: Use VAMT in Windows PowerShell
 description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: how-to
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # Use VAMT in Windows PowerShell
@@ -19,27 +19,23 @@ The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to p
 
 ### Install PowerShell 3.0
 
-VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell).
+VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10 and later. To download the latest version of PowerShell, see [Installing PowerShell on Windows](/powershell/scripting/install/installing-powershell).
 
-### Install the Windows Assessment and Deployment Kit**
+### Install the Windows Assessment and Deployment Kit
 
-In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK).
+In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install).
 
 ### Prepare the VAMT PowerShell environment
 
 To open PowerShell with administrative credentials, select **Start** and enter `PowerShell` to locate the program. Right-click **Windows PowerShell**, and then select **Run as administrator**. To open PowerShell in Windows 7, select **Start**, select **All Programs**, select **Accessories**, select **Windows PowerShell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
 
-  > [!IMPORTANT]  
+  > [!IMPORTANT]
   > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are only supported for x86 architecture. You must use an x86 version of Windows PowerShell to import the VAMT module
-  
+
   The x86 versions of Windows PowerShell are available in the following directories:
 
-- PowerShell:
-  
-  `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe`
-- PowerShell ISE:
-  
-  `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe`
+- PowerShell: `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe`
+- PowerShell ISE: `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe`
 
 For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter:
 
@@ -85,7 +81,7 @@ get-help get-VamtProduct -all
    For example, enter:
 
    ```powershell
-   get-help get-VamtProduct 
+   get-help get-VamtProduct
    ```
 
 2. To see examples using a cmdlet, enter:
diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md
index a11eb40946..22960108f4 100644
--- a/windows/deployment/volume-activation/vamt-known-issues.md
+++ b/windows/deployment/volume-activation/vamt-known-issues.md
@@ -1,14 +1,14 @@
 ---
-title: VAMT known issues (Windows 10)
+title: VAMT known issues
 description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 11/07/2022
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # VAMT known issues
@@ -54,17 +54,17 @@ On the KMS host computer, perform the following steps:
    ```
 
 5. In the
-   
+
    `C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716`
-   
+
    folder, copy the
-   
+
    `pkeyconfig-csvlk.xrm-ms`
-   
+
    file. Paste this file into the
-   
+
    `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig`
-   
+
    folder.
 
 6. Restart VAMT.
diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md
index 4a92b44341..04d10c166e 100644
--- a/windows/deployment/volume-activation/vamt-requirements.md
+++ b/windows/deployment/volume-activation/vamt-requirements.md
@@ -1,14 +1,14 @@
 ---
-title: VAMT Requirements
-description: In this article, learn about the product key and system requirements for Volume Activation Management Tool (VAMT).
+title: VAMT requirements
+description: Learn about the product key and system requirements for Volume Activation Management Tool (VAMT).
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: concept-article
+ms.service: windows-client
+ms.subservice: activation
 ---
 
 # VAMT requirements
@@ -21,7 +21,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations
 
 |Product key type |Where to obtain |
 |-----------------|----------------|
-|<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
+|<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more information, see the [Microsoft Volume Licensing portal](https://admin.microsoft.com/adminportal/home#/subscriptions/vlnew). |
 |Retail product keys |Obtained at time of product purchase. |
 
 ## System requirements
@@ -41,4 +41,6 @@ The following table lists the system requirements for the VAMT host computer.
 
 ## Related content
 
-- [Install and configure VAMT](install-configure-vamt.md).
+[Install VAMT](install-vamt.md)
+
+[Configure client computers](configure-client-computers-vamt.md)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
deleted file mode 100644
index 59c883df3c..0000000000
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: VAMT Step-by-Step Scenarios
-description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments.
-ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
-ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
----
-
-# VAMT step-by-step scenarios
-
-This section provides instructions on how to implement the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios. To get started, some of the most common scenarios are described here.
-
-## In this section
-
-|Article |Description |
-|-------|------------|
-|[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network. Additionally, it also describes how to instruct these products to contact Microsoft over the Internet for activation. |
-|[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. |
-|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of currently supported versions of Windows and Microsoft Office use KMS for activation. |
-
-## Related content
-
-- [Introduction to VAMT](introduction-vamt.md).
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index 396e2a74e2..c087146a5a 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -1,12 +1,12 @@
 ---
 title: VAMT technical reference
 description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
-author: frankroj
+ms.subservice: activation
 ms.date: 03/29/2024
 ms.topic: overview
 ---
@@ -21,16 +21,6 @@ The Volume Activation Management Tool (VAMT) allows automation and central manag
 
 VAMT is only available in an EN-US (x86) package.
 
-## In this section
+## Next steps
 
-|Article |Description |
-|------|------------|
-|[Introduction to VAMT](introduction-vamt.md) |Provides a description of VAMT and common usages. |
-|[Active Directory-based activation overview](active-directory-based-activation-overview.md) |Describes Active Directory-based activation scenarios. |
-|[Install and configure VAMT](install-configure-vamt.md) |Describes how to install VAMT and use it to configure client computers in the network. |
-|[Add and manage products](add-manage-products-vamt.md) |Describes how to add client computers into VAMT. |
-|[Manage product keys](manage-product-keys-vamt.md) |Describes how to add and remove a product key from VAMT. |
-|[Manage activations](manage-activations-vamt.md) |Describes how to activate a client computer by using various activation methods. |
-|[Manage VAMT data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. |
-|[VAMT step-by-step scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. |
-|[VAMT known issues](vamt-known-issues.md) |Lists known issues in VAMT. |
+[Introduction to VAMT](introduction-vamt.md)
diff --git a/windows/deployment/volume-activation/volume-activation-windows.md b/windows/deployment/volume-activation/volume-activation-windows.md
index 8891a74db2..311c6869d2 100644
--- a/windows/deployment/volume-activation/volume-activation-windows.md
+++ b/windows/deployment/volume-activation/volume-activation-windows.md
@@ -1,15 +1,15 @@
 ---
-title: Volume Activation for Windows
+title: Volume activation for Windows
 description: Learn how to use volume activation to deploy & activate Windows.
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
 ms.reviewer: nganguly
-manager: aaroncz
-ms.author: frankroj
-ms.service: windows-client
-author: frankroj
 ms.localizationpriority: medium
 ms.date: 03/29/2024
-ms.topic: article
-ms.subservice: itpro-fundamentals
+ms.topic: overview
+ms.service: windows-client
+ms.subservice: activation
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -18,7 +18,7 @@ appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
 
-# Volume Activation for Windows
+# Volume activation for Windows
 
 > [!TIP]
 >
@@ -28,8 +28,8 @@ appliesto:
 >
 > Looking for information on retail activation?
 >
-> - [Activate Windows](https://support.microsoft.com/help/12440/).
-> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644).
+> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
+> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0).
 
 This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows.
 
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index ef124c0497..182f55c874 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -6,8 +6,8 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.topic: article
-ms.date: 04/25/2024
+ms.topic: conceptual
+ms.date: 07/19/2024
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -21,48 +21,56 @@ appliesto:
 
 The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partially deprecated. Starting with Windows 11, workflows that rely on **boot.wim** from installation media or on running Windows Setup in WDS mode is no longer supported.
 
-When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following deprecation message is displayed:
+When PXE booting from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following deprecation message is displayed:
 
 > Windows Setup
 >
-> Windows Deployment Services client functionality is being partly deprecated. Please visit https://aka.ms/WDSSupport for more details on what is deprecated and what will continue to be supported.
+> Windows Deployment Services client functionality is being partly deprecated. Please visit https://aka.ms/WDSSupport for more details on what is deprecated and what is still supported.
 
 ## Deployment scenarios affected
 
 The following table provides support details for specific deployment scenarios. Boot.wim is the `boot.wim` file obtained from the Windows source files for each specified version of Windows.
 
-|Windows Version being deployed |Boot.wim from Windows 10|Boot.wim from Windows Server 2016|Boot.wim from Windows Server 2019|Boot.wim from Windows Server 2022|Boot.wim from Windows 11|
-|--- |--- |--- |--- |--- |--- |
-|**Windows 11**|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|
-|**Windows 10**|Supported, using a boot image from matching or newer version.|Supported, using a boot image from Windows 10, version 1607 or later.|Supported, using a boot image from Windows 10, version 1809 or later.|Not supported.|Not supported.|
-|**Windows Server 2022**|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Not supported.|
-|**Windows Server 2019**|Supported, using a boot image from Windows 10, version 1809 or later.|Supported.|Supported.|Not supported.|Not supported.|
-|**Windows Server 2016**|Supported, using a boot image from Windows 10, version 1607 or later.|Supported.|Not supported.|Not supported.|Not supported.|
-
-## Reason for the change
-
-Alternatives to WDS, such as [Microsoft Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images.
+| Windows Version being deployed | Boot.wim from Windows 10 | Boot.wim from Windows Server 2016 | Boot.wim from Windows Server 2019 | Boot.wim from Windows Server 2022 | Boot.wim from Windows 11 |
+| --- | --- | --- | --- | --- | --- |
+| **Windows 11** | Not supported, blocked. | Not supported, blocked. | Not supported, blocked. |Not supported, blocked. | Not supported, blocked. |
+| **Windows 10** | Supported, using a boot image from matching or newer version. | Supported, using a boot image from a [currently supported version of Windows 10](/windows/release-health/supported-versions-windows-client#windows-10-supported-versions). | Supported, using a boot image from a [currently supported version of Windows 10](/windows/release-health/supported-versions-windows-client#windows-10-supported-versions).| Not supported. | Not supported. |
+| **Windows Server 2025** | Not supported. | Not supported. | Not supported. | Not supported. | Not supported. |
+| **Windows Server 2022** | Deprecated, with a warning message. | Deprecated, with a warning message. | Deprecated, with a warning message. | Deprecated, with a warning message. | Not supported. |
+| **Windows Server 2019** | Supported, using a boot image from a [currently supported version of Windows 10](/windows/release-health/supported-versions-windows-client#windows-10-supported-versions). | Supported. | Supported. | Not supported. | Not supported. |
+| **Windows Server 2016** | Supported, using a boot image from a [currently supported version of Windows 10](/windows/release-health/supported-versions-windows-client#windows-10-supported-versions). |Supported. | Not supported. | Not supported. | Not supported. |
 
 > [!NOTE]
 >
-> [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) only supports deployment of Windows 10. It doesn't support deployment of Windows 11. For more information, see [Supported platforms](/mem/configmgr/mdt/release-notes#supported-platforms).
+> The following error message might be displayed when attempting to use **boot.wim** on WDS running on Windows Server 2025:
+>
+> `A media driver your computer needs is missing. This could be a DVD, USB or Hard disk driver. If you have a CD, DVD, or USB flash drive with the driver on it, please insert it now.`
+>
+> An error message is expected since using **boot.wim** on WDS running on Windows Server 2025 isn't supported.
+
+## Reason for the change
+
+Alternatives to WDS, such as [Microsoft Configuration Manager](/mem/configmgr/osd/understand/introduction-to-operating-system-deployment), provide a better, more flexible, and feature-rich experience for deploying Windows images.
 
 ## Not affected
 
-This change doesn’t affect WDS PXE boot. You can still use WDS to PXE boot devices with custom boot images, but you can't use **boot.wim** as the boot image and run Windows Setup in WDS mode.
+This change doesn't affect WDS PXE boot. WDS can still be used to PXE boot devices with custom boot images, but **boot.wim** can't be used as the boot image and run Windows Setup in WDS mode.
 
-You can still run Windows Setup from a network share. This change doesn't change Workflows that use a custom boot.wim, such as MDT or Configuration Manager.
+Windows Setup can still run from a network share. This change doesn't change Workflows that use a custom boot.wim, such as Microsoft Deployment Toolkit (MDT) or Microsoft Configuration Manager.
 
 ## Summary
 
-- Windows 11 workflows that rely on **boot.wim** from installation media are blocked. You can't perform an end to end deployment of Windows 11 using only WDS.
+- Windows 11 workflows that rely on **boot.wim** from installation media are blocked. An end to end deployment of Windows 11 using only WDS can't be performed.
+
 - This change doesn't affect Windows 10, Windows Server 2019, and previous operating system versions.
+
 - Windows Server 2022 workflows that rely on **boot.wim** from installation media show a non-blocking deprecation notice. The notice can be dismissed, and currently the workflow isn't blocked.
+
 - Windows Server workflows after Windows Server 2022 that rely on **boot.wim** from installation media are blocked.
 
-If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version isn't supported, deprecated, or blocked, it's recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image.
+If WDS is being used with **boot.wim** from installation media for end-to-end operating system deployment, and the OS version isn't supported, deprecated, or blocked, Microsoft recommends using deployment tools such as Microsoft Configuration Manager, or a non-Microsoft solution that uses a custom boot.wim image.
 
-## Also see
+## Related content
 
-- [Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)
-- [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+- [Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing).
+- [Customize boot images with Configuration Manager](/mem/configmgr/osd/get-started/customize-boot-images).
diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md
deleted file mode 100644
index aecea5c3dc..0000000000
--- a/windows/deployment/windows-10-deployment-posters.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Windows 10 deployment process posters
-description: View and download Windows 10 deployment process flows for Microsoft Configuration Manager and Windows Autopilot.
-manager: aaroncz
-author: frankroj
-ms.author: frankroj
-ms.service: windows-client
-ms.subservice: itpro-deploy
-ms.localizationpriority: medium
-ms.topic: reference
-ms.date: 11/23/2022
----
-
-# Windows 10 deployment process posters
-
-*Applies to:*
-
-- Windows 10
-
-The following posters step through various options for deploying Windows 10 with Windows Autopilot or Microsoft Configuration Manager.
-
-## Deploy Windows 10 with Autopilot
-
-The Windows Autopilot poster is two pages in portrait mode (11x17). Select the image to download a PDF version.
-
-[![Deploy Windows 10 with Autopilot.](./media/windows10-autopilot-flowchart.png)](https://download.microsoft.com/download/8/4/b/84b5e640-8f66-4b43-81a9-1c3b9ea18eda/Windows10AutopilotFlowchart.pdf)
-
-## Deploy Windows 10 with Microsoft Configuration Manager
-
-The Configuration Manager poster is one page in landscape mode (17x11). Select the image to download a PDF version.
-
-[![Deploy Windows 10 with Configuration Manager.](./media/windows10-deployment-config-manager.png)](https://download.microsoft.com/download/e/2/a/e2a70587-d3cc-4f1a-ba49-cfd724a1736b/Windows10DeploymentConfigManager.pdf)
-
-## See also
-
-[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot)
-
-[Scenarios to deploy enterprise operating systems with Configuration Manager](/mem/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems)
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
deleted file mode 100644
index c481efb0a5..0000000000
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ /dev/null
@@ -1,1181 +0,0 @@
----
-title: Steps to deploy Windows 10 with Configuration Manager
-description: Learn how to deploy Windows 10 in a test lab using Microsoft Configuration Manager.
-ms.service: windows-client
-ms.subservice: itpro-deploy
-ms.localizationpriority: medium
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
-ms.topic: tutorial
-ms.date: 11/23/2022
----
-
-# Deploy Windows 10 in a test lab using Configuration Manager
-
-*Applies to:*
-
-- Windows 10
-
-> [!IMPORTANT]
-> This guide uses the proof of concept (PoC) environment, and some settings that are configured in the following guides:
->
-> - [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md)
-> - [Deploy Windows 10 in a test lab using the Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
->
-> Complete all steps in these guides before you start the procedures in this guide. If you want to skip the Windows 10 deployment procedures in the MDT guide, and move directly to this guide, at least install MDT and the Windows ADK before starting this guide. All steps in the first guide are required before attempting the procedures in this guide.
-
-The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
-
-- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
-- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
-- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your network for testing purposes.
-
-This guide uses the Hyper-V server role to perform procedures. If you don't complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work.
-
-Multiple features and services are installed on SRV1 in this guide. This configuration isn't a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, select **Settings**, select **Memory**, and modify the value next to **Maximum RAM**.
-
-## In this guide
-
-This guide provides end-to-end instructions to install and configure Microsoft Configuration Manager, and use it to deploy a Windows 10 image. Depending on the speed of your Hyper-V host, the procedures in this guide will require 6-10 hours to complete.
-
-The procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
-
-|Procedure|Description|Time|
-|--- |--- |--- |
-|[Install prerequisites](#install-prerequisites)|Install prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.|60 minutes|
-|[Install Microsoft Configuration Manager](#install-microsoft-configuration-manager)|Download Microsoft Configuration Manager, configure prerequisites, and install the package.|45 minutes|
-|[Download MDOP and install DaRT](#download-mdop-and-install-dart)|Download the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.|15 minutes|
-|[Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)|Prerequisite procedures to support Zero Touch installation.|60 minutes|
-|[Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)|Use the MDT wizard to create the boot image in Configuration Manager.|20 minutes|
-|[Create a Windows 10 reference image](#create-a-windows-10-reference-image)|This procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.|0-60 minutes|
-|[Add a Windows 10 OS image](#add-a-windows-10-os-image)|Add a Windows 10 OS image and distribute it.|10 minutes|
-|[Create a task sequence](#create-a-task-sequence)|Create a Configuration Manager task sequence with MDT integration using the MDT wizard|15 minutes|
-|[Finalize the OS configuration](#finalize-the-os-configuration)|Enable monitoring, configure rules, and distribute content.|30 minutes|
-|[Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)|Deploy Windows 10 using Configuration Manager deployment packages and task sequences.|60 minutes|
-|[Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)|Replace a client computer with Windows 10 using Configuration Manager.|90 minutes|
-|[Refresh a client with Windows 10 using Configuration Manager](#refresh-a-client-with-windows-10-using-configuration-manager)|Use a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT|90 minutes|
-
-## Install prerequisites
-
-1. Before installing Microsoft Configuration Manager, we must install prerequisite services and features. Enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ
-    ```
-
-    > [!NOTE]
-    > If the request to add features fails, retry the installation by typing the command again.
-
-2. Download [SQL Server](https://www.microsoft.com/evalcenter/evaluate-sql-server-2022) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory.
-
-    > [!NOTE]
-    > The rest of this article describes the installation of SQL Server 2014. If you download a different version of SQL Server, you may need to modify the installation steps.
-
-1. When you've downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-    ```powershell
-    Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\SQLServer2014SP2-FullSlipstream-x64-ENU.iso
-    ```
-
-    This command mounts the .ISO file to drive D on SRV1.
-
-4. Enter the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server:
-
-    ```cmd
-    D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms
-    ```
-
-    Installation will take several minutes. When installation is complete, the following output will be displayed:
-
-    ```console
-    Microsoft (R) SQL Server 2014 12.00.5000.00
-    Copyright (c) Microsoft Corporation.  All rights reserved.
-
-    Microsoft (R) .NET Framework CasPol 2.0.50727.7905
-    Copyright (c) Microsoft Corporation.  All rights reserved.
-
-    Success
-    Microsoft (R) .NET Framework CasPol 2.0.50727.7905
-    Copyright (c) Microsoft Corporation.  All rights reserved.
-
-    Success
-    One or more affected files have operations pending.
-    You should restart your computer to complete this process.
-    ```
-
-5. Enter the following commands at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action allow
-    New-NetFirewallRule -DisplayName "SQL Admin Connection" -Direction Inbound -Protocol TCP -LocalPort 1434 -Action allow
-    New-NetFirewallRule -DisplayName "SQL Database Management" -Direction Inbound -Protocol UDP -LocalPort 1434 -Action allow
-    New-NetFirewallRule -DisplayName "SQL Service Broker" -Direction Inbound -Protocol TCP -LocalPort 4022 -Action allow
-    New-NetFirewallRule -DisplayName "SQL Debugger/RPC" -Direction Inbound -Protocol TCP -LocalPort 135 -Action allow
-    ```
-
-6. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 2004. Installation might require several minutes to acquire all components.
-
-## Install Microsoft Configuration Manager
-
-1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
-
-    ```powershell
-    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
-    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
-    Stop-Process -Name Explorer
-    ```
-
-2. Download [Microsoft Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager) and extract the contents on SRV1.
-
-3. Open the file, enter **C:\configmgr** for **Unzip to folder**, and select **Unzip**. The `C:\configmgr` directory will be automatically created. Select **OK** and then close the **WinZip Self-Extractor** dialog box when finished.
-
-4. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**:
-
-    ```powershell
-    Get-Service Winmgmt
-
-    Status   Name               DisplayName
-    ------   ----               -----------
-    Running  Winmgmt            Windows Management Instrumentation
-
-    Test-NetConnection -ComputerName 192.168.0.2 -Port 135 -InformationLevel Detailed
-
-    ComputerName             : 192.168.0.2
-    RemoteAddress            : 192.168.0.2
-    RemotePort               : 135
-    AllNameResolutionResults :
-    MatchingIPsecRules       :
-    NetworkIsolationContext  : Internet
-    InterfaceAlias           : Ethernet
-    SourceAddress            : 192.168.0.2
-    NetRoute (NextHop)       : 0.0.0.0
-    PingSucceeded            : True
-    PingReplyDetails (RTT)   : 0 ms
-    TcpTestSucceeded         : True
-    ```
-
-    You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**.
-
-    If the WMI service isn't started, attempt to start it or reboot the computer.  If WMI is running but errors are present, see [winmgmt](/windows/win32/wmisdk/winmgmt) for troubleshooting information.
-
-5. To extend the Active Directory schema, enter the following command at an elevated Windows PowerShell prompt:
-
-    ```cmd
-    C:\configmgr\SMSSETUP\BIN\X64\extadsch.exe
-    ```
-
-6. Temporarily switch to the DC1 VM, and enter the following command at an elevated command prompt on DC1:
-
-    ```cmd
-    adsiedit.msc
-    ```
-
-7. Right-click **ADSI Edit**, select **Connect to**, select **Default (Domain or server that you logged in to)** under **Computer** and then select **OK**.
-
-8. Expand **Default naming context**>**DC=contoso,DC=com**, and then in the console tree right-click **CN=System**, point to **New**, and then select **Object**.
-
-9. Select **container** and then select **Next**.
-
-10. Next to **Value**, enter **System Management**, select **Next**, and then select **Finish**.
-
-11. Right-click **CN=system Management** and then select **Properties**.
-
-12. On the **Security** tab, select **Add**, select **Object Types**, select **Computers**, and select **OK**.
-
-13. Under **Enter the object names to select**, enter **SRV1** and select **OK**.
-
-14. The **SRV1** computer account will be highlighted, select **Allow** next to **Full control**.
-
-15. Select **Advanced**, select **SRV1 (CONTOSO\SRV1$)** and select **Edit**.
-
-16. Next to **Applies to**, choose **This object and all descendant objects**, and then select **OK** three times.
-
-17. Close the ADSI Edit console and switch back to SRV1.
-
-18. To start Configuration Manager installation, enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
-    ```cmd
-    C:\configmgr\SMSSETUP\BIN\X64\Setup.exe
-    ```
-
-19. Provide the following information in the Configuration Manager Setup Wizard:
-
-    - **Before You Begin**: Read the text and select *Next*.
-    - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox.
-        - Select **Yes** in response to the popup window.
-    - **Product Key**: Choose **Install the evaluation edition of this Product**.
-    - **Microsoft Software License Terms**: Read the terms and then select the **I accept these license terms** checkbox.
-    - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page.
-    - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**.
-    - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**.
-        - use default settings for all other options
-    - **Usage Data**: Read the text and select **Next**.
-    - **Service Connection Point Setup**: Accept the default settings (SRV1.contoso.com is automatically added under Select a server to use).
-    - **Settings Summary**: Review settings and select **Next**.
-    - **Prerequisite Check**: No failures should be listed. Ignore any warnings and select **Begin Install**.
-
-    > [!NOTE]
-    > There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment.
-
-    Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Select **Close** when installation is complete.
-
-20. If desired, re-enable IE Enhanced Security Configuration at this time on SRV1:
-
-    ```powershell
-    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
-    Stop-Process -Name Explorer
-    ```
-
-## Download MDOP and install DaRT
-
-> [!IMPORTANT]
-> This step requires a Visual Studio subscription or volume license agreement. For more information, see [MDOP information experience](/microsoft-desktop-optimization-pack/).
-
-1. Download the Microsoft Desktop Optimization Pack 2015 to the Hyper-V host from Visual Studio Online or from the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331) site. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
-
-2. Enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1:
-
-    ```powershell
-    Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso
-    ```
-
-3. Enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
-    ```cmd
-    D:\DaRT\DaRT 10\Installers\en-us\x64\MSDaRT100.msi
-    ```
-
-4. Install DaRT 10 using default settings.
-
-5. Enter the following commands at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64"
-    Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx86.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86"
-    ```
-
-## Prepare for Zero Touch installation
-
-This section contains several procedures to support Zero Touch installation with Microsoft Configuration Manager.
-
-### Create a folder structure
-
-1. Enter the following commands at a Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
-    New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
-    New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
-    New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
-    New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
-    New-Item -ItemType Directory -Path "C:\Logs"
-    New-SmbShare -Name Sources$ -Path C:\Sources -ChangeAccess EVERYONE
-    New-SmbShare -Name Logs$ -Path C:\Logs -ChangeAccess EVERYONE
-    ```
-
-### Enable MDT ConfigMgr integration
-
-1. On SRV1, select **Start**, enter `configmgr`, and then select **Configure ConfigMgr Integration**.
-
-2. Enter `PS1` as the **Site code**, and then select **Next**.
-
-3. Verify **The process completed successfully** is displayed, and then select **Finish**.
-
-### Configure client settings
-
-1. On SRV1, select **Start**, enter **configuration manager**, right-click **Configuration Manager Console**, and then select **Pin to Taskbar**.
-
-2. Select **Desktop**, and then launch the Configuration Manager console from the taskbar.
-
-3. If the console notifies you that an update is available, select **OK**. It isn't necessary to install updates to complete this lab.
-
-4. In the console tree, open the **Administration** workspace (in the lower left corner) and select **Client Settings**.
-
-5. In the display pane, double-click **Default Client Settings**.
-
-6. Select **Computer Agent**, next to **Organization name displayed in Software Center** enter **Contoso**, and then select **OK**.
-
-### Configure the network access account
-
-1. in the **Administration** workspace, expand **Site Configuration** and select **Sites**.
-
-2. On the **Home** ribbon at the top of the console window, select **Configure Site Components** and then select **Software Distribution**.
-
-3. On the **Network Access Account** tab, choose **Specify the account that accesses network locations**.
-
-4. Select the yellow starburst and then select **New Account**.
-
-5. Select **Browse** and then under **Enter the object name to select**, enter **CM_NAA** and select **OK**.
-
-6. Next to **Password** and **Confirm Password**, enter **pass\@word1**, and then select **OK** twice.
-
-### Configure a boundary group
-
-1. in the **Administration** workspace, expand **Hierarchy Configuration**, right-click **Boundaries** and then select **Create Boundary**.
-
-2. Next to **Description**, enter **PS1**, next to **Type** choose **Active Directory Site**, and then select **Browse**.
-
-3. Choose **Default-First-Site-Name** and then select **OK** twice.
-
-4. in the **Administration** workspace, right-click **Boundary Groups** and then select **Create Boundary Group**.
-
-5. Next to **Name**, enter **PS1 Site Assignment and Content Location**, select **Add**, select the **Default-First-Site-Name** boundary and then select **OK**.
-
-6. On the **References** tab in the **Create Boundary Group** window, select the **Use this boundary group for site assignment** checkbox.
-
-7. Select **Add**, select the **\\\SRV1.contoso.com** checkbox, and then select **OK** twice.
-
-### Add the state migration point role
-
-1. in the **Administration** workspace, expand **Site Configuration**, select **Sites**, and then in on the **Home** ribbon at the top of the console select **Add Site System Roles**.
-
-2. In the Add site System Roles Wizard, select **Next** twice and then on the Specify roles for this server page, select the **State migration point** checkbox.
-
-3. Select **Next**, select the yellow starburst, enter **C:\MigData** for the **Storage folder**, and select **OK**.
-
-4. Select **Next**, and then verify under **Boundary groups** that **PS1 Site Assignment and Content Location** is displayed.
-
-5. Select **Next** twice and then select **Close**.
-
-### Enable PXE on the distribution point
-
-> [!IMPORTANT]
-> Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, enter the following commands at an elevated Windows PowerShell prompt on SRV1:
-
-```cmd
-WDSUTIL.exe /Set-Server /AnswerClients:None
-```
-
-1. Determine the MAC address of the internal network adapter on SRV1. Enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    (Get-NetAdapter "Ethernet").MacAddress
-    ```
-
-    > [!NOTE]
-    > If the internal network adapter, assigned an IP address of 192.168.0.2, isn't named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**.
-
-2. In the Configuration Manager console, in the **Administration** workspace, select **Distribution Points**.
-
-3. In the display pane, right-click **SRV1.CONTOSO.COM** and then select **Properties**.
-
-4. On the PXE tab, select the following settings:
-
-   - **Enable PXE support for clients**. Select **Yes** in the popup that appears.
-   - **Allow this distribution point to respond to incoming PXE requests**
-   - **Enable unknown computer support**. Select **OK** in the popup that appears.
-   - **Require a password when computers use PXE**
-   - **Password** and **Confirm password**: pass@word1
-   - **Respond to PXE requests on specific network interfaces**: Select the yellow starburst and then enter the MAC address determined in the first step of this procedure.
-
-     See the following example:
-     ![Config Mgr PXE.](images/configmgr-pxe.png)
-
-5. Select **OK**.
-
-6. Wait for a minute, then enter the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
-
-    ```cmd
-    dir /b C:\RemoteInstall\SMSBoot\x64
-
-    abortpxe.com
-    bootmgfw.efi
-    bootmgr.exe
-    pxeboot.com
-    pxeboot.n12
-    wdsmgfw.efi
-    wdsnbp.com
-    ```
-
-    > [!NOTE]
-    > If these files aren't present in the C:\RemoteInstall directory, verify that the REMINST share is configured as C:\RemoteInstall. You can view the properties of this share by typing `net.exe share REMINST` at a command prompt. If the share path is set to a different value, then replace C:\RemoteInstall with your REMINST share path.
-    >
-    > You can also enter the following command at an elevated Windows PowerShell prompt to open CMTrace. In the tool, select **File**, select **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red:
-    >
-    > ```cmd
-    > "C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe"
-    > ```
-    >
-    > The log file is updated continuously while Configuration Manager is running. Wait for Configuration Manager to repair any issues that are present, and periodically recheck that the files are present in the REMINST share location. Close CMTrace when done. You'll see the following line in distmgr.log that indicates the REMINST share is being populated with necessary files:
-    >
-    > `Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall"`
-    >
-    > Once the files are present in the REMINST share location, you can close the CMTrace tool.
-
-### Create a branding image file
-
-1. If you have a bitmap (.BMP) image for suitable use as a branding image, copy it to the C:\Sources\OSD\Branding folder on SRV1. Otherwise, use the following step to copy a branding image.
-
-2. Enter the following command at an elevated Windows PowerShell prompt:
-
-    ```powershell
-    Copy-Item -Path "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" -Destination "C:\Sources\OSD\Branding\contoso.bmp"
-    ```
-
-    > [!NOTE]
-    > You can open C:\Sources\OSD\Branding\contoso.bmp in Microsoft Paint to customize this image.
-
-### Create a boot image for Configuration Manager
-
-1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then select **Create Boot Image using MDT**.
-
-2. On the Package Source page, under **Package source folder to be created (UNC Path):**, enter **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then select **Next**.
-
-    - The Zero Touch WinPE x64 folder doesn't yet exist. The folder will be created later.
-
-3. On the General Settings page, enter **Zero Touch WinPE x64** next to **Name**, and select **Next**.
-
-4. On the Options page, under **Platform** choose **x64**, and select **Next**.
-
-5. On the Components page, in addition to the default selection of **Microsoft Data Access Components (MDAC/ADO) support**, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** checkbox, and select **Next**.
-
-6. On the Customization page, select the **Use a custom background bitmap file** checkbox, and under **UNC path**, enter or browse to **\\\SRV1\Sources$\OSD\Branding\contoso.bmp**, and then select **Next** twice. It will take a few minutes to generate the boot image.
-
-7. Select **Finish**.
-
-8. In the console display pane, right-click the **Zero Touch WinPE x64** boot image, and then select **Distribute Content**.
-
-9. In the Distribute Content Wizard, select **Next**, select **Add** and select **Distribution Point**, select the **SRV1.CONTOSO.COM** checkbox, select **OK**, select **Next** twice, and then select **Close**.
-
-10. Use the CMTrace application to view the **distmgr.log** file again and verify that the boot image has been distributed. To open CMTrace, enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
-    ```
-
-    In the trace tool, select **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
-
-    ```console
-    STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=924 TID=1424 GMTDATE=Tue Oct 09 22:36:30.986 2018 ISTR0="Zero Touch WinPE x64" ISTR1="PS10000A" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS10000A"    SMS_DISTRIBUTION_MANAGER    10/9/2018 3:36:30 PM    1424 (0x0590)
-    ```
-
-11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Double-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
-
-12. Next, in the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then select the **Data Source** tab.
-
-13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and select **OK**.
-
-14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example:
-
-    ```cmd
-    dir /s /b C:\RemoteInstall\SMSImages
-
-    C:\RemoteInstall\SMSImages\PS100004
-    C:\RemoteInstall\SMSImages\PS100005
-    C:\RemoteInstall\SMSImages\PS100006
-    C:\RemoteInstall\SMSImages\PS100004\boot.PS100004.wim
-    C:\RemoteInstall\SMSImages\PS100005\boot.PS100005.wim
-    C:\RemoteInstall\SMSImages\PS100006\WinPE.PS100006.wim
-    ```
-
-    > [!NOTE]
-    > The first two images (`*.wim` files) are default boot images. The third is the new boot image with DaRT.
-
-### Create a Windows 10 reference image
-
-If you've already completed steps in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then you've already created a Windows 10 reference image. In this case, skip to the next procedure in this guide: [Add a Windows 10 OS image](#add-a-windows-10-os-image). If you've not yet created a Windows 10 reference image, complete the steps in this section.
-
-1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1.  To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and enter the following command:
-
-    ```powershell
-    Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
-    ```
-
-2. Verify that the Windows Enterprise installation DVD is mounted on SRV1 as drive letter D.
-
-3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, select **Start**, enter **deployment**, and then select **Deployment Workbench**.
-
-4. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-
-5. Use the following settings for the New Deployment Share Wizard:
-    - Deployment share path: **C:\MDTBuildLab**
-    - Share name: **MDTBuildLab$**
-    - Deployment share description: **MDT build lab**
-    - Options: Select **Next** to accept the default
-    - Summary: Select **Next**
-    - Progress: settings will be applied
-    - Confirmation: Select **Finish**
-
-6. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
-
-7. Right-click the **Operating Systems** node, and then select **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and select **Finish**.
-
-8. Right-click the **Windows 10** folder created in the previous step, and then select **Import Operating System**.
-
-9. Use the following settings for the Import Operating System Wizard:
-    - OS Type: **Full set of source files**
-    - Source: **D:\\**
-    - Destination: **W10Ent_x64**
-    - Summary: Select **Next**
-    - Confirmation: Select **Finish**
-
-10. For purposes of this test lab, we won't add applications, such as Microsoft Office, to the deployment share. For more information about adding applications, see [Add applications](deploy-windows-mdt/create-a-windows-10-reference-image.md#add-applications).
-
-11. The next step is to create a task sequence to reference the OS that was imported. To create a task sequence, right-click the **Task Sequences** node under **MDT Build Lab** and then select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-
-    - Task sequence ID: **REFW10X64-001**
-    - Task sequence name: **Windows 10 Enterprise x64 Default Image**
-    - Task sequence comments: **Reference Build**
-    - Template: **Standard Client Task Sequence**
-    - Select OS: Select **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
-    - Specify Product Key: **Do not specify a product key at this time**
-    - Full Name: **Contoso**
-    - Organization: **Contoso**
-    - Internet Explorer home page: **`http://www.contoso.com`**
-    - Admin Password: **Do not specify an Administrator password at this time**
-    - Summary: Select **Next**
-    - Confirmation: Select **Finish**
-
-12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
-
-13. Select the **Task Sequence** tab. Under **State Restore**, select **Tattoo** to highlight it, then select **Add** and choose **New Group**. A new group will be added under Tattoo.
-
-14. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then select **Apply**. To see the name change, select **Tattoo**, then select the new group again.
-
-15. Select the **Custom Tasks (Pre-Windows Update)** group again, select **Add**, point to **Roles**, and then select **Install Roles and Features**.
-
-16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then select **Apply**.
-
-17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
-
-    > [!NOTE]
-    > Since we aren't installing applications in this test lab, there's no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you're also installing applications.
-
-18. Select **OK** to complete editing the task sequence.
-
-19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and select **Properties**, and then select the **Rules** tab.
-
-20. Replace the default rules with the following text:
-
-    ```ini
-    [Settings]
-    Priority=Default
-
-    [Default]
-    _SMSTSORGNAME=Contoso
-    UserDataLocation=NONE
-    DoCapture=YES
-    OSInstall=Y
-    AdminPassword=pass@word1
-    TimeZoneName=Pacific Standard TimeZoneName
-    OSDComputername=#Left("PC-%SerialNumber%",7)#
-    JoinWorkgroup=WORKGROUP
-    HideShell=YES
-    FinishAction=SHUTDOWN
-    DoNotCreateExtraPartition=YES
-    ApplyGPOPack=NO
-    SkipAdminPassword=YES
-    SkipProductKey=YES
-    SkipComputerName=YES
-    SkipDomainMembership=YES
-    SkipUserData=YES
-    SkipLocaleSelection=YES
-    SkipTaskSequence=NO
-    SkipTimeZone=YES
-    SkipApplications=YES
-    SkipBitLocker=YES
-    SkipSummary=YES
-    SkipRoles=YES
-    SkipCapture=NO
-    SkipFinalSummary=NO
-    ```
-
-21. Select **Apply** and then select **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
-
-    ```ini
-    [Settings]
-    Priority=Default
-
-    [Default]
-    DeployRoot=\\SRV1\MDTBuildLab$
-    UserDomain=CONTOSO
-    UserID=MDT_BA
-    UserPassword=pass@word1
-    SkipBDDWelcome=YES
-    ```
-
-22. Select **OK** to complete the configuration of the deployment share.
-
-23. Right-click **MDT build lab (C:\MDTBuildLab)** and then select **Update Deployment Share**.
-
-24. Accept all default values in the Update Deployment Share Wizard by clicking **Next**.  The update process will take 5 to 10 minutes. When it has completed, select **Finish**.
-
-25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. In MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
-
-    > [!TIP]
-    > To copy the file, right-click the **LiteTouchPE_x86.iso** file, and select **Copy** on SRV1. Then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder, and select **Paste**.
-
-26. Open a Windows PowerShell prompt on the Hyper-V host computer and enter the following commands:
-
-    ```powershell
-    New-VM -Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
-    Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
-    Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
-    Start-VM REFW10X64-001
-    vmconnect localhost REFW10X64-001
-    ```
-
-27. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then select **Next**.
-
-28. Accept the default values on the Capture Image page, and select **Next**. OS installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally, don't press a key. The process is fully automated.
-
-    Other system restarts will occur to complete updating and preparing the OS. Setup will complete the following procedures:
-
-    - Install the Windows 10 Enterprise OS.
-    - Install added applications, roles, and features.
-    - Update the OS using Windows Update (or WSUS if optionally specified).
-    - Stage Windows PE on the local disk.
-    - Run System Preparation (Sysprep) and reboot into Windows PE.
-    - Capture the installation to a Windows Imaging (WIM) file.
-    - Turn off the virtual machine.
-
-    This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**.
-
-### Add a Windows 10 OS image
-
-1. Enter the following commands at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
-    cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
-    ```
-
-2. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Operating System Images**, and then select **Add Operating System Image**.
-
-3. On the Data Source page, under **Path:**, enter or browse to **\\\SRV1\Sources$\OSD\OS\Windows 10 Enterprise x64\REFW10X64-001.wim**, and select **Next**.
-
-4. On the General page, next to **Name:**, enter **Windows 10 Enterprise x64**, select **Next** twice, and then select **Close**.
-
-5. Distribute the OS image to the SRV1 distribution point by right-clicking the **Windows 10 Enterprise x64** OS image and then clicking **Distribute Content**.
-
-6. In the Distribute Content Wizard, select **Next**, select **Add**, select **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, select **OK**, select **Next** twice and then select **Close**.
-
-7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar. (Make sure there's no space at the end of the location or you'll get an error.) Select **Windows 10 Enterprise x64** and monitor the status of content distribution until it's successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
-
-    > [!NOTE]
-    > If content distribution isn't successful, verify that sufficient disk space is available.
-
-### Create a task sequence
-
-> [!TIP]
-> Complete this section slowly. There are a large number of similar settings from which to choose.
-
-1. In the Configuration Manager console, in the **Software Library** workspace expand **Operating Systems**, right-click **Task Sequences**, and then select **Create MDT Task Sequence**.
-
-2. On the Choose Template page, select the **Client Task Sequence** template and select **Next**.
-
-3. On the General page, enter **Windows 10 Enterprise x64** under **Task sequence name:** and then select **Next**.
-
-4. On the Details page, enter the following settings:
-
-   - Join a domain: **contoso.com**
-   - Account: Select **Set**
-     - User name: **contoso\CM_JD**
-     - Password: **pass@word1**
-     - Confirm password: **pass@word1**
-     - Select **OK**
-   - Windows Settings
-       - User name: **Contoso**
-       - Organization name: **Contoso**
-       - Product key: \<blank\>
-   - Administrator Account: **Enable the account and specify the local administrator password**
-     - Password: **pass@word1**
-     - Confirm password: **pass@word1**
-   - Select **Next**
-
-5. On the Capture Settings page, accept the default settings and select **Next**.
-
-6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package, select **OK**, and then select **Next**.
-
-7. On the MDT Package page, select **Create a new Microsoft Deployment Toolkit Files package**, under **Package source folder to be created (UNC Path):**, enter **\\\SRV1\Sources$\OSD\MDT\MDT** (MDT is repeated here, not a typo), and then select **Next**.
-
-8. On the MDT Details page, next to **Name:** enter **MDT** and then select **Next**.
-
-9. On the OS Image page, browse and select the **Windows 10 Enterprise x64** package, select **OK**, and then select **Next**.
-
-10. On the Deployment Method page, accept the default settings for **Zero Touch Installation** and select **Next**.
-
-11. On the Client Package page, browse and select the **Microsoft Corporation Configuration Manager Client package**, select **OK**, and then select **Next**.
-
-12. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows 10.0.14393.0** package, select **OK**, and then select **Next**.
-
-13. On the Settings Package page, select **Create a new settings package**, and under **Package source folder to be created (UNC Path):**, enter **\\\SRV1\Sources$\OSD\Settings\Windows 10 x64 Settings**, and then select **Next**.
-
-14. On the Settings Details page, next to **Name:**, enter **Windows 10 x64 Settings**, and select **Next**.
-
-15. On the Sysprep Package page, select **Next** twice.
-
-16. On the Confirmation page, select **Finish**.
-
-### Edit the task sequence
-
-1. In the Configuration Manager console, in the **Software Library** workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then select **Edit**.
-
-2. Scroll down to the **Install** group and select the **Set Variable for Drive Letter** action.
-
-3. Change the Value under **OSDPreserveDriveLetter** from **False** to **True**, and then select **Apply**.
-
-4. In the **State Restore** group, select the **Set Status 5** action, select **Add** in the upper left corner, point to **User State**, and select **Request State Store**. This action adds a new step immediately after **Set Status 5**.
-
-5. Configure this **Request State Store** step with the following settings:
-
-    - Request state storage location to: **Restore state from another computer**
-    - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox.
-    - Options tab: Select the **Continue on error** checkbox.
-    - Add Condition: **Task Sequence Variable**:
-        - Variable: **USMTLOCAL**
-        - Condition: **not equals**
-        - Value: **True**
-        - Select **OK**
-    - Select **Apply**
-
-6. In the **State Restore** group, select **Restore User State**, select **Add**, point to **User State**, and select **Release State Store**.
-
-7. Configure this **Release State Store** step with the following settings:
-
-    - Options tab: Select the **Continue on error** checkbox.
-    - Add Condition: **Task Sequence Variable**:
-        - Variable: **USMTLOCAL**
-        - Condition: **not equals**
-        - Value: **True**
-        - Select **OK**
-    - Select **OK**
-
-### Finalize the OS configuration
-
-> [!NOTE]
-> If you completed all procedures in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then the MDT deployment share is already present on SRV1. In this case, skip the first four steps below and begin with step 5 to edit CustomSettings.ini.
-
-1. In the MDT deployment workbench on SRV1, right-click **Deployment Shares** and then select **New Deployment Share**.
-
-2. Use the following settings for the New Deployment Share Wizard:
-    - Deployment share path: **C:\MDTProduction**
-    - Share name: **MDTProduction$**
-    - Deployment share description: **MDT Production**
-    - Options: Select **Next** to accept the default
-    - Summary: Select **Next**
-    - Progress: settings will be applied
-    - Confirmation: Select **Finish**
-
-3. Right-click the **MDT Production** deployment share, and select **Properties**.
-
-4. Select the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then select **OK**.
-
-5. Enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
-    ```cmd
-    notepad.exe "C:\Sources\OSD\Settings\Windows 10 x64 Settings\CustomSettings.ini"
-    ```
-
-6. Replace the contents of the file with the following text, and then save the file:
-
-    ```ini
-    [Settings]
-    Priority=Default
-    Properties=OSDMigrateConfigFiles,OSDMigrateMode
-
-    [Default]
-    DoCapture=NO
-    ComputerBackupLocation=NONE
-    OSDMigrateMode=Advanced
-    OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
-    OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
-    SLSHARE=\\SRV1\Logs$
-    EventService=http://SRV1:9800
-    ApplyGPOPack=NO
-    ```
-
-    > [!NOTE]
-    > To migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts:
-    >
-    > ```ini
-    > OSDMigrateAdditionalCaptureOptions=/all
-    > ```
-
-7. Return to the Configuration Manager console, and in the **Software Library** workspace, expand **Application Management**, select **Packages**, right-click **Windows 10 x64 Settings**, and then select **Update Distribution Points**. Select **OK** in the popup that appears.
-
-8. In the **Software Library** workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then select **Distribute Content**.
-
-9. In the Distribute Content Wizard, select **Next** twice, select **Add**, select **Distribution Point**, select the **SRV1.CONTOSO.COM** distribution point, select **OK**, select **Next** twice and then select **Close**.
-
-10. Enter **\Monitoring\Overview\Distribution Status\Content Status\Windows 10 Enterprise x64** on the location bar, double-click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it's successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**.
-
-### Create a deployment for the task sequence
-
-1. In the **Software Library** workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then select **Deploy**.
-
-2. On the General page, next to **Collection**, select **Browse**, select the **All Unknown Computers** collection, select **OK**, and then select **Next**.
-
-3. On the Deployment Settings page, use the following settings:
-    - Purpose: **Available**
-    - Make available to the following clients: **Only media and PXE**
-    - Select **Next**.
-4. Select **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages.
-
-5. Select **Close**.
-
-## Deploy Windows 10 using PXE and Configuration Manager
-
-In this first deployment scenario, you'll deploy Windows 10 using PXE. This scenario creates a new computer that doesn't have any migrated users or settings.
-
-1. Enter the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-    ```powershell
-    New-VM -Name "PC4" -NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
-    Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
-    Start-VM PC4
-    vmconnect localhost PC4
-    ```
-
-2. Press ENTER when prompted to start the network boot service.
-
-3. In the Task Sequence Wizard, provide the password: **pass@word1**, and then select **Next**.
-
-4. Before you select **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
-
-5. At the command prompt, enter **explorer.exe** and review the Windows PE file structure.
-
-6. The smsts.log file is critical for troubleshooting any installation problems that might be encountered. Depending on the deployment phase, the smsts.log file is created in different locations:
-   - X:\Windows\temp\SMSTSLog\smsts.log before disks are formatted.
-   - X:\smstslog\smsts.log after disks are formatted.
-   - C:\\_SMSTaskSequence\Logs\Smstslog\smsts.log before the Configuration Manager client is installed.
-   - C:\Windows\ccm\logs\Smstslog\smsts.log after the Configuration Manager client is installed.
-   - C:\Windows\ccm\logs\smsts.log when the task sequence is complete.
-
-     Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open.
-
-7. In the explorer window, select **Tools** and then select **Map Network Drive**.
-
-8. Don't map a network drive at this time. If you need to save the smsts.log file, you can use this method to save the file to a location on SRV1.
-
-9. Close the Map Network Drive window, the Explorer window, and the command prompt.
-
-10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequence Wizard. Select **Next** to continue with the deployment.
-
-11. The task sequence will require several minutes to complete. You can monitor progress of the task sequence using the MDT Deployment Workbench under Deployment Shares > MDTProduction > Monitoring. The task sequence will:
-
-    - Install Windows 10
-    - Install the Configuration Manager client and hotfix
-    - Join the computer to the contoso.com domain
-    - Install any applications that were specified in the reference image
-
-12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account.
-
-13. Right-click **Start**, select **Run**, enter **control appwiz.cpl**, press ENTER, select **Turn Windows features on or off**, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This feature is included in the reference image.
-
-14. Shut down the PC4 VM.
-
-> [!NOTE]
-> The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete.
-
-## Replace a client with Windows 10 using Configuration Manager
-
-> [!NOTE]
-> Before you start this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoso.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It's not required to delete the stale entries, this action is only done to remove clutter.
-
-![contoso.com\Computers.](images/poc-computers.png)
-
-In the replace procedure, PC1 won't be migrated to a new OS. It's simplest to perform this procedure before performing the refresh procedure. After you refresh PC1, the OS will be new. The next (replace) procedure doesn't install a new OS on PC1 but rather performs a side-by-side migration of PC1 and another computer (PC4), to copy users and settings from PC1 to the new computer.
-
-### Create a replace task sequence
-
-1. On SRV1, in the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Task Sequences**, and then select **Create MDT Task Sequence**.
-
-2. On the Choose Template page, select **Client Replace Task Sequence** and select **Next**.
-
-3. On the General page, enter the following information:
-
-    - Task sequence name: **Replace Task Sequence**
-    - Task sequence comments: **USMT backup only**
-
-4. Select **Next**, and on the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package. Select **OK** and then select **Next** to continue.
-
-5. On the MDT Package page, browse and select the **MDT** package. Select **OK** and then select **Next** to continue.
-
-6. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package. Select **OK** and then select **Next** to continue.
-
-7. On the Settings Package page, browse and select the **Windows 10 x64 Settings** package. Select **OK** and then select **Next** to continue.
-
-8. On the Summary page, review the details and then select **Next**.
-
-9. On the Confirmation page, select **Finish**.
-
-> [!NOTE]
-> If an error is displayed at this stage, it can be caused by a corrupt MDT integration. To repair it, close the Configuration Manager console, remove MDT integration, and then restore MDT integration.
-
-### Deploy PC4
-
-Create a VM named PC4 to receive the applications and settings from PC1. This VM represents a new computer that will replace PC1. To create this VM, enter the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-```powershell
-New-VM -Name "PC4" -NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
-Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20
-Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
-```
-
-> [!NOTE]
-> Hyper-V lets you define a static MAC address on PC4. In a real-world scenario, you must determine the MAC address of the new computer.
-
-### Install the Configuration Manager client on PC1
-
-1. Verify that the PC1 VM is running and in its original state, which was saved as a checkpoint and then restored in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md).
-
-2. If you haven't already saved a checkpoint for PC1, then do it now. Enter the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-    ```powershell
-    Checkpoint-VM -Name PC1 -SnapshotName BeginState
-    ```
-
-3. On SRV1, in the Configuration Manager console, in the **Administration** workspace, expand **Hierarchy Configuration** and select on **Discovery Methods**.
-
-4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox.
-
-5. Select the yellow starburst, select **Browse**, select **contoso\Computers**, and then select **OK** three times.
-
-6. When a popup dialog box asks if you want to run full discovery, select **Yes**.
-
-7. In the **Assets and Compliance** workspace, select **Devices** and verify that the computer account names for SRV1 and PC1 are displayed. See the following example (GREGLIN-PC1 is the computer account name of PC1 in this example):
-
-    > [!TIP]
-    > If you don't see the computer account for PC1, select **Refresh** in the upper right corner of the console.
-
-    The **Client** column indicates that the Configuration Manager client isn't currently installed. This procedure will be carried out next.
-
-8. Sign in to PC1 using the contoso\administrator account and enter the following command at an elevated command prompt to remove any pre-existing client configuration, if it exists.
-
-    > [!Note]
-    > This command requires an elevated command prompt, not an elevated Windows PowerShell prompt.
-
-    ```cmd
-    sc.exe stop ccmsetup
-    "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /Uninstall
-    ```
-
-    > [!NOTE]
-    > If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by `CCMSetup /Uninstall` and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the Configuration Manager client](/archive/blogs/michaelgriswold/manual-removal-of-the-sccm-client).
-
-9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue. From an elevated command prompt, enter:
-
-    ```cmd
-    net.exe stop wuauserv
-    net.exe stop BITS
-    ```
-
-    Verify that both services were stopped successfully, then enter the following command at an elevated command prompt:
-
-    ```cmd
-    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
-    net.exe start BITS
-    bitsadmin.exe /list /allusers
-    ```
-
-    Verify that BITSAdmin displays zero jobs.
-
-10. To install the Configuration Manager client as a standalone process, enter the following command at an elevated command prompt:
-
-    ```cmd
-    "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /mp:SRV1.contoso.com /logon SMSSITECODE=PS1
-    ```
-
-11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here.
-
-12. Installation progress will be captured in the file: **c:\windows\ccmsetup\logs\ccmsetup.log**. You can periodically open this file in notepad, or you can enter the following command at an elevated Windows PowerShell prompt to monitor installation progress:
-
-    ```powershell
-    Get-Content -Path c:\windows\ccmsetup\logs\ccmsetup.log -Wait
-    ```
-
-    Installation might require several minutes, and display of the log file will appear to hang while some applications are installed. This behavior is normal. When setup is complete, verify that **CcmSetup is existing with return code 0** is displayed on the last line of the ccmsetup.log file. Then press **CTRL-C** to break out of the Get-Content operation. If you're viewing the log file in Windows PowerShell, the last line will be wrapped. A return code of `0` indicates that installation was successful and you should now see a directory created at **C:\Windows\CCM** that contains files used in registration of the client with its site.
-
-13. On PC1, open the Configuration Manager control panel applet by typing the following command from a command prompt:
-
-    ```cmd
-    control.exe smscfgrc
-    ```
-
-14. Select the **Site** tab, select **Configure Settings**, and select **Find Site**. The client will report that it has found the PS1 site. See the following example:
-
-    ![site.](images/configmgr-site.png)
-
-    If the client isn't able to find the PS1 site, review any error messages that are displayed in **C:\Windows\CCM\Logs\ClientIDManagerStartup.log** and **LocationServices.log**. A common reason the client can't locate the site code is because a previous configuration exists. For example, if a previous site code is configured at **HKLM\SOFTWARE\Microsoft\SMS\Mobile Client\GPRequestedSiteAssignmentCode**, delete or update this entry.
-
-15. On SRV1, in the **Assets and Compliance** workspace, select **Device Collections** and then double-click **All Desktop and Server Clients**. This node will be added under **Devices**.
-
-16. Select **All Desktop and Server Clients** and verify that the computer account for PC1 is displayed here with **Yes** and **Active** in the **Client** and **Client Activity** columns, respectively. You might have to refresh the view and wait few minutes for the client to appear here.  See the following example:
-
-    ![client.](images/configmgr-client.png)
-
-    > [!NOTE]
-    > It might take several minutes for the client to fully register with the site and complete a client check. When it's complete you will see a green check mark over the client icon as shown above. To refresh the client, select it and then press **F5** or right-click the client and select **Refresh**.
-
-### Create a device collection and deployment
-
-1. On SRV1, in the Configuration Manager console, in the **Assets and Compliance** workspace, right-click **Device Collections** and then select **Create Device Collection**.
-
-2. Use the following settings in the **Create Device Collection Wizard**:
-
-    - General > Name: **Install Windows 10 Enterprise x64**
-    - General > Limiting collection: **All Systems**
-    - Membership Rules > Add Rule: **Direct Rule**
-    - The **Create Direct Membership Rule Wizard** opens, select **Next**
-    - Search for Resources > Resource class: **System Resource**
-    - Search for Resources > Attribute name: **Name**
-    - Search for Resources > Value: **%**
-    - Select Resources > Value: Select the computername associated with the PC1 VM
-    - Select **Next** twice and then select **Close** in both windows (Next, Next, Close, then Next, Next, Close)
-
-3. Double-click the Install Windows 10 Enterprise x64 device collection and verify that the PC1 computer account is displayed.
-
-4. In the **Software Library** workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64** and then select **Deploy**.
-
-5. Use the following settings in the Deploy Software wizard:
-    - General > Collection: Select Browse and select **Install Windows 10 Enterprise x64**
-    - Deployment Settings > Purpose: **Available**
-    - Deployment Settings > Make available to the following clients: **Configuration Manager clients, media and PXE**
-    - Scheduling > select **Next**
-    - User Experience > select **Next**
-    - Alerts > select **Next**
-    - Distribution Points > select **Next**
-    - Summary > select **Next**
-    - Verify that the wizard completed successfully and then select **Close**
-
-### Associate PC4 with PC1
-
-1. On SRV1 in the Configuration Manager console, in the **Assets and Compliance** workspace, right-click **Devices** and then select **Import Computer Information**.
-
-2. On the Select Source page, choose **Import single computer** and select **Next**.
-
-3. On the Single Computer page, use the following settings:
-
-    - Computer Name: **PC4**
-    - MAC Address: **00:15:5D:83:26:FF**
-    - Source Computer: \<enter the hostname of PC1, or select **Search** twice, select the hostname, and select **OK**\>
-
-4. Select **Next**, and on the User Accounts page choose **Capture and restore specified user accounts**, then select the yellow starburst next to **User accounts to migrate**.
-
-5. Select **Browse** and then under **Enter the object name to select** enter **user1** and select **OK** twice.
-
-6. Select the yellow starburst again and repeat the previous step to add the **contoso\administrator** account.
-
-7. Select **Next** twice, and on the Choose Target Collection page, choose **Add computers to the following collection**, select **Browse**, choose **Install Windows 10 Enterprise x64**, select **OK**, select **Next** twice, and then select **Close**.
-
-8. In the **Assets and Compliance** workspace, select **User State Migration** and review the computer association in the display pane. The source computer will be the computername of PC1 (GREGLIN-PC1 in this example), the destination computer will be **PC4**, and the migration enter will be **side-by-side**.
-
-9. Right-click the association in the display pane and then select **Specify User Accounts**. You can add or remove user account here. Select **OK**.
-
-10. Right-click the association in the display pane and then select **View Recovery Information**. You'll see that a recovery key has been assigned, but a user state store location hasn't. Select **Close**.
-
-11. Select **Device Collections** and then double-click **Install Windows 10 Enterprise x64**. Verify that **PC4** is displayed in the collection. You might have to update and refresh the collection, or wait a few minutes, but don't proceed until PC4 is available. See the following example:
-
-    ![collection.](images/configmgr-collection.png)
-
-### Create a device collection for PC1
-
-1. On SRV1, in the Configuration Manager console, in the **Assets and Compliance** workspace, right-click **Device Collections** and then select **Create Device Collection**.
-
-2. Use the following settings in the **Create Device Collection Wizard**:
-
-    - General > Name: **USMT Backup (Replace)**
-    - General > Limiting collection: **All Systems**
-    - Membership Rules > Add Rule: **Direct Rule**
-    - The **Create Direct Membership Rule Wizard** opens, select **Next**
-    - Search for Resources > Resource class: **System Resource**
-    - Search for Resources > Attribute name: **Name**
-    - Search for Resources > Value: **%**
-    - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example).
-    - Select **Next** twice and then select **Close** in both windows.
-
-3. Select **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Don't proceed until this name is displayed.
-
-### Create a new deployment
-
-In the Configuration Manager console, in the **Software Library** workspace, under **Operating Systems**, select **Task Sequences**, right-click **Replace Task Sequence**, select **Deploy**, and use the following settings:
-
-- General > Collection: **USMT Backup (Replace)**
-- Deployment Settings > Purpose: **Available**
-- Deployment Settings > Make available to the following clients: **Only Configuration Manager Clients**
-- Scheduling: Select **Next**
-- User Experience: Select **Next**
-- Alerts: Select **Next**
-- Distribution Points: Select **Next**
-- Select **Next** and then select **Close**.
-
-### Verify the backup
-
-1. On PC1, open the Configuration Manager control panel applet by typing the following command in a command prompt:
-
-    ```cmd
-    control.exe smscfgrc
-    ```
-
-2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, select **OK**, and then select **OK** again. This method is one that you can use to run a task sequence in addition to the Client Notification method that will be demonstrated in the computer refresh procedure.
-
-3. Enter the following command at an elevated command prompt to open the Software Center:
-
-    ```cmd
-    C:\Windows\CCM\SCClient.exe
-    ```
-
-4. In Software Center, select **Available Software**, and then select the **Replace Task Sequence** checkbox. See the following example:
-
-    ![software.](images/configmgr-software-cntr.png)
-
-    > [!NOTE]
-    > If you don't see any available software, try running step #2 again to start the Machine Policy Retrieval & Evaluation Cycle. You should see an alert that new software is available.
-
-5. Select **INSTALL SELECTED** and then select **INSTALL OPERATING SYSTEM**.
-
-6. Allow the **Replace Task Sequence** to complete, then verify that the C:\MigData folder on SRV1 contains the USMT backup.
-
-### Deploy the new computer
-
-1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, enter the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-    ```powershell
-    Start-VM PC4
-    vmconnect localhost PC4
-    ```
-
-2. In the **Welcome to the Task Sequence Wizard**, enter **pass@word1** and select **Next**.
-
-3. Choose the **Windows 10 Enterprise X64** image.
-
-4. Setup will install the OS using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1.
-
-5. Save checkpoints for all VMs if you wish to review their status at a later date. This action isn't required, as checkpoints do take up space on the Hyper-V host.
-
-    > [!Note]
-    > The next procedure will install a new OS on PC1, and update its status in Configuration Manager and in Active Directory as a Windows 10 device. So you can't return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this action for all VMs.
-
-    To save a checkpoint for all VMs, enter the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-    ```powershell
-    Checkpoint-VM -Name DC1 -SnapshotName cm-refresh
-    Checkpoint-VM -Name SRV1 -SnapshotName cm-refresh
-    Checkpoint-VM -Name PC1 -SnapshotName cm-refresh
-    ```
-
-## Refresh a client with Windows 10 using Configuration Manager
-
-### Initiate the computer refresh
-
-1. On SRV1, in the **Assets and Compliance** workspace, select **Device Collections** and then double-click **Install Windows 10 Enterprise x64**.
-
-2. Right-click the computer account for PC1, point to **Client Notification**, select **Download Computer Policy**, and select **OK** in the popup dialog box.
-
-3. On PC1, in the notification area, select **New software is available** and then select **Open Software Center**.
-
-4. In the Software Center, select **Operating Systems**, select **Windows 10 Enterprise x64**, select **Install** and then select **INSTALL OPERATING SYSTEM**. See the following example:
-
-    ![installOS.](images/configmgr-install-os.png)
-
-    The computer will restart several times during the installation process. Installation includes downloading updates, reinstalling the Configuration Manager Client Agent, and restoring the user state. You can view status of the installation in the Configuration Manager console by accessing the **Monitoring** workspace, clicking **Deployments**, and then double-clicking the deployment associated with the **Install Windows 10 Enterprise x64** collection. Under **Asset Details**, right-click the device and then select **More Details**. Select the **Status** tab to see a list of tasks that have been performed.  See the following example:
-
-    ![asset.](images/configmgr-asset.png)
-
-    You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**.
-
-    When installation has completed, sign in using the contoso\administrator account or the contoso\user1 account and verify that applications and settings have been successfully backed up and restored to your new Windows 10 Enterprise OS.
-
-    ![post-refresh.](images/configmgr-post-refresh.png)
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
deleted file mode 100644
index fab9131baf..0000000000
--- a/windows/deployment/windows-10-poc.md
+++ /dev/null
@@ -1,1045 +0,0 @@
----
-title: Configure a test lab to deploy Windows 10
-description: Learn about concepts and procedures for deploying Windows 10 in a proof of concept lab environment.
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
-ms.service: windows-client
-ms.subservice: itpro-deploy
-ms.localizationpriority: medium
-ms.topic: tutorial
-ms.date: 11/23/2022
----
-
-# Step by step guide: Configure a test lab to deploy Windows 10
-
-*Applies to:*
-
-- Windows 10
-
-This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources.
-
-> [!NOTE]
-> Microsoft also offers a pre-configured lab using an evaluation version of Configuration Manager. For more information, see [Windows and Office deployment and management lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab).
-
-This lab guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md).
-
-The proof of concept (PoC) deployment guides are intended to provide a demonstration of Windows 10 deployment tools and processes for IT professionals that aren't familiar with these tools, and you want to set up a PoC environment. Don't use the instructions in this guide in a production setting. They aren't meant to replace the instructions found in production deployment guidance.
-
-Approximately 3 hours are required to configure the PoC environment. You'll need a Hyper-V capable computer running Windows 8.1 or later with at least 16 GB of RAM. Detailed [requirements](#hardware-and-software-requirements) are provided below.
-
-Windows PowerShell commands are provided to set up the PoC environment quickly. You don't need to be an expert in Windows PowerShell to complete the steps in the guide, however you'll need to customize some commands to your environment.
-
-> [!TIP]
-> Instructions to "type" Windows PowerShell commands provided in this guide can be followed literally by typing the commands, but the preferred method is to copy and paste these commands.
->
-> A Windows PowerShell window can be used to run all commands in this guide. However, when commands are specified for a command prompt, either type CMD at the Windows PowerShell prompt to enter the command prompt, or preface the command with `cmd /c`. You can also escape special characters in the command using the back-tick character (\`). In most cases, the simplest action is to type `cmd` and enter a command prompt, type the necessary commands, then type `exit` to return to Windows PowerShell.
-
-Hyper-V is installed, configured and used extensively in this guide. If you aren't familiar with Hyper-V, review the [terminology](#appendix-b-terminology-used-in-this-guide) used in this guide before starting.
-
-## In this guide
-
-This guide contains instructions for three general procedures: Install Hyper-V, configure Hyper-V, and configure VMs. If you already have a computer running Hyper-V, you can use this computer and skip the first procedure. In this case, modify your virtual switch settings to match the settings used in this guide. Alternatively, you can modify the steps in this guide to use your existing Hyper-V settings.
-
-After completing the instructions in this guide, you'll have a PoC environment that enables you to test Windows 10 deployment procedures by following instructions in companion guides that are written to use the PoC environment. Links are provided to download trial versions of Windows Server 2012, Windows 10 Enterprise, and all deployment tools necessary to complete the lab.
-
-The procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
-
-|Procedure|Description|Time|
-|--- |--- |--- |
-|[Hardware and software requirements](#hardware-and-software-requirements)|Prerequisites to complete this guide.|Informational|
-|[Lab setup](#lab-setup)|A description and diagram of the PoC environment.|Informational|
-|[Configure the PoC environment](#configure-the-poc-environment)|Parent section for procedures.|Informational|
-|[Verify support and install Hyper-V](#verify-support-and-install-hyper-v)|Verify that installation of Hyper-V is supported, and install the Hyper-V server role.|10 minutes|
-|[Download VHD and ISO files](#download-vhd-and-iso-files)|Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host.|30 minutes|
-|[Convert PC to VM](#convert-pc-to-vm)|Convert a physical computer on your network to a VM hosted in Hyper-V.|30 minutes|
-|[Resize VHD](#resize-vhd)|Increase the storage capacity for one of the Windows Server VMs.|5 minutes|
-|[Configure Hyper-V](#configure-hyper-v)|Create virtual switches, determine available RAM for virtual machines, and add virtual machines.|15 minutes|
-|[Configure service and user accounts](#configure-vms)|Start virtual machines and configure all services and settings.|60 minutes|
-|[Configure VMs](#configure-vms)|Start virtual machines and configure all services and settings.|60 minutes|
-|[Appendix A: Verify the configuration](#appendix-a-verify-the-configuration)|Verify and troubleshoot network connectivity and services in the PoC environment.|30 minutes|
-|[Appendix B: Terminology in this guide](#appendix-b-terminology-used-in-this-guide)|Terms used in this guide.|Informational|
-
-## Hardware and software requirements
-
-One computer that meets the hardware and software specifications below is required to complete the guide; A second computer is recommended to validate the upgrade process.
-
-- **Computer 1**: the computer you'll use to run Hyper-V and host virtual machines. This computer should have 16 GB or more of installed RAM and a multi-core processor.
-
-- **Computer 2**: a client computer from your network. It's shadow-copied to create a VM that can be added to the PoC environment, enabling you to test a mirror image of a computer on your network. If you don't have a computer to use for this simulation, you can download an evaluation VHD and use it to represent this computer. Subsequent guides use this computer to simulate Windows 10 replace and refresh scenarios, so the VM is required even if you can't create this VM using computer 2.
-
-Hardware requirements are displayed below:
-
-|    |Computer 1 (required)|Computer 2 (recommended)|
-|--- |--- |--- |
-|**Role**|Hyper-V host|Client computer|
-|**Description**|This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.|This computer is a Windows 8.1 client on your network that will be converted to a VM to demonstrate the upgrade process.|
-|**OS**|Windows 8.1/10 or Windows Server 2012/2012 R2/2016|Windows 8.1 or a later|
-|**Edition**|Enterprise, Professional, or Education|Any|
-|**Architecture**|64-bit|Any <br/><br/> Retaining applications and settings requires that architecture (32-bit or 64-bit) is the same before and after the upgrade.|
-|**RAM**|8-GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.<br>16-GB RAM to test Windows 10 deployment with Microsoft Configuration Manager.|Any|
-|**Disk**|200-GB available hard disk space, any format.|Any size, MBR formatted.|
-|**CPU**|SLAT-Capable CPU|Any|
-|**Network**|Internet connection|Any|
-
-## Lab setup
-
-The lab architecture is summarized in the following diagram:
-
-![PoC diagram.](images/poc.png)
-
-- Computer 1 is configured to host four VMs on a private, PoC network.
-
-  - Two VMs are running Windows Server 2012 R2 with required network services and tools installed.
-
-  - Two VMs are client systems: One VM is intended to mirror a host on your network (computer 2) and one VM is running Windows 10 Enterprise to demonstrate the hardware replacement scenario.
-
-> [!NOTE]
-> If you have an existing Hyper-V host, you can use this host and skip the Hyper-V installation section in this guide.
-
-The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if necessary. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that isn't directly connected to the network. This action mitigates the risk of clients on the network receiving DHCP leases from the PoC network. In other words, a "rogue" DHCP server. It also limits NETBIOS service broadcasts.
-
-## Configure the PoC environment
-
-> [!TIP]
-> Before you begin, ensure that Windows PowerShell is pinned to the taskbar for easy access. If the Hyper-V host is running Windows Server then Windows PowerShell is automatically pinned to the taskbar. To pin Windows PowerShell to the taskbar on Windows 8.1 or Windows 10: Click **Start**, type **power**, right click **Windows PowerShell**, and then click **Pin to taskbar**. After Windows PowerShell is pinned to the taskbar, you can open an elevated Windows PowerShell prompt by right-clicking the icon on the taskbar and then clicking **Run as Administrator**.
-
-### Procedures in this section
-
-- [Verify support and install Hyper-V](#verify-support-and-install-hyper-v)
-- [Download VHD and ISO files](#download-vhd-and-iso-files)
-- [Convert PC to VM](#convert-pc-to-vm)
-- [Resize VHD](#resize-vhd)
-- [Configure Hyper-V](#configure-hyper-v)
-- [Configure VMs](#configure-vms)
-
-### Verify support and install Hyper-V
-
-1. To verify your computer supports SLAT, open an administrator command prompt,  type **systeminfo**, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
-
-    ```cmd
-    C:\>systeminfo.exe
-
-    ...
-    Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
-                               Virtualization Enabled In Firmware: Yes
-                               Second Level Address Translation: Yes
-                               Data Execution Prevention Available: Yes
-    ```
-
-    In this example, the computer supports SLAT and Hyper-V.
-
-    If one or more requirements are evaluated as **No**, then the computer doesn't support installing Hyper-V.  However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
-
-    You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
-
-    ```cmd
-    C:\>coreinfo.exe -v
-
-    Coreinfo v3.31 - Dump information on system CPU and memory topology
-    Copyright (C) 2008-2014 Mark Russinovich
-    Sysinternals - www.sysinternals.com
-
-    Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
-    Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
-    Microcode signature: 0000001B
-    HYPERVISOR      -       Hypervisor is present
-    VMX             *       Supports Intel hardware-assisted virtualization
-    EPT             *       Supports Intel extended page tables (SLAT)
-    ```
-
-    > [!NOTE]
-    > A 64-bit operating system is required to run Hyper-V.
-
-2. The Hyper-V feature isn't installed by default. To install it, open an elevated Windows PowerShell window and type the following command:
-
-    ```powershell
-    Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
-    ```
-
-    This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an extra command to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. This command will also install Hyper-V if it isn't already installed, so if desired you can just type the following command on Windows Server 2012 or 2016 instead of using the Enable-WindowsOptionalFeature command:
-
-    ```powershell
-    Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
-    ```
-
-    When you're prompted to restart the computer, choose **Yes**. The computer might restart more than once. After installation is complete, you can open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt.
-
-    Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
-
-    ![hyper-v features.](images/hyper-v-feature.png)
-
-    ![hyper-v.](images/svr_mgr2.png)
-
-    If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
-
-### Download VHD and ISO files
-
-When you have completed installation of Hyper-V on the host computer, begin configuration of Hyper-V by downloading VHD and ISO files to the Hyper-V host. These files will be used to create the VMs used in the lab.
-
-1. Create a directory on your Hyper-V host named **C:\VHD**. Download a single VHD file for [Windows Server](https://www.microsoft.com/evalcenter/evaluate-windows-server-2022) to the **C:\VHD** directory.
-
-    > [!NOTE]
-    > The currently available downloads are Windows Server 2019 or Windows Server 2022. The rest of this article refers to "Windows Server 2012 R2" and similar variations.
-
-    > [!IMPORTANT]
-    > This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately.
-
-2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. Do this action to make the filename simple to recognize and type.
-
-3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**.
-
-4. Download the [Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) ISO file to the **C:\VHD** directory on your Hyper-V host.
-
-   You can select the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version.
-
-   > [!NOTE]
-   > The evaluation version of Windows 10 doesn't support in-place upgrade**.
-
-5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. This step is so that the filename is simple to type and recognize.
-
-     After completing these steps, you'll have three files in the **C:\VHD** directory: **2012R2-poc-1.vhd**, **2012R2-poc-2.vhd**, **w10-enterprise.iso**.
-
-     The following example displays the procedures described in this section, both before and after downloading files:
-
-    ```cmd
-     C:>mkdir VHD
-     C:>cd VHD
-     C:\VHD&gt;ren 9600*.vhd 2012R2-poc-1.vhd
-     C:\VHD&gt;copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd
-        1 file(s) copied.
-     C:\VHD ren *.iso w10-enterprise.iso
-     C:\VHD&gt;dir /B
-     2012R2-poc-1.vhd
-     2012R2-poc-2.vhd
-     w10-enterprise.iso
-    ```
-
-### Convert PC to VM
-
-> [!IMPORTANT]
-> Don't attempt to use the VM resulting from the following procedure as a reference image. Also, to avoid conflicts with existing clients, don't start the VM outside the PoC network.
-
-<!-- removed steps to download VM from developer.microsoft.com/microsoft-edge as tool no longer exists -->
-
-If you have a PC available to convert to VM (computer 2):
-
-1. Sign in on computer 2 using an account with Administrator privileges.
-
-    > [!IMPORTANT]
-    > The account used in this step must have local administrator privileges. You can use a local computer account, or a domain account with administrative rights if domain policy allows the use of cached credentials. After converting the computer to a VM, you must be able to sign in on this VM with administrator rights while the VM is disconnected from the network.
-
-2. [Determine the VM generation and partition type](#determine-the-vm-generation-and-partition-type) that is required.
-
-3. Based on the VM generation and partition type, perform one of the following procedures: [Prepare a generation 1 VM](#prepare-a-generation-1-vm), [Prepare a generation 2 VM](#prepare-a-generation-2-vm), or [prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk).
-
-#### Determine the VM generation and partition type
-
-When creating a VM in Hyper-V, you must specify either generation 1 or generation 2. The following table describes requirements for these two types of VMs.
-
-||Architecture|Operating system|Partition style|
-|--- |--- |--- |--- |
-|**Generation 1**|32-bit or 64-bit|Windows 7 or later|MBR|
-|**Generation 2**|64-bit|Windows 8 or later|MBR or GPT|
-
-If the PC is running a 32-bit OS or the OS is Windows 7, it must be converted to a generation 1 VM. Otherwise, it can be converted to a generation 2 VM.
-
-- To determine the OS and architecture of a PC, type **systeminfo** at a command prompt and review the output next to **OS Name** and **System Type**.
-
-- To determine the partition style, open a Windows PowerShell prompt on the PC and type the following command:
-
-  ```powershell
-  Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
-  ```
-
-If the **Type** column doesn't indicate GPT, then the disk partition format is MBR ("Installable File System" = MBR). In the following example, the disk is GPT:
-
-```powershell
-Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
-
-SystemName                           Caption                                 Type
-----------                           -------                                 ----
-USER-PC1                             Disk #0, Partition #0                   GPT: System
-USER-PC1                             Disk #0, Partition #1                   GPT: Basic Data
-```
-
-On a computer running Windows 8 or later, you can also type **Get-Disk** at a Windows PowerShell prompt to discover the partition style. The default output of this cmdlet displays the partition style for all attached disks. Both commands are displayed below. In this example, the client computer is running Windows 8.1 and uses a GPT style partition format:
-
-```powershell
-Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
-
-SystemName                            Caption                               Type
-----------                            -------                               ----
-PC-X1                                 Disk #0, Partition #0                 GPT: Unknown
-PC-X1                                 Disk #0, Partition #1                 GPT: System
-PC-X1                                 Disk #0, Partition #2                 GPT: Basic Data
-PC-X1                                 Disk #0, Partition #3                 GPT: Basic Data
-PC-X1                                 Disk #0, Partition #4                 GPT: Basic Data
-
-PS C:> Get-Disk
-
-Number Friendly Name                  OperationalStatus                     Total Size Partition Style
------- -------------                  -----------------                     ---------- ---------------
-0      INTEL SSDSCMMW240A3L           Online                                223.57 GB GPT
-```
-
-##### Choosing a VM generation
-
-The following tables display the Hyper-V VM generation to choose based on the OS, architecture, and partition style. Links to procedures to create the corresponding VMs are included.
-
-###### Windows 7 MBR
-
-|Architecture|VM generation|Procedure|
-|--- |--- |--- |
-|32|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
-|64|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
-
-###### Windows 7 GPT
-
-|Architecture|VM generation|Procedure|
-|--- |--- |--- |
-|32|N/A|N/A|
-|64|1|[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)|
-
-###### Windows 8 or later MBR
-
-|Architecture|VM generation|Procedure|
-|--- |--- |--- |
-|32|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
-|64|1, 2|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
-
-###### Windows 8 or later GPT
-
-|Architecture|VM generation|Procedure|
-|--- |--- |--- |
-|32|1|[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)|
-|64|2|[Prepare a generation 2 VM](#prepare-a-generation-2-vm)|
-
-> [!NOTE]
->
-> - If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk).
->
-> - If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the `mountvol` command. In this case, see [Prepare a generation 2 VM](#prepare-a-generation-2-vm).
->
-> - If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see [Prepare a generation 1 VM](#prepare-a-generation-1-vm).
-
-#### Prepare a generation 1 VM
-
-1. Download the [Disk2vhd utility](/sysinternals/downloads/disk2vhd), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert.
-
-   > [!TIP]
-   > You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive.
-
-2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-
-3. Select the checkboxes next to the `C:\` and the **system reserved** (BIOS/MBR) volumes. The system volume isn't assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to `\?\Volume{`. See the following example.
-
-    > [!IMPORTANT]
-    > You must include the system volume in order to create a bootable VHD. If this volume isn't displayed in the disk2vhd tool, then the computer is likely to be using the GPT partition style. For more information, see [Choosing a VM generation](#choosing-a-vm-generation).
-
-4. Specify a location to save the resulting VHD or VHDX file (F:\VHD\w7.vhdx in the following example) and select **Create**. See the following example:
-
-    ![disk2vhd 1.](images/disk2vhd.png)
-
-    Disk2vhd can save VHDs to local hard drives, even if they're the same as the volumes being converted. Performance is better, however, when the VHD is saved on a disk different than the disks being converted, such as a flash drive.
-
-5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory:
-
-    ```cmd
-    C:\vhd>dir /B
-    2012R2-poc-1.vhd
-    2012R2-poc-2.vhd
-    w10-enterprise.iso
-    w7.VHDX
-    ```
-
-#### Prepare a generation 2 VM
-
-1. Download the [Disk2vhd utility](/sysinternals/downloads/disk2vhd), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert.
-
-    > [!TIP]
-    > You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive.
-
-2. On the computer you wish to convert, open an elevated command prompt and type the following command:
-
-    ```cmd
-    mountvol.exe s: /s
-    ```
-
-    This command temporarily assigns a drive letter of S to the system volume and mounts it. If the letter S is already assigned to a different volume on the computer, then choose one that is available (ex: mountvol z: /s).
-
-3. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-
-4. Select the checkboxes next to the **C:\\** and the **S:\\** volumes, and clear the **Use Volume Shadow Copy checkbox**. Volume shadow copy won't work if the EFI system partition is selected.
-
-    > [!IMPORTANT]
-    > You must include the EFI system partition in order to create a bootable VHD. The Windows RE tools partition (shown below) is not required, but it can also be converted if desired.
-
-5. Specify a location to save the resulting VHD or VHDX file (F:\VHD\PC1.vhdx in the following example) and select **Create**. See the following example:
-
-    ![disk2vhd 2.](images/disk2vhd-gen2.png)
-
-    Disk2vhd can save VHDs to local hard drives, even if they're the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those disks being converted, such as a flash drive.
-
-6. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (PC1.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory:
-
-    ```cmd
-    C:\vhd>dir /B
-    2012R2-poc-1.vhd
-    2012R2-poc-2.vhd
-    w10-enterprise.iso
-    PC1.VHDX
-    ```
-
-#### Prepare a generation 1 VM from a GPT disk
-
-1. Download the [Disk2vhd utility](/sysinternals/downloads/disk2vhd), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert.
-
-    You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive.
-
-2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-
-3. Select the checkbox next to the **C:\\** volume and clear the checkbox next to **Use Vhdx**.
-
-    > [!NOTE]
-    > The system volume isn't copied in this scenario, it will be added later.
-
-4. Specify a location to save the resulting VHD file (F:\VHD\w7.vhd in the following example) and select **Create**. See the following example:
-
-    ![disk2vhd 3.](images/disk2vhd4.png)
-
-    Disk2vhd can save VHDs to local hard drives, even if they're the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those disks being converted, such as a flash drive.
-
-5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHD file (w7.vhd) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory:
-
-    ```cmd
-    C:\vhd>dir /B
-    2012R2-poc-1.vhd
-    2012R2-poc-2.vhd
-    w10-enterprise.iso
-    w7.VHD
-    ```
-
-    In its current state, the w7.VHD file isn't bootable. The VHD will be used to create a bootable VM later in the [Configure Hyper-V](#configure-hyper-v) section.
-
-### Enhanced session mode
-
-> [!IMPORTANT]
-> Before proceeding, verify that you can take advantage of [enhanced session mode](/windows-server/virtualization/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs, between VMs, and between RDP sessions. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer.
-
-To ensure that enhanced session mode is enabled on the Hyper-V host, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-```powershell
-Set-VMhost -EnableEnhancedSessionMode $TRUE
-```
-
-If enhanced session mode wasn't previously enabled, close any existing virtual machine connections and reopen them to enable access to enhanced session mode. As mentioned previously: instructions to "type" commands provided in this guide can be typed, but the preferred method is to copy and paste these commands. Most of the commands to this point in the guide have been brief, but many commands in sections below are longer and more complex.
-
-### Resize VHD
-
-The second Windows Server 2012 R2 VHD needs to be expanded in size from 40 GB to 100 GB to support installing imaging tools and storing OS images.
-
-1. To add available space for the partition, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-    ```powershell
-    Resize-VHD -Path c:\VHD\2012R2-poc-2.vhd -SizeBytes 100GB
-    $x = (Mount-VHD -Path c:\VHD\2012R2-poc-2.vhd -passthru | Get-Disk | Get-Partition | Get-Volume).DriveLetter
-    Resize-Partition -DriveLetter $x -Size (Get-PartitionSupportedSize -DriveLetter $x).SizeMax
-    ```
-
-2. Verify that the mounted VHD drive is resized to 100 GB, and then dismount the drive:
-
-    ```powershell
-    Get-Volume -DriveLetter $x
-    Dismount-VHD -Path c:\VHD\2012R2-poc-2.vhd
-    ```
-
-### Configure Hyper-V
-
-1. Open an elevated Windows PowerShell window and type the following command to create two virtual switches named "poc-internal" and "poc-external":
-
-    If the Hyper-V host already has an external virtual switch bound to a physical NIC, don't attempt to add a second external virtual switch. Attempting to add a second external switch will result in an error indicating that the NIC is **already bound to the Microsoft Virtual Switch protocol.** In this case, choose one of the following options:
-
-    **A**: Remove the existing external virtual switch, then add the poc-external switch
-
-    **B**: Rename the existing external switch to "poc-external"
-
-    **C**: Replace each instance of "poc-external" used in this guide with the name of your existing external virtual switch
-
-    If you choose B) or C), then don't run the second command below.
-
-    ```powershell
-    New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network"
-    New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name -Notes "PoC External"
-    ```
-
-    > [!NOTE]
-    > The second command above will temporarily interrupt network connectivity on the Hyper-V host.
-
-    Since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. The previous commands automate this  action by filtering for active non-virtual ethernet adapters using the Get-NetAdapter cmdlet (`$_.Status -eq "Up" -and !$_.Virtual`). If your Hyper-V host is dual-homed with multiple active ethernet adapters, this automation won't work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the appropriate NetAdapterName. The NetAdapterName value corresponds to the name of the network interface you wish to use. For example, if the network interface you use on the Hyper-V host to connect to the internet is named "Ethernet 2" then type the following command to create an external virtual switch: `New-VMSwitch -Name poc-external -NetAdapterName "Ethernet 2" -Notes "PoC External"`
-
-2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host:
-
-    ```powershell
-    (Get-VMHostNumaNode).MemoryAvailable
-    ```
-
-    This command will display the megabytes of RAM available for VMs. On a Hyper-V host computer with 16 GB of physical RAM installed, 10,000 MB of RAM or greater should be available if the computer isn't also running other applications. On a computer with 8 GB of physical RAM installed, at least 4000 MB should be available. If the computer has less RAM available, try closing applications to free up more memory.
-
-3. Determine the available memory for VMs by dividing the available RAM by 4. For example:
-
-    ```powershell
-    (Get-VMHostNumaNode).MemoryAvailable/4
-    2775.5
-    ```
-
-    In this example, VMs can use a maximum of 2700 MB of RAM each, to run four VMs simultaneously.
-
-4. At the elevated Windows PowerShell prompt, type the following command to create two new VMs. Other VMs will be added later.
-
-    > [!IMPORTANT]
-    > Replace the value of 2700MB for $maxRAM in the first command below with the RAM value that you calculated in the previous step.
-
-    ```powershell
-    $maxRAM = 2700MB
-    New-VM -Name "DC1" -VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal
-    Set-VMMemory -VMName "DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
-    Enable-VMIntegrationService -Name "Guest Service Interface" -VMName DC1
-    New-VM -Name "SRV1" -VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal
-    Add-VMNetworkAdapter -VMName "SRV1" -SwitchName "poc-external"
-    Set-VMMemory -VMName "SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 80
-    Enable-VMIntegrationService -Name "Guest Service Interface" -VMName SRV1
-    ```
-
-    > [!NOTE]
-    > The RAM values assigned to VMs in this step are not permanent, and can be easily increased or decreased later if needed to address performance issues.
-
-5. Using the same elevated Windows PowerShell prompt that was used in the previous step, type one of the following sets of commands, depending on the type of VM that was prepared in the [Choosing a VM generation](#choosing-a-vm-generation) section, either generation 1, generation 2, or generation 1 with GPT.
-
-    To create a generation 1 VM (using c:\vhd\w7.vhdx):
-
-    ```powershell
-    New-VM -Name "PC1" -VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal
-    Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
-    Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
-    ```
-
-    To create a generation 2 VM (using c:\vhd\PC1.vhdx):
-
-    ```powershell
-    New-VM -Name "PC1" -Generation 2 -VHDPath c:\vhd\PC1.vhdx -SwitchName poc-internal
-    Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
-    Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
-    ```
-
-    To create a generation 1 VM from a GPT disk (using c:\vhd\w7.vhd):
-
-    > [!NOTE]
-    > The following procedure is more complex because it includes steps to convert the OS partition from GPT to MBR format. Steps are included to create a temporary VHD and attach it to the VM, the OS image is saved to this drive, the OS drive is then reformatted to MBR, the OS image restored, and the temporary drive is removed.
-
-    First, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host to create a temporary VHD that will be used to save the OS image. Don't forget to include a pipe (`|`) at the end of the first five commands:
-
-    ```powershell
-    New-VHD -Path c:\vhd\d.vhd -SizeBytes 1TB |
-    Mount-VHD -Passthru |
-    Get-Disk -Number {$_.DiskNumber} |
-    Initialize-Disk -PartitionStyle MBR -PassThru |
-    New-Partition -UseMaximumSize |
-    Format-Volume -Confirm:$false -FileSystem NTFS -force
-    Dismount-VHD -Path c:\vhd\d.vhd
-    ```
-
-    Next, create the PC1 VM with two attached VHDs, and boot to DVD ($maxram must be defined previously using the same Windows PowerShell prompt):
-
-    ```powershell
-    New-VM -Name "PC1" -VHDPath c:\vhd\w7.vhd -SwitchName poc-internal
-    Add-VMHardDiskDrive -VMName PC1 -Path c:\vhd\d.vhd
-    Set-VMDvdDrive -VMName PC1 -Path c:\vhd\w10-enterprise.iso
-    Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
-    Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
-    Start-VM PC1
-    vmconnect localhost PC1
-    ```
-
-    The VM will automatically boot into Windows Setup. In the PC1 window:
-
-   1. Select **Next**.
-
-   2. Select **Repair your computer**.
-
-   3. Select **Troubleshoot**.
-
-   4. Select **Command Prompt**.
-
-   5. Type the following command to save an image of the OS drive:
-
-      ```cmd
-      dism.exe /Capture-Image /ImageFile:D:\c.wim /CaptureDir:C:\ /Name:Drive-C
-      ```
-
-   6. Wait for the OS image to complete saving, and then type the following commands to convert the C: drive to MBR:
-
-      ```cmd
-      diskpart.exe
-      select disk 0
-      clean
-      convert MBR
-      create partition primary size=100
-      format fs=ntfs quick
-      active
-      create partition primary
-      format fs=ntfs quick label=OS
-      assign letter=c
-      exit
-      ```
-
-   7. Type the following commands to restore the OS image and boot files:
-
-      ```cmd
-      dism.exe /Apply-Image /ImageFile:D:\c.wim /Index:1 /ApplyDir:C:\
-      bcdboot.exe c:\windows
-      exit
-      ```
-
-   8. Select **Continue** and verify the VM boots successfully. Don't boot from DVD.
-
-   9. Select **Ctrl+Alt+Del**, and then in the bottom right corner, select **Shut down**.
-
-   10. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host to remove the temporary disks and drives from PC1:
-
-        ```powershell
-        Remove-VMHardDiskDrive -VMName PC1 -ControllerType IDE -ControllerNumber 0 -ControllerLocation 1
-        Set-VMDvdDrive -VMName PC1 -Path $null
-        ```
-
-### Configure VMs
-
-1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first Windows Server VM and connect to it by typing the following commands:
-
-    ```powershell
-    Start-VM DC1
-    vmconnect localhost DC1
-    ```
-
-2. Select **Next** to accept the default settings, read the license terms and select **I accept**, provide a strong administrator password, and select **Finish**.
-
-3. Select **Ctrl+Alt+Del** in the upper left corner of the virtual machine connection window, and then sign in to DC1 using the Administrator account.
-
-4. Right-click **Start**, point to **Shut down or sign out**, and select **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, select **Connect** and sign in again with the local Administrator account.
-
-   > [!NOTE]
-   > Signing in this way ensures that [enhanced session mode](/windows-server/virtualization/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. It's only necessary to do this action the first time you sign in to a new VM.
-
-5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type or paste the following commands to provide a new hostname and configure a static IP address and gateway:
-
-    ```powershell
-    Rename-Computer DC1
-    New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 192.168.0.1 -PrefixLength 24 -DefaultGateway 192.168.0.2
-    Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
-    ```
-
-    The default gateway at 192.168.0.2 will be configured later in this guide.
-
-    > [!NOTE]
-    > A list of available tasks for an app will be populated the first time you run it on the taskbar. Because these tasks aren't available until the App has been run, you will not see the **Run as Administrator** task until you have left-clicked Windows PowerShell for the first time. In this newly created VM, you will need to left-click Windows PowerShell one time, and then you can right-click and choose Run as Administrator to open an elevated Windows PowerShell prompt.
-
-6. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt:
-
-    ```powershell
-    Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
-    ```
-
-7. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect. To restart the computer, type the following command at an elevated Windows PowerShell prompt:
-
-    ```powershell
-    Restart-Computer
-    ```
-
-8. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string. Type the following commands at the elevated Windows PowerShell prompt:
-
-    ```powershell
-    $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
-    Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force
-    ```
-
-    Ignore any warnings that are displayed. The computer will automatically reboot upon completion.
-
-9. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and suppress the post-DHCP-install alert:
-
-    ```powershell
-    Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest
-    Add-WindowsFeature -Name DHCP -IncludeManagementTools
-    netsh dhcp add securitygroups
-    Restart-Service DHCPServer
-    Add-DhcpServerInDC  dc1.contoso.com  192.168.0.1
-    Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 -Name ConfigurationState -Value 2
-    ```
-
-10. Next, add a DHCP scope and set option values:
-
-    ```powershell
-    Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active
-    Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force
-    ```
-
-    The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we haven't configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. You can verify this configuration by using the command: `Get-DhcpServerv4Lease -ScopeId 192.168.0.0`
-
-11. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already exists on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1:
-
-    ```powershell
-    Get-DnsServerForwarder
-    ```
-
-    The following output should be displayed:
-
-    ```console
-    UseRootHint        : True
-    Timeout(s)         : 3
-    EnableReordering   : True
-    IPAddress          : 192.168.0.2
-    ReorderedIPAddress : 192.168.0.2
-    ```
-
-    If this output isn't displayed, you can use the following command to add SRV1 as a forwarder:
-
-    ```powershell
-    Add-DnsServerForwarder -IPAddress 192.168.0.2
-    ```
-
-    **Configure service and user accounts**
-
-    Windows 10 deployment with Configuration Manager and MDT requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
-
-    To keep this test lab relatively simple, we won't create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-    On DC1, open an elevated Windows PowerShell prompt and type the following commands:
-
-    ```powershell
-    New-ADUser -Name User1 -UserPrincipalName user1 -Description "User account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
-    New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
-    New-ADUser -Name CM_JD -UserPrincipalName CM_JD -Description "Configuration Manager Join Domain Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
-    New-ADUser -Name CM_NAA -UserPrincipalName CM_NAA -Description "Configuration Manager Network Access Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
-    Add-ADGroupMember "Domain Admins" MDT_BA,CM_JD,CM_NAA
-    Set-ADUser -Identity user1 -PasswordNeverExpires $true
-    Set-ADUser -Identity administrator -PasswordNeverExpires $true
-    Set-ADUser -Identity MDT_BA -PasswordNeverExpires $true
-    Set-ADUser -Identity CM_JD -PasswordNeverExpires $true
-    Set-ADUser -Identity CM_NAA -PasswordNeverExpires $true
-    ```
-
-12. Minimize the DC1 VM window but **do not stop** the VM.
-
-    Next, the client VM will be started and joined to the contoso.com domain. This action is done before adding a gateway to the PoC network so that there's no danger of duplicate DNS registrations for the physical client and its cloned VM in the domain.
-
-13. If the PC1 VM isn't started yet, using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it:
-
-    ```powershell
-    Start-VM PC1
-    vmconnect localhost PC1
-    ```
-
-14. Sign in to PC1 using an account that has local administrator rights.
-
-    PC1 will be disconnected from its current domain, so you can't use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account.
-
-15. After you sign in, Windows detects that it's running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you'll be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. You can monitor device driver installation by clicking **Show hidden icons** in the notification area.
-
-    ![PoC 1.](images/installing-drivers.png)
-
-    If the client was configured with a static address, you must change this address to a dynamic one so that it can obtain a DHCP lease.
-
-16. When the new network adapter driver has completed installation, you'll receive an alert to set a network location for the contoso.com network. Select **Work network** and then select **Close**. When you receive an alert that a restart is required, select **Restart Later**.
-
-17. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller.
-
-    To open Windows PowerShell on Windows 7, select **Start**, and search for "**power**." Right-click **Windows PowerShell** and then select **Pin to Taskbar** so that it's simpler to use Windows PowerShell during this lab. Select **Windows PowerShell** on the taskbar, and then type `ipconfig` at the prompt to see the client's current IP address. Also type `ping dc1.contoso.com` and `nltest /dsgetdc:contoso.com` to verify that it can reach the domain controller. See the following examples of a successful network connection:
-
-    ```cmd
-    ipconfig.exe
-
-    Windows IP Configuration
-
-    Ethernet adapter Local Area Connection 3:
-        Connection-specific DNS Suffix  . : contoso.com
-        Link-local IPv6 Address . . . . . : fe80::64c2:4d2a:7403:6e02%18
-        Ipv4 Address. . . . . . . . . . . : 192.168.0.101
-        Subnet Mask . . . . . . . . . . . : 255.255.255.0
-        Default Gateway . . . . . . . . . : 192.168.0.2
-
-    ping dc1.contoso.com
-
-    Pinging dc1.contoso.com [192.168.0.1] with 32 bytes of data:
-    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
-    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
-    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
-    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
-
-    nltest /dsgetdc:contoso.com
-               DC: \\DC1
-          Address: \\192.168.0.1
-         Dom Guid: fdbd0643-d664-411b-aea0-fe343d7670a8
-         Dom Name: CONTOSO
-      Forest Name: contoso.com
-     Dc Site Name: Default-First-Site-Name
-    Our Site Name: Default-First-Site-Name
-            Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000
-    ```
-
-    > [!NOTE]
-    > If PC1 is running Windows 7, enhanced session mode might not be available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it's possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them.
-
-18. Minimize the PC1 window and switch to the Hyper-V host computer. Open an elevated Windows PowerShell ISE window on the Hyper-V host (right-click Windows PowerShell and then select **Run ISE as Administrator**) and type the following commands in the (upper) script editor pane:
-
-    ```powershell
-    (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0)
-    $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
-    $user = "contoso\administrator"
-    $cred = New-Object System.Management.Automation.PSCredential($user,$pass)
-    Add-Computer -DomainName contoso.com -Credential $cred
-    Restart-Computer
-    ```
-
-    If you don't see the script pane, select **View** and verify **Show Script Pane Top** is enabled. Select **File** and then select **New**.
-
-    See the following example:
-
-    :::image type="content" alt-text="ISE 1." source="images/ISE.png" lightbox="images/ISE.png":::
-
-19. Select **File**, select **Save As**, and save the commands as **c:\VHD\pc1.ps1** on the Hyper-V host.
-
-20. In the (lower) terminal input window, type the following commands to enable Guest Service Interface on PC1 and then use this service to copy the script to PC1:
-
-    ```powershell
-    Enable-VMIntegrationService -VMName PC1 -Name "Guest Service Interface"
-    Copy-VMFile "PC1" -SourcePath "C:\VHD\pc1.ps1" -DestinationPath "C:\pc1.ps1" -CreateFullPath -FileSource Host
-    ```
-
-    > [!NOTE]
-    > In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. If this service is not enabled in this step, then the copy-VMFile command will fail. In this case, you can try updating integration services on the VM by mounting the Hyper-V Integration Services Setup (vmguest.iso), which is located in C:\Windows\System32 on Windows Server 2012 and 2012 R2 operating systems that are running the Hyper-V role service.
-
-    If the copy-vmfile command doesn't work and you can't properly enable or upgrade integration services on PC1, then create the file c:\pc1.ps1 on the VM by typing the commands into this file manually. The copy-vmfile command is only used in this procedure as a demonstration of automation methods that can be used in a Hyper-V environment when enhanced session mode isn't available. After typing the script file manually, be sure to save the file as a Windows PowerShell script file with the `.ps1` extension and not as a text (`.txt`) file.
-
-21. On PC1, type the following commands at an elevated Windows PowerShell prompt:
-
-    ```powershell
-    Get-Content c:\pc1.ps1 | powershell.exe -noprofile -
-    ```
-
-    The commands in this script might take a few moments to complete. If an error is displayed, check that you typed the command correctly, paying close attention to spaces. PC1 is removed from its domain in this step while not connected to the network so as to ensure the computer object in the domain is unaffected. PC1 is also not renamed to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer.
-
-22. Upon completion of the script, PC1 will automatically restart. When it has restarted, sign in to the contoso.com domain using the **Switch User** option, with the **user1** account you created in step 11 of this section.
-
-    > [!IMPORTANT]
-    > The settings that will be used later to migrate user data specifically select only accounts that belong to the CONTOSO domain. However, this can be changed to migrate all user accounts, or only other specified accounts. If you wish to test migration of user data and settings with accounts other than those in the CONTOSO domain, you must specify these accounts or domains when you configure the value of **ScanStateArgs** in the MDT test lab guide. This value is specifically called out when you get to that step. If you wish to only migrate CONTOSO accounts, then you can log in with the user1 account or the administrator account at this time and modify some of the files and settings for later use in migration testing.
-
-23. Minimize the PC1 window but don't turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This action verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services.
-
-24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands:
-
-    ```powershell
-    Start-VM SRV1
-    vmconnect localhost SRV1
-    ```
-
-25. Accept the default settings, read license terms and accept them, provide a strong administrator password, and select **Finish**. When you're prompted about finding PCs, devices, and content on the network, select **Yes**.
-
-26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. Enhanced session mode will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM.
-
-27. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands:
-
-    ```powershell
-    Rename-Computer SRV1
-    New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 192.168.0.2 -PrefixLength 24
-    Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
-    Restart-Computer
-    ```
-
-    > [!IMPORTANT]
-    > Verify that you are configuring the correct interface in this step. The commands in this step assume that the poc-internal interface on SRV1 is named "Ethernet."  If you are unsure how to check the interface, see step #30 below for instructions and tips on how to verify and modify the interface name.
-
-28. Wait for the computer to restart, sign in again, then type the following commands at an elevated Windows PowerShell prompt:
-
-    ```powershell
-    $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
-    $user = "contoso\administrator"
-    $cred = New-Object System.Management.Automation.PSCredential($user,$pass)
-    Add-Computer -DomainName contoso.com -Credential $cred
-    Restart-Computer
-    ```
-
-29. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands:
-
-    ```powershell
-    Install-WindowsFeature -Name DNS -IncludeManagementTools
-    Install-WindowsFeature -Name WDS -IncludeManagementTools
-    Install-WindowsFeature -Name Routing -IncludeManagementTools
-    ```
-
-30. Before configuring the routing service that was installed, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. Also verify that the external interface has a valid external DHCP IP address lease.
-
-    To view a list of interfaces, associated interface aliases, and IP addresses on SRV1, type the following Windows PowerShell command. Example output of the command is also shown below:
-
-    ```powershell
-    Get-NetAdapter | ? status -eq 'up' | Get-NetIPAddress -AddressFamily IPv4 | ft IPAddress, InterfaceAlias
-
-    IPAddress                                                                  InterfaceAlias
-    ---------                                                                  --------------
-    10.137.130.118                                                             Ethernet 2
-    192.168.0.2                                                                Ethernet
-    ```
-
-    In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the commands provided in the next step appropriately to configure routing services. Also note that if the "Ethernet 2" interface has an IP address in the 192.168.0.100-105 range then it likely is getting a DHCP lease from DC1 instead of your network. If so, you can try removing and readding the second network interface from the SRV1 VM through its Hyper-V settings.
-
-    > [!TIP]
-    > Sometimes a computer will have hidden, disconnected interfaces that prevent you from naming a network adapter. When you attempt to rename an adapter, you will receive an error that the adapter name already exists. These disconnected devices can be viewed in device manager by clicking **View** and then clicking **Show hidden devices**. The disconnected device can then be uninstalled, enabling you to reuse the adapter name.
-
-31. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1:
-
-    ```powershell
-    Install-RemoteAccess -VpnType Vpn
-    cmd /c netsh routing ip nat install
-    cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL
-    cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE
-    cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE
-    ```
-
-32. The DNS service on SRV1 also needs to resolve hosts in the `contoso.com` domain. This step can be accomplished with a conditional forwarder. Open an elevated Windows PowerShell prompt on SRV1 and type the following command:
-
-    ```powershell
-    Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1
-    ```
-
-33. In most cases, this process completes configuration of the PoC network. However, if your network has a firewall that filters queries from local DNS servers, you'll also need to configure a server-level DNS forwarder on SRV1 to resolve internet names. To test whether or not DNS is working without this forwarder, try to reach a name on the internet from DC1 or PC1, which are only using DNS services on the PoC network. You can test DNS with the ping command, for example:
-
-    ```cmd
-    ping.exe www.microsoft.com
-    ```
-
-    If you see "Ping request couldn't find host `www.microsoft.com`" on PC1 and DC1, but not on SRV1, then you'll need to configure a server-level DNS forwarder on SRV1. To do this action, open an elevated Windows PowerShell prompt on SRV1 and type the following command.
-
-    > [!NOTE]
-    > This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name:
-
-    ```powershell
-    Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses
-    ```
-
-34. If DNS and routing are both working correctly, you'll see the following output on DC1 and PC1 (the IP address might be different, but that's OK):
-
-    ```cmd
-    ping www.microsoft.com
-
-    Pinging e2847.dspb.akamaiedge.net [23.222.146.170] with 32 bytes of data:
-    Reply from 23.222.146.170: bytes=32 time=3ms TTL=51
-    Reply from 23.222.146.170: bytes=32 time=2ms TTL=51
-    Reply from 23.222.146.170: bytes=32 time=2ms TTL=51
-    Reply from 23.222.146.170: bytes=32 time=1ms TTL=51
-
-    Ping statistics for 23.222.146.170:
-        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
-    Approximate round trip times in milli-seconds:
-        Minimum = 1ms, Maximum = 3ms, Average = 2ms
-    ```
-
-35. Verify that all three VMs can reach each other, and the internet. See [Appendix A: Verify the configuration](#appendix-a-verify-the-configuration) for more information.
-36. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in three days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1:
-
-    ```powershell
-    runas.exe /noprofile /env /user:administrator@contoso.com "cmd.exe /c slmgr -rearm"
-    Restart-Computer
-    ```
-
-This process completes configuration of the starting PoC environment. More services and tools are installed in subsequent guides.
-
-## Appendix A: Verify the configuration
-
-Use the following procedures to verify that the PoC environment is configured properly and working as expected.
-
-1. On DC1, open an elevated Windows PowerShell prompt and type the following commands:
-
-    ```powershell
-    Get-Service NTDS,DNS,DHCP
-    DCDiag -a
-    Get-DnsServerResourceRecord -ZoneName contoso.com -RRType A
-    Get-DnsServerForwarder
-    Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com
-    Get-DhcpServerInDC
-    Get-DhcpServerv4Statistics
-    ipconfig.exe /all
-    ```
-
-    **Get-Service** displays a status of "Running" for all three services.
-
-    **DCDiag** displays "passed test" for all tests.
-
-    **Get-DnsServerResourceRecord** displays the correct DNS address records for DC1, SRV1, and the computername of PC1. Other address records for the zone apex (@), DomainDnsZones, and ForestDnsZones will also be registered.
-
-    **Get-DnsServerForwarder** displays a single forwarder of 192.168.0.2.
-
-    **Resolve-DnsName** displays public IP address results for `www.microsoft.com`.
-
-    **Get-DhcpServerInDC** displays 192.168.0.1, `dc1.contoso.com`.
-
-    **Get-DhcpServerv4Statistics** displays one scope with two addresses in use. These addresses belong to PC1 and the Hyper-V host.
-
-    **ipconfig** displays a primary DNS suffix and suffix search list of `contoso.com`, IP address of 192.168.0.1, subnet mask of 255.255.255.0, default gateway of 192.168.0.2, and DNS server addresses of 192.168.0.1 and 192.168.0.2.
-
-2. On SRV1, open an elevated Windows PowerShell prompt and type the following commands:
-
-    ```powershell
-    Get-Service DNS,RemoteAccess
-    Get-DnsServerForwarder
-    Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com
-    ipconfig.exe /all
-    netsh.exe int ipv4 show address
-    ```
-
-    **Get-Service** displays a status of "Running" for both services.
-
-    **Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you're required to use so that SRV1 can resolve internet names.
-
-    **Resolve-DnsName** displays public IP address results for `www.microsoft.com`.
-
-    **ipconfig** displays a primary DNS suffix of `contoso.com`. The suffix search list contains `contoso.com` and your domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP address of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your network.
-
-    **netsh** displays three interfaces on the computer: interface "Ethernet 2" with DHCP enabled = Yes and IP address assigned by your network, interface "Ethernet" with DHCP enabled = No and IP address of 192.168.0.2, and interface "Loopback Pseudo-Interface 1" with IP address of 127.0.0.1.
-
-3. On PC1, open an elevated Windows PowerShell prompt and type the following commands:
-
-    ```cmd
-    whoami.exe
-    hostname.exe
-    nslookup.exe www.microsoft.com
-    ping.exe -n 1 dc1.contoso.com
-    tracert.exe www.microsoft.com
-    ```
-
-    **whoami.exe** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed.
-
-    **hostname.exe** displays the name of the local computer, for example W7PC-001.
-
-    **nslookup.exe** displays the DNS server used for the query, and the results of the query. For example, server `dc1.contoso.com`, address 192.168.0.1, Name `e2847.dspb.akamaiedge.net`.
-
-    **ping.exe** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it can't be resolved, "couldn't find host" will be displayed. If the target is found and also responds to ICMP, you'll see "Reply from" and the IP address of the target.
-
-    **tracert.exe** displays the path to reach the destination, for example `srv1.contoso.com` [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination.
-
-## Appendix B: Terminology used in this guide
-
-|Term|Definition|
-|--- |--- |
-|**GPT**|GUID partition table (GPT) is an updated hard-disk formatting scheme that enables the use of newer hardware. GPT is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions.|
-|**Hyper-V**|Hyper-V is a server role introduced with Windows Server 2008 that lets you create a virtualized computing environment. Hyper-V can also be installed as a Windows feature on Windows client operating systems, starting with Windows 8.|
-|**Hyper-V host**|The computer where Hyper-V is installed.|
-|**Hyper-V Manager**|The user-interface console used to view and configure Hyper-V.|
-|**MBR**|Master Boot Record (MBR) is a legacy hard-disk formatting scheme that limits support for newer hardware. MBR is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. MBR is in the process of being replaced by the GPT partition format.|
-|**Proof of concept (PoC)**|Confirmation that a process or idea works as intended. A PoC is carried out in a test environment to learn about and verify a process.|
-|**Shadow copy**|A copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes.|
-|**Virtual machine (VM)**|A VM is a virtual computer with its own operating system, running on the Hyper-V host.|
-|**Virtual switch**|A virtual network connection used to connect VMs to each other and to physical network adapters on the Hyper-V host.|
-|**VM snapshot**|A point in time image of a VM that includes its disk, memory and device state. It can be used to return a virtual machine to a former state corresponding to the time the snapshot was taken.|
-
-## Next steps
-
-- [Windows 10 deployment scenarios](windows-deployment-scenarios.md)
-- [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
deleted file mode 100644
index 82bb386aa3..0000000000
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: Switch to Windows 10 Pro/Enterprise from S mode
-description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.localizationpriority: medium
-ms.service: windows-client
-ms.topic: article
-ms.date: 11/23/2022
-ms.subservice: itpro-deploy
----
-
-# Switch to Windows 10 Pro or Enterprise from S mode
-
-We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later.
-
-Many other transformations are possible depending on which version and edition of Windows 10 you're starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means:
-
-| If a device is running this version of Windows 10 | and this edition of Windows 10       | then you can switch or convert it to this edition of Windows 10 by these methods: |             &nbsp;                         | &nbsp;|
-|-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------|
-|             |                     | **Store for Education** (switch/convert all devices in your tenant)           | **Microsoft Store** (switch/convert one device at a time)          | **Intune** (switch/convert any number of devices selected by admin)                                |
-| **Windows 10, version 1709**     | Pro in S mode | Pro EDU                           | Pro                           | Not by this method                                        |
-|             | Pro                 | Pro EDU                           | Not by any method                | Not by any method                             |
-|             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
-|             |                     |                                   |                               |                                            |
-| **Windows 10, version 1803**     | Pro in S mode       | Pro EDU in S mode                 | Pro                           | Not by this method                                         |
-|             | Pro                 | Pro EDU                           | Not by any method                | Not by any method                             |
-|             | Home in S mode      | Not by any method                    | Home                          | Not by this method                                         |
-|             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
-|             |                     |                                   |                               |                                            |
-| **Windows 10, version 1809**     | Pro in S mode       | Pro EDU in S mode                 | Pro                           | Pro                                        |
-|             | Pro                 | Pro EDU                           | Not by any method                | Not by any method                             |
-|             | Home in S mode      | Not by any method                    | Home                          | Home                                       |
-|             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
-
-Use the following information to switch to Windows 10 Pro through the Microsoft Store.
-
-> [!IMPORTANT]
-> While it's free to switch to Windows 10 Pro, it's not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
-
-## Switch one device through the Microsoft Store
-
-Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device.
-
-Note these differences affecting switching modes in various releases of Windows 10:
-
-- In Windows 10, version 1709, you can switch devices one at a time from Windows 10 Pro in S mode to Windows 10 Pro by using the Microsoft Store or **Settings**. No other switches are possible.
-
-- In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**.
-
-- Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves.
-
-1. Sign into the Microsoft Store using your Microsoft account.
-
-2. Search for "S mode".
-
-3. In the offer, select **Buy**, **Get**, or **Learn more.**
-
-You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro.
-
-## Switch one or more devices by using Microsoft Intune
-
-Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE. Switching out of S mode gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
-
-1. Start Microsoft Intune.
-
-2. Navigate to **Device configuration** > **Profiles** > **Windows 10 and later** > **Edition upgrade and mode switch**.
-
-3. Follow the instructions to complete the switch.
-
-## Block users from switching
-
-You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10. To set this policy, go to **Device configuration** > **Profiles** > **Windows 10 and later** > **Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**.
-
-## S mode management with CSPs
-
-In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode).
-
-## Related articles
-
-[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)<br>
-[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<BR>
-[Windows 10 Pro Education](/education/windows/test-windows10s-for-edu)<BR>
-[Introduction to Microsoft Intune in the Azure portal](/intune/what-is-intune)
diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index 2c3b28dac0..cf038aa4a9 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -7,7 +7,7 @@ manager: aaroncz
 ms.service: windows-client
 ms.localizationpriority: medium
 ms.date: 02/13/2024
-ms.topic: article
+ms.topic: conceptual
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index 3e1a68db6b..30052f5291 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -6,12 +6,8 @@
       items:
         - name: What is Windows Autopatch?
           href: overview/windows-autopatch-overview.md
-        - name: Roles and responsibilities
-          href: overview/windows-autopatch-roles-responsibilities.md
         - name: Privacy
           href: overview/windows-autopatch-privacy.md
-        - name: Deployment guide
-          href: overview/windows-autopatch-deployment-guide.md
         - name: FAQ
           href: overview/windows-autopatch-faq.yml
     - name: Prepare
@@ -21,13 +17,9 @@
           href: prepare/windows-autopatch-prerequisites.md
         - name: Configure your network
           href: prepare/windows-autopatch-configure-network.md
-        - name: Enroll your tenant
-          href: prepare/windows-autopatch-enroll-tenant.md
+        - name: Start using Windows Autopatch
+          href: prepare/windows-autopatch-feature-activation.md
           items:
-            - name: Fix issues found by the Readiness assessment tool
-              href: prepare/windows-autopatch-fix-issues.md
-            - name: Submit a tenant enrollment support request
-              href: prepare/windows-autopatch-enrollment-support-request.md
     - name: Deploy
       href: 
       items:
@@ -42,98 +34,101 @@
               href: deploy/windows-autopatch-register-devices.md
             - name: Windows Autopatch groups overview
               href: deploy/windows-autopatch-groups-overview.md
-              items:
-                - name: Manage Windows Autopatch groups
-                  href: deploy/windows-autopatch-groups-manage-autopatch-groups.md
             - name: Post-device registration readiness checks
               href: deploy/windows-autopatch-post-reg-readiness-checks.md
-    - name: Operate
+    - name: Manage
       href: 
       items:
-        - name: Software update management
-          href: operate/windows-autopatch-groups-update-management.md
+        - name: Release schedule
+          href: manage/windows-autopatch-release-schedule.md
+        - name: Update rings
+          href: manage/windows-autopatch-update-rings.md
+        - name: Windows Autopatch groups
+          href: manage/windows-autopatch-manage-autopatch-groups.md
           items:
-              - name: Windows updates
-                href:
-                items:
-                  - name: Customize Windows Update settings
-                    href: operate/windows-autopatch-groups-windows-update.md
-                  - name: Windows quality updates
-                    href: operate/windows-autopatch-groups-windows-quality-update-overview.md
-                    items:
-                      - name: Windows quality update end user experience
-                        href: operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
-                      - name: Windows quality update signals
-                        href: operate/windows-autopatch-groups-windows-quality-update-signals.md
-                      - name: Windows quality update communications
-                        href: operate/windows-autopatch-groups-windows-quality-update-communications.md
-                  - name: Windows feature updates
-                    href: operate/windows-autopatch-groups-windows-feature-update-overview.md
-                    items:
-                      - name: Manage Windows feature updates
-                        href: operate/windows-autopatch-groups-manage-windows-feature-update-release.md
-              - name: Microsoft 365 Apps for enterprise
-                href: operate/windows-autopatch-microsoft-365-apps-enterprise.md
-              - name: Microsoft Edge
-                href: operate/windows-autopatch-edge.md
-              - name: Microsoft Teams
-                href: operate/windows-autopatch-teams.md
-        - name: Windows quality and feature update reports overview
-          href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
+            - name: Customize Windows Update settings
+              href: manage/windows-autopatch-customize-windows-update-settings.md
+            - name: Windows Autopatch group policies
+              href: manage/windows-autopatch-groups-policies.md
+        - name: Windows feature updates
+          href: manage/windows-autopatch-windows-feature-update-overview.md
+          items:
+            - name: Windows feature update policies
+              href: manage/windows-autopatch-windows-feature-update-policies.md
+            - name: Programmatic controls for Windows feature updates
+              href: manage/windows-autopatch-windows-feature-update-programmatic-controls.md
+        - name: Windows quality updates
+          href: manage/windows-autopatch-windows-quality-update-overview.md
+          items:
+            - name: Windows quality update end user experience
+              href: manage/windows-autopatch-windows-quality-update-end-user-exp.md
+            - name: Windows quality update communications
+              href: manage/windows-autopatch-windows-quality-update-communications.md
+            - name: Windows quality update policies
+              href: manage/windows-autopatch-windows-update-policies.md
+            - name: Programmatic controls for expedited Windows quality updates
+              href: manage/windows-autopatch-windows-quality-update-programmatic-controls.md
+        - name: Driver and firmware updates
+          href: manage/windows-autopatch-manage-driver-and-firmware-updates.md
+          items:
+            - name: Programmatic controls for driver and firmware updates
+              hreF: manage/windows-autopatch-driver-and-firmware-update-programmatic-controls.md
+        - name: Microsoft 365 Apps for enterprise
+          href: manage/windows-autopatch-microsoft-365-apps-enterprise.md
+          items:
+            - name: Microsoft 365 Apps for enterprise update policies
+              href: manage/windows-autopatch-microsoft-365-policies.md
+        - name: Microsoft Edge
+          href: manage/windows-autopatch-edge.md
+        - name: Microsoft Teams
+          href: manage/windows-autopatch-teams.md
+        - name: Submit a support request
+          href: manage/windows-autopatch-support-request.md
+        - name: Exclude a device
+          href: manage/windows-autopatch-exclude-device.md
+        - name: Deactivate Windows Autopatch features
+          href: manage/windows-autopatch-feature-deactivation.md
+        - name: Troubleshoot programmatic controls
+          href: manage/windows-autopatch-troubleshoot-programmatic-controls.md
+    - name: Monitor
+      href:
+      items:
+        - name: Windows feature and quality update reports overview
+          href: monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
           items:
-            - name: Windows quality update reports
-              href:
-              items:
-                - name: Summary dashboard
-                  href: operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
-                - name: Quality update status report
-                  href: operate/windows-autopatch-groups-windows-quality-update-status-report.md
-                - name: Quality update trending report
-                  href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md
-                - name: Reliability report
-                  href: operate/windows-autopatch-reliability-report.md
             - name: Windows feature update reports
               href:
               items:
                 - name: Summary dashboard
-                  href: operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
+                  href: monitor/windows-autopatch-windows-feature-update-summary-dashboard.md
                 - name: Feature update status report
-                  href: operate/windows-autopatch-groups-windows-feature-update-status-report.md
+                  href: monitor/windows-autopatch-windows-feature-update-status-report.md
                 - name: Feature update trending report
-                  href: operate/windows-autopatch-groups-windows-feature-update-trending-report.md
-            - name: Windows quality and feature update device alerts
-              href: operate/windows-autopatch-device-alerts.md
-        - name: Policy health
-          href:
-          items:
-            - name: Policy health and remediation
-              href: operate/windows-autopatch-policy-health-and-remediation.md
-            - name: Resolve policy conflicts
-              href: operate/windows-autopatch-resolve-policy-conflicts.md
+                  href: monitor/windows-autopatch-windows-feature-update-trending-report.md
+            - name: Windows quality update reports
+              href:
+              items:
+                - name: Summary dashboard
+                  href: monitor/windows-autopatch-windows-quality-update-summary-dashboard.md
+                - name: Quality update status report
+                  href: monitor/windows-autopatch-windows-quality-update-status-report.md
+                - name: Quality update trending report
+                  href: monitor/windows-autopatch-windows-quality-update-trending-report.md
+                - name: Reliability report
+                  href: monitor/windows-autopatch-reliability-report.md
+            - name: Windows feature and quality update device alerts
+              href: monitor/windows-autopatch-device-alerts.md
+        - name: Policy health and remediation
+          href: monitor/windows-autopatch-policy-health-and-remediation.md
         - name: Maintain the Windows Autopatch environment
-          href: operate/windows-autopatch-maintain-environment.md
-        - name: Manage driver and firmware updates
-          href: operate/windows-autopatch-manage-driver-and-firmware-updates.md
-        - name: Submit a support request
-          href: operate/windows-autopatch-support-request.md
-        - name: Exclude a device
-          href: operate/windows-autopatch-exclude-device.md
-        - name: Unenroll your tenant
-          href: operate/windows-autopatch-unenroll-tenant.md
+          href: monitor/windows-autopatch-maintain-environment.md
     - name: References
       href:
       items:
-        - name: Update policies
-          href:
-          items:
-            - name: Windows update policies
-              href: references/windows-autopatch-windows-update-unsupported-policies.md
-            - name: Microsoft 365 Apps for enterprise update policies
-              href: references/windows-autopatch-microsoft-365-policies.md
-            - name: Conflicting configurations
-              href: references/windows-autopatch-conflicting-configurations.md
-        - name: Changes made at tenant enrollment
-          href: references/windows-autopatch-changes-to-tenant.md
+        - name: Conflicting configurations
+          href: references/windows-autopatch-conflicting-configurations.md
+        - name: Changes made at feature activation
+          href: references/windows-autopatch-changes-made-at-feature-activation.md 
     - name: What's new
       href:
       items: 
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
index 690fe5613b..e22102c89e 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
@@ -1,34 +1,34 @@
 ---
 title: Add and verify admin contacts
 description: This article explains how to add and verify admin contacts
-ms.date: 09/15/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: aaroncz
 ms.reviewer: hathind
 ms.collection:
-  - tier2
+  - highpri
+  - tier1
 ---
 
 # Add and verify admin contacts
 
-There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
-> [!IMPORTANT]
-> You might have already added these contacts in the Microsoft Intune admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md). However, take a moment to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs.
+There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../manage/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch.
 
-You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus).
+You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team contacts these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus).
 
 > [!IMPORTANT]
 > Whoever you choose as admin contacts, they must have the knowledge and authority to make decisions for your Windows Autopatch environment. The Windows Autopatch Service Engineering Team will contact these admin contacts for questions involving support requests.
 
 ## Area of focus
 
-Your admin contacts will receive notifications about support request updates and new messages. These areas include the following:
+Our admin contacts receive notifications about support request updates and new messages. These areas include the following areas of focus:
 
 | Area of focus | Description |
 | ----- | ----- |
@@ -38,9 +38,9 @@ Your admin contacts will receive notifications about support request updates and
 **To add admin contacts:**
 
 1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Under **Tenant administration** in the **Windows Autopatch** section, select **Admin contacts**.
-1. Select **+Add**.
-1. Enter the contact details including name, email, phone number and preferred language. For a support ticket, the ticket's primary contact's preferred language will determine the language used for email communications.
-1. Select an [Area of focus](#area-of-focus) and enter details of the contact's knowledge and authority in the specified area of focus.
-1. Select **Save** to add the contact.
-1. Repeat for each area of focus.
+2. Under **Tenant administration** in the **Windows Autopatch** section, select **Admin contacts**.
+3. Select **+Add**.
+4. Enter the contact details including name, email, phone number, and preferred language. For a support ticket, the ticket's primary contact's preferred language determines the language used for email communications.
+5. Select an [Area of focus](#area-of-focus) and enter details of the contact's knowledge and authority in the specified area of focus.
+6. Select **Save** to add the contact.
+7. Repeat for each area of focus.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index dd113afcfc..b484ef3547 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -1,10 +1,10 @@
 ---
 title: Device registration overview
 description: This article provides an overview on how to register devices in Autopatch.
-ms.date: 02/15/2024
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -17,7 +17,22 @@ ms.collection:
 
 # Device registration overview
 
-Windows Autopatch must [register your existing devices](windows-autopatch-register-devices.md) into its service to manage update deployments on your behalf.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch must [register your existing devices](../deploy/windows-autopatch-register-devices.md) into its service to manage update deployments on your behalf.
+
+## Prerequisites for device registration
+
+### Built-in roles required for device registration
+
+A role defines the set of permissions granted to users assigned to that role. You can use the Intune Service Administrator role to register devices. For more information, see [Required Intune permissions](../prepare/windows-autopatch-prerequisites.md#required-intune-permissions).
+
+### Software prerequisites
+
+To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites. For more information, see [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md).
+
+> [!IMPORTANT]
+> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
 
 The Windows Autopatch device registration process is transparent for end-users because it doesn't require devices to be reset.
 
@@ -25,8 +40,8 @@ The overall device registration process is as follows:
 
 :::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
 
-1. IT admin reviews [Windows Autopatch device registration prerequisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) before registering devices with Windows Autopatch.
-2. IT admin identifies devices to be managed by Windows Autopatch through either adding device-based Microsoft Entra groups as part of the [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md) or the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md).
+1. IT admin reviews [Windows Autopatch device registration prerequisites](#prerequisites-for-device-registration) before registering devices with Windows Autopatch.
+2. IT admin identifies and adds devices or nests other Microsoft Entra device groups into any Microsoft Entra group used with an Autopatch group, imported (WUfB) policies, or direct membership to the **Modern Workplace Devices-Windows-Autopatch-X-groups**.
 3. Windows Autopatch then:
     1. Performs device readiness prior registration (prerequisite checks).
     2. Calculates the deployment ring distribution.
@@ -35,144 +50,69 @@ The overall device registration process is as follows:
     5. Marks devices as active for management so it can apply its update deployment policies.
 4. IT admin then monitors the device registration trends and the update deployment reports.
 
-For more information about the device registration workflow, see the [Detailed device registration workflow diagram](#detailed-device-registration-workflow-diagram) section for more technical details behind the Windows Autopatch device registration process.
-
-## Detailed device registration workflow diagram
-
-See the following detailed workflow diagram. The diagram covers the Windows Autopatch device registration process:
-
-:::image type="content" source="../media/windows-autopatch-device-registration-workflow-diagram.png" alt-text="Detailed device registration workflow diagram" lightbox="../media/windows-autopatch-device-registration-workflow-diagram.png":::
-
-| Step | Description |
-| ----- | ----- |
-| **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
-| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
-| **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group or from Microsoft Entra groups used with Autopatch groups in **step #2**. The Microsoft Entra device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Microsoft Entra ID when registering devices into its service.<ol><li>Once devices are discovered from the Microsoft Entra group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Microsoft Entra ID in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements before registration.</li></ol> |
-| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Microsoft Entra device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Microsoft Entra device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Microsoft Entra ID in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn't enrolled into Intune.</li><li>A common reason is when the Microsoft Entra device ID is stale, it doesn't have an Intune device ID associated with it anymore. To remediate, [clean up any stale Microsoft Entra device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn't enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
-| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
-| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to two deployment ring sets, the first one being the service-based deployment ring set represented by the following Microsoft Entra groups:<ol><li>**Modern Workplace Devices-Windows Autopatch-First**</li><ol><li>The Windows Autopatch device registration process doesn't automatically assign devices to the Test ring represented by the Microsoft Entra group (**Modern Workplace Devices-Windows Autopatch-Test**). It's important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.</li></ol><li>**Modern Workplace Devices-Windows Autopatch-Fast**</li><li>**Modern Workplace Devices-Windows Autopatch-Broad**</li>Then the second deployment ring set, the software updates-based deployment ring set represented by the following Microsoft Entra groups:<ul><li>**Windows Autopatch - Ring1**<ul><li>The Windows Autopatch device registration process doesn't automatically assign devices to the Test ring represented by the Microsoft Entra groups (**Windows Autopatch - Test**). It's important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.</li></ul><li>**Windows Autopatch - Ring2**</li>**Windows Autopatch - Ring3**</li></li></ol> |
-| **Step 7: Assign devices to a Microsoft Entra group** | Windows Autopatch also assigns devices to the following Microsoft Entra groups when certain conditions apply:<ol><li>**Modern Workplace Devices - All**</li><ol><li>This group has all devices managed by Windows Autopatch.</li></ol><li>**Modern Workplace Devices - Virtual Machine**</li><ol><li>This group has all **virtual devices** managed by Windows Autopatch.</li></ol> |
-| **Step 8: Post-device registration** | In post-device registration, three actions occur:<ol><li>Windows Autopatch adds devices to its managed database.</li><li>Flags devices as **Active** in the **Registered** tab.</li><li>The Microsoft Entra device ID of the device successfully registered is added into the Microsoft Cloud Managed Desktop Extension's allowlist. Windows Autopatch installs the Microsoft Cloud Managed Desktop Extension agent once devices are registered, so the agent can communicate back to the Microsoft Cloud Managed Desktop Extension service.</li><ol><li>The agent is the **Modern Workplace - Autopatch Client setup** PowerShell script that was created during the Windows Autopatch tenant enrollment process. The script is executed once devices are successfully registered into the Windows Autopatch service.</li></ol> |
-| **Step 9: Review device registration status** | IT admins review the device registration status in both the **Registered** and **Not registered** tabs.<ol><li>If the device was **successfully registered**, the device shows up in the **Registered** tab.</li><li>If **not**, the device shows up in the **Not registered** tab.</li></ol> |
-| **Step 10: End of registration workflow** | This is the end of the Windows Autopatch device registration workflow. |
-
-## Detailed prerequisite check workflow diagram
-
-As described in **step #4** in the previous [Detailed device registration workflow diagram](#detailed-device-registration-workflow-diagram), the following diagram is a visual representation of the prerequisite construct for the Windows Autopatch device registration process. The prerequisite checks are sequentially performed.
-
-:::image type="content" source="../media/windows-autopatch-prerequisite-check-workflow-diagram.png" alt-text="Detailed prerequisite check workflow diagram" lightbox="../media/windows-autopatch-prerequisite-check-workflow-diagram.png":::
+For more information about the device registration workflow, see the [Detailed device registration workflow diagram](../deploy/windows-autopatch-register-devices.md#detailed-device-registration-workflow-diagram) section for more technical details behind the Windows Autopatch device registration process.
 
 ## Windows Autopatch deployment rings
 
-During the tenant enrollment process, Windows Autopatch creates two different deployment ring sets:
+> [!CAUTION]
+> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won’t be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.<p>Additionally, it's not supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.</p>
 
-- [Service-based deployment ring set](../deploy/windows-autopatch-groups-overview.md#service-based-deployment-rings)
-- [Software update-based deployment ring set](../deploy/windows-autopatch-groups-overview.md#software-based-deployment-rings)
+When you [start using Autopatch](../prepare/windows-autopatch-feature-activation.md), Windows Autopatch creates the following deployment ring set to organize devices.
 
-The following four Microsoft Entra ID assigned groups are used to organize devices for the service-based deployment ring set:
-
-| Service-based deployment ring | Description |
-| ----- | ----- |
+| Deployment ring | Description |
+| --- | --- |
 | Modern Workplace Devices-Windows Autopatch-Test | Deployment ring for testing service-based configuration, app deployments prior production rollout |
 | Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters. |
 | Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
 | Modern Workplace Devices-Windows Autopatch-Broad | Final deployment ring for broad rollout into the organization |
 
-The five Microsoft Entra ID assigned groups that are used to organize devices for the software update-based deployment ring set within the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition):
-
-| Software updates-based deployment ring | Description |
-| ----- | ----- |
-| Windows Autopatch - Test | Deployment ring for testing software updates-based deployments prior production rollout. |
-| Windows Autopatch - Ring1 | First production deployment ring for early adopters. |
-| Windows Autopatch - Ring2 | Fast deployment ring for quick rollout and adoption. |
-| Windows Autopatch - Ring3 | Final deployment ring for broad rollout into the organization. |
-| Windows Autopatch - Last | Optional deployment ring for specialized devices or VIP/executives that must receive software update deployments after it's well tested with early and general populations in an organization. |
-
-In the software-based deployment ring set, each deployment ring has a different set of update deployment policies to control the updates rollout.
-
 > [!CAUTION]
-> Adding or importing devices directly into any of these groups isn't supported. Doing so might affect the Windows Autopatch service. To move devices between these groups, see [Moving devices in between deployment rings](#moving-devices-in-between-deployment-rings).
+> Adding or importing devices directly into any of these groups isn't supported. Doing so might affect the Windows Autopatch service. To move devices between these groups, see [Move devices in between deployment rings](../deploy/windows-autopatch-register-devices.md#move-devices-in-between-deployment-rings).
 
 > [!IMPORTANT]
-> Windows Autopatch device registration doesn't assign devices to the Test deployment rings of either the service-based (**Modern Workplace Devices-Windows Autopatch-Test**), or software updates-based (**Windows Autopatch - Test and Windows Autopatch - Last**) in the Default Autopatch group. This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments.
-
-During the device registration process, Windows Autopatch assigns each device to a [service-based and software-update based deployment ring](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings) so that the service has the proper representation of device diversity across your organization.
+> Windows Autopatch device registration doesn't assign devices to the Test deployment rings of either the service-based (**Modern Workplace Devices-Windows Autopatch-Test**), or your Autopatch groups. This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments.
 
+During the device registration process, Windows Autopatch assigns each device to a deployment ring so that the service has the proper representation of device diversity across your organization.
 The deployment ring distribution is designed to release software update deployments to as few devices as possible to get the signals needed to make a quality evaluation of a given update deployment.
 
-> [!NOTE]
-> You can't create additional deployment rings or use your own rings for devices managed by the Windows Autopatch service.
+### Device record and deployment ring assignment
 
-## Default deployment ring calculation logic
+Registering your devices with Windows Autopatch does the following:
 
-The Windows Autopatch deployment ring calculation occurs during the device registration process and it applies to both the [service-based and the software update-based deployment ring sets](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings):
+1. Makes a record of devices in the service.
+2. Assign devices to the [deployment ring set](#default-deployment-ring-calculation-logic) and other groups required for software update management.
+
+### Default deployment ring calculation logic
+
+The Windows Autopatch deployment ring calculation occurs during the device registration process:
 
 - If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is First **(5%)**, Fast **(15%)**, remaining devices go to the Broad ring **(80%)**.
-- If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**.
+- If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment is First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**.
 
 > [!NOTE]
-> You can customize the deployment ring calculation logic by editing the Default Autopatch group.
+> You can customize the deployment ring calculation logic by [editing an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group).
 
-| Service-based deployment ring | Default Autopatch group deployment ring | Default device balancing percentage | Description |
-| ----- | ----- | ----- | ----- |
-| Test | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0-500** devices: minimum **one** device.</li><li>**500-5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
-| First | Ring 1 |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
-| Fast | Ring 2 | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
-| Broad | Ring 3 | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.|
-| N/A | Last | **zero** | The Last ring is intended to be used for either specialized devices or devices that belong to VIP/executives in an organization. Windows Autopatch doesn't automatically add devices to this deployment ring. |
-
-## Software update-based to service-based deployment ring mapping
-
-There's a one-to-one mapping in between the service-based and software updates-based deployment rings introduced with Autopatch groups. This mapping is intended to help move devices in between deployment rings for other software update workloads that don't yet support Autopatch groups such as Microsoft 365 Apps and Microsoft Edge.
-
-| If moving a device to | The device also moves to |
-| ----- | ----- |
-| Windows Autopatch - Test | Modern Workplace Devices-Windows Autopatch-Test |
-| Windows Autopatch - Ring1 | Modern Workplace Devices-Windows Autopatch-First |
-| Windows Autopatch - Ring2 | Modern Workplace Devices-Windows Autopatch-Fast |
-| Windows Autopatch - Ring3 | Modern Workplace Devices-Windows Autopatch-Broad |
-| Windows Autopatch - Last | Modern Workplace Devices-Windows Autopatch-Broad |
-
-If your Autopatch groups have more than five deployment rings, and you must move devices to deployment rings after Ring3. For example, `<Autopatch group name - Ring4, Ring5, Ring6, etc.>`. The devices will be moved to **Modern Workplace Devices-Windows Autopatch-Broad**.
-
-## Moving devices in between deployment rings
-
-If you want to move devices to different deployment rings (either service or software update-based), after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Registered** tab.
-
-> [!IMPORTANT]
-> You can only move devices in between deployment rings within the **same** Autopatch group. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you'll receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
-
-**To move devices in between deployment rings:**
-
-> [!NOTE]
-> You can only move devices to other deployment rings when they're in an active state in the **Registered** tab.
-
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
-1. In the **Windows Autopatch** section, select **Devices**.
-1. In the **Registered** tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
-1. Select **Device actions** from the menu.
-1. Select **Assign ring**. A fly-in opens.
-1. Use the dropdown menu to select the deployment ring to move devices to, and then select Save. The Ring assigned by column will change to Pending.
-1. When the assignment is complete, the **Ring assigned by** column changes to Admin (which indicates that you made the change) and the **Ring** column shows the new deployment ring assignment.
-
-If you don't see the Ring assigned by column change to **Pending** in Step 5, check to see whether the device exists in Microsoft Intune or not by searching for it in its device blade. For more information, see [Device details in Intune](/mem/intune/remote-actions/device-inventory).
-
-> [!WARNING]
-> Moving devices between deployment rings through directly changing Microsoft Entra group membership isn't supported and may cause unintended configuration conflicts within the Windows Autopatch service. To avoid service interruption to devices, use the **Assign device to ring** action described previously to move devices between deployment rings.
+| Deployment ring | Default device balancing percentage | Description |
+| --- | --- | --- |
+| Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0-500** devices: minimum **one** device.</li><li>**500-5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates before reaching production users. |
+| First |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
+| Fast | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
+| Broad | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.|
+| N/A | **zero** | The Last ring is intended to be used for either specialized devices or devices that belong to VIP/executives in an organization. Windows Autopatch doesn't automatically add devices to this deployment ring. |
 
 ## Automated deployment ring remediation functions
 
-Windows Autopatch monitors device membership in its deployment rings, except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test** and **Windows Autopatch - Last** rings, to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings. These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either:
+Windows Autopatch monitors device membership in its deployment rings, except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test** and **Windows Autopatch - Last** rings, to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings. These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either:
 
 - Changes performed by the IT admin on objects created by the Windows Autopatch tenant enrollment process, or
-- An issue occurred which prevented devices from getting a deployment ring assigned during the device registration process.
+- An issue occurred which prevented devices from getting a deployment ring assigned during the device registration process.
 
 There are two automated deployment ring remediation functions:
 
 | Function | Description |
 | ----- | ----- |
-| Check device deployment ring membership | Every hour, Windows Autopatch checks to see if any of its managed devices aren't part of one of the deployment rings. If a device isn't part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test and Windows Autopatch - Last** rings). |
-| Multi-deployment ring device remediator | Every hour, Windows Autopatch checks to see if any of its managed devices are part of multiple deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test** and **Windows Autopatch - Last** rings). If a device is part of multiple deployment rings, Windows Autopatch randomly removes the device until the device is only part of one deployment ring. |
+| Check device deployment ring membership | Every hour, Windows Autopatch checks to see if any of its managed devices aren't part of one of the deployment rings. If a device isn't part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test and Windows Autopatch - Last** rings). |
+| Multi-deployment ring device remediator | Every hour, Windows Autopatch checks to see if any of its managed devices are part of multiple deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test** and **Windows Autopatch - Last** rings). If a device is part of multiple deployment rings, Windows Autopatch randomly removes the device until the device is only part of one deployment ring. |
 
 > [!IMPORTANT]
 > Windows Autopatch automated deployment ring functions don't assign or remove devices to or from the following deployment rings:<li>**Modern Workplace Devices-Windows Autopatch-Test**</li><li>**Windows Autopatch - Test**</li><li>**Windows Autopatch - Last**</li></ul>
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
deleted file mode 100644
index e541bf8d2e..0000000000
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ /dev/null
@@ -1,183 +0,0 @@
----
-title: Manage Windows Autopatch groups
-description: This article explains how to manage Autopatch groups
-ms.date: 12/13/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: andredm7
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Manage Windows Autopatch groups
-
-Autopatch groups help Microsoft Cloud-Managed services meet organizations where they are in their update management journey.
-
-Autopatch groups is a logical container or unit that groups several [Microsoft Entra groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates policy for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).
-
-## Autopatch groups prerequisites
-
-Before you start managing Autopatch groups, ensure you've met the following prerequisites:
-
-- Review [Windows Autopatch groups overview documentation](../deploy/windows-autopatch-groups-overview.md) to understand [key benefits](../deploy/windows-autopatch-groups-overview.md#key-benefits), [concepts](../deploy/windows-autopatch-groups-overview.md#key-concepts) and [common ways to use Autopatch groups](../deploy/windows-autopatch-groups-overview.md#common-ways-to-use-autopatch-groups) within your organization.
-- Ensure the following [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) are created in your tenant:
-	- Modern Workplace Update Policy [Test]-[Windows Autopatch]
-	- Modern Workplace Update Policy [First]-[Windows Autopatch]
-	- Modern Workplace Update Policy [Fast]-[Windows Autopatch]
-	- Modern Workplace Update Policy [Broad]-[Windows Autopatch]
-- Ensure the following [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) are created in your tenant:
-	- Windows Autopatch - DSS Policy [Test]
-	- Windows Autopatch - DSS Policy [First]
-	- Windows Autopatch - DSS Policy [Fast]
-	- Windows Autopatch - DSS Policy [Broad]
-- Ensure the following Microsoft Entra ID assigned groups are in your tenant before using Autopatch groups. **Don't** modify the Microsoft Entra group membership types (Assigned or Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups and causes the Autopatch groups feature and other service-related operations to not work properly.
-    - Modern Workplace Devices-Windows Autopatch-Test
-    - Modern Workplace Devices-Windows Autopatch-First
-    - Modern Workplace Devices-Windows Autopatch-Fast
-    - Modern Workplace Devices-Windows Autopatch-Broad
-    - Windows Autopatch - Test
-    - Windows Autopatch - Ring1
-    - Windows Autopatch - Ring2
-    - Windows Autopatch - Ring3
-    - Windows Autopatch - Last
-- Additionally, **don't** modify the Microsoft Entra group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** enterprise application as the owner of these groups.
-	- For more information, see [assign an owner or member of a group in Microsoft Entra ID](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) for steps on how to add owners to Azure Microsoft Entra groups.
-- Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality won't work properly. Autopatch uses app-only auth to:
-    - Read device attributes to successfully register devices.
-    - Manage all configurations related to the operation of the service.
-- Make sure that all device-based Microsoft Entra groups you intend to use with Autopatch groups are created prior to using the feature.
-    - Review your existing Microsoft Entra group dynamic queries and direct device memberships to avoid having device membership overlaps in between device-based Microsoft Entra groups that are going to be used with Autopatch groups. This can help prevent device conflicts within an Autopatch group or across several Autopatch groups. **Autopatch groups doesn't support user-based Microsoft Entra groups**.
-- Ensure devices used with your existing Microsoft Entra groups meet [device registration prerequisite checks](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration) when being registered with the service. Autopatch groups register devices on your behalf, and devices can be moved to **Registered** or **Not registered** tabs in the Devices blade accordingly.
-
-> [!TIP]
-> [Update rings](/mem/intune/protect/windows-10-update-rings) and [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies that are created and managed by Windows Autopatch can be restored using the [Policy health](../operate/windows-autopatch-policy-health-and-remediation.md) feature. For more information on remediation actions, see [restore Windows update policies](../operate/windows-autopatch-policy-health-and-remediation.md#restore-windows-update-policies).
-
-## Create a Custom Autopatch group
-
-> [!NOTE]
-> The Default Autopatch group is recommended for organizations that can meet their business needs using the pre-configured five deployment ring composition.
-
-**To create a Custom Autopatch group:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release management** blade, select **Autopatch groups**.
-1. In the **Autopatch groups** blade, select **Create**.
-1. In **Basics** page, enter a **name** and a **description** then select **Next: Deployment rings**.
-    1. Enter up to 64 characters for the Autopatch group name and 150 characters maximum for the description. The Autopatch group name is appended to both the update rings and the DSS policy names that get created once the Custom Autopatch group is created.
-1. In **Deployment rings** page, select **Add deployment ring** to add the number of deployment rings to the Custom Autopatch group.
-1. Each new deployment ring added must have either a Microsoft Entra device group assigned to it, or a Microsoft Entra group that is dynamically distributed across your deployments rings using defined percentages.
-    1. In the **Dynamic groups** area, select **Add groups** to select one or more existing device-based Microsoft Entra groups to be used for Dynamic group distribution.
-    1. In the **Dynamic group distribution** column, select the desired deployment ring checkbox. Then, either:
-        1. Enter the percentage of devices that should be added from the Microsoft Entra groups selected in step 9. The percentage calculation for devices must equal to 100%, or
-        1. Select **Apply default dynamic group distribution** to use the default values.
-1. In the **Assigned group** column, select **Add group to ring** to add an existing Microsoft Entra group to any of the defined deployment rings. The **Test** and **Last** deployment rings only support Assigned group distribution. These deployment rings don't support Dynamic distribution.
-1. Select **Next: Windows Update settings**.
-1. Select the **horizontal ellipses (…)** > **Manage deployment cadence** to [customize your gradual rollout of Windows quality and feature updates](../operate/windows-autopatch-windows-update.md). Select **Save**.
-1. Select the **horizontal ellipses (…)** > **Manage notifications** to customize the end-user experience when receiving Windows updates. Select **Save**.
-1. Select **Review + create** to review all changes made.
-1. Once the review is done, select **Create** to save your custom Autopatch group.
-
-> [!CAUTION]
-> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from finish creating or editing the Autopatch group (Default or Custom).
-
-> [!IMPORTANT]
-> Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
-
-## Edit the Default or a Custom Autopatch group
-
-> [!TIP]
-> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there's one or more on-going Windows feature update release targeted to this Autopatch group.**"
-> See [Manage Windows feature update releases](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md) for more information on release and phase statuses.
-
-**To edit either the Default or a Custom Autopatch group:**
-
-1. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
-1. You can only modify the **description** of the Default or a Custom Autopatch group. You **can't** modify the name. Once the description is modified, select **Next: Deployment rings**.
-1. Make the necessary changes in the **Deployment rings** page, then select **Next: Windows Update settings**.
-1. Make the necessary changes in the **Windows Update settings** page, then select **Next: Review + save**.
-1. Select **Review + create** to review all changes made.
-1. Once the review is done, select **Save** to finish editing the Autopatch group.
-
-> [!IMPORTANT]
-> Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
-
-## Rename a Custom Autopatch group
-
-You **can't** rename the Default Autopatch group. However, you can rename a Custom Autopatch group.
-
-**To rename a Custom Autopatch group:**
-
-1. Select the **horizontal ellipses (…)** > **Rename** for the Custom Autopatch group you want to rename. The **Rename Autopatch group** fly-in opens.
-1. In the **New Autopatch group name**, enter the new Autopatch group name of your choice, then click **Rename group**.
-
-> [!IMPORTANT]
-> Autopatch supports up to 64 characters for the custom Autopatch group name. Additionally, when you rename a custom Autopatch group all [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) associated with the custom Autopatch group are renamed to include the new Autopatch group name you define in its name string. Also, when renaming a custom Autopatch group all Microsoft Entra groups representing the custom Autopatch group's deployment rings are renamed to include the new Autopatch group name you define in its name string.
-
-## Delete a Custom Autopatch group
-
-You **can't** delete the Default Autopatch group. However, you can delete a Custom Autopatch group.
-
-**To delete a Custom Autopatch group:**
-
-1. Select the **horizontal ellipses (…)** > **Delete** for the Custom Autopatch group you want to delete.
-1. Select **Yes** to confirm you want to delete the Custom Autopatch group.
-
-> [!CAUTION]
-> You can't delete a Custom Autopatch group when it's being used as part of one or more active or paused feature update releases. However, you can delete a Custom Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses.
-
-## Manage device conflict scenarios when using Autopatch groups
-
-Overlap in device membership is a common scenario when working with device-based Microsoft Entra groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Microsoft Entra groups.
-
-Since Autopatch groups allow you to use your existing Microsoft Entra groups to create your own deployment ring composition, the service takes on the responsibility of monitoring and automatically solving some of the device conflict scenarios that may occur.
-
-> [!CAUTION]
-> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from creating or editing the Autopatch group (Default or Custom).
-
-### Device conflict in deployment rings within an Autopatch group
-
-Autopatch groups uses the following logic to solve device conflicts on your behalf within an Autopatch group:
-
-| Step | Description |
-| -----  | ----- |
-| Step 1: Checks for the deployment ring distribution type (**Assigned** or **Dynamic**) that the device belongs to. | For example, if a device is part of one deployment ring with **Dynamic** distribution (Ring3), and one deployment ring with **Assigned** distribution (Test,) within the same Autopatch group, the deployment ring with **Assigned** distribution (Test) takes precedence over the one with the **Dynamic** distribution type (Ring3). |
-| Step 2: Checks for deployment ring ordering when device belongs to one or more deployment ring with the same distribution type (**Assigned** or **Dynamic**) | For example, if a device is part of one deployment ring with **Assigned** distribution (Test), and in another deployment ring with **Assigned** distribution (Ring3) within the **same** Autopatch group, the deployment ring that comes later (Ring3) takes precedence over the deployment ring that comes earlier (Test) in the deployment ring order. |
-
-> [!IMPORTANT]
-> When a device belongs to a deployment ring that has combined distribution types (**Assigned** and **Dynamic**), and a deployment ring that has only the **Dynamic** distribution type, the deployment ring with the combined distribution types takes precedence over the one with only the **Dynamic** distribution. If a device belongs to two deployment rings that have combined distribution types (**Assigned** and **Dynamic**), the deployment ring that comes later takes precedence over the deployment ring that comes earlier in the deployment ring order.
-
-### Device conflict across different Autopatch groups
-
-Device conflict across different deployment rings in different Autopatch groups may occur, review the following examples about how the Windows Autopatch services handles the following scenarios:
-
-#### Default to Custom Autopatch group device conflict
-
-| Conflict scenario | Conflict resolution |
-| -----  | ----- |
-| You, the IT admin at Contoso Ltd., starts using only the Default Autopatch group, but later decides to create an Autopatch group called "Marketing".<p>However, you notice that the same devices that belong to the deployment rings in the Default Autopatch group are now also part of the new deployment rings in the Marketing Autopatch group.</p> | Autopatch groups automatically resolve this conflict on your behalf.<p>In this example, devices that belong to the deployment rings as part of the "Marketing" Autopatch group take precedence over devices that belong to the deployment ring in the Default Autopatch group, because you, the IT admin, demonstrated clear intent on managing deployment rings using a Custom Autopatch group outside the Default Autopatch group.</p> |
-
-#### Custom to Custom Autopatch group device conflict
-
-| Conflict scenario | Conflict resolution |
-| -----  | ----- |
-| You, the IT admin at Contoso Ltd., are using several Custom Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade (**Not ready** tab), you notice that the same device is part of different deployment rings across several different Custom Autopatch groups. | You must resolve this conflict.<p>Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You're required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to.</p> |
-
-#### Device conflict prior to device registration
-
-When you create or edit the Custom or Default Autopatch group, Windows Autopatch checks if the devices that are part of the Microsoft Entra groups, used in Autopatch groups' deployment rings, are registered with the service.
-
-| Conflict scenario | Conflict resolution |
-| -----  | ----- |
-| Devices are in the Custom-to-Custom Autopatch group device conflict scenario | You must resolve this conflict.<p>Devices will fail to register with the service and will be sent to the **Not registered** tab. You're required to make sure the Microsoft Entra groups that are used with the Custom Autopatch groups don't have device membership overlaps.</p> |
-
-#### Device conflict post device registration
-
-Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
index 2e2ab90f1a..b397788c4b 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
@@ -1,10 +1,10 @@
 ---
 title: Windows Autopatch groups overview
 description: This article explains what Autopatch groups are
-ms.date: 07/20/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -15,13 +15,19 @@ ms.collection:
   - tier1
 ---
 
-# Windows Autopatch groups overview
+# Windows Autopatch groups
 
-As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they're challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they’re challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions.
 
 ## What are Windows Autopatch groups?
 
-Autopatch groups is a logical container or unit that groups several [Microsoft Entra groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).
+An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/entra/fundamentals/groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).
+
+Autopatch groups are intended to help organizations that require a more precise representation of their organization's structures along with their own update deployment cadence in the service.
+
+By default, an Autopatch group has the Test and Last deployment rings automatically present. For more information, see [Test and Last deployment rings](#test-and-last-deployment-rings).
 
 ## Key benefits
 
@@ -31,101 +37,41 @@ Autopatch groups help Microsoft Cloud-Managed services meet organizations where
 | ----- | ----- |
 | Replicating your organizational structure | You can set up Autopatch groups to replicate your organizational structures represented by your existing device-based Microsoft Entra group targeting logic. |
 | Having a flexible number of deployments | Autopatch groups give you the flexibility of having the right number of deployment rings that work within your organization. You can set up to 15 deployment rings per Autopatch group. |
-| Deciding which device(s) belong to deployment rings | Along with using your existing device-based Microsoft Entra groups and choosing the number of deployment rings, you can also decide which devices belong to deployment rings during the device registration process when setting up Autopatch groups. |
+| Deciding which devices belong to deployment rings | Along with using your existing device-based Microsoft Entra groups and choosing the number of deployment rings, you can also decide which devices belong to deployment rings during the device distribution process when setting up Autopatch groups. |
 | Choosing the deployment cadence | You choose the right software update deployment cadence for your business. |
 
+## Prerequisites
+
+Before you start managing Autopatch groups, ensure you meet the following prerequisites:
+
+| Prerequisite | Details |
+| --- | --- |
+| Review [Windows Autopatch groups overview documentation](../deploy/windows-autopatch-groups-overview.md) | Understand [key benefits](../deploy/windows-autopatch-groups-overview.md#key-benefits) and [common ways to use Autopatch groups](../deploy/windows-autopatch-groups-overview.md#common-ways-to-use-autopatch-groups) within your organization. |
+| Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../monitor/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality doesn't work properly. Autopatch uses app-only auth to: |<ul><li>Read device attributes to successfully register devices.</li><li>Manage all configurations related to the operation of the service.</li></ul> |
+| Make sure that all device-based Microsoft Entra groups you intend to use with Autopatch groups are created before using the feature. | Review your existing Microsoft Entra group dynamic queries and direct device memberships to:<ul><li>Avoid having device membership overlaps in between device-based Microsoft Entra groups that are going to be used with Autopatch groups.</li><li>Prevent device conflicts within an Autopatch group or across several Autopatch groups. **Autopatch groups doesn't support user-based Microsoft Entra groups**.</li></ul> |
+| Ensure devices used with your existing Microsoft Entra groups meet [device registration prerequisite checks](../deploy/windows-autopatch-device-registration-overview.md#prerequisites-for-device-registration) when being registered with the service | Autopatch groups register devices on your behalf, and device readiness states are determined based on the registration state and if any applicable alerts are targeting the device. For more information, see the [Devices report](../deploy/windows-autopatch-register-devices.md#devices-report). |
+
+> [!TIP]
+> [Update rings](/mem/intune/protect/windows-10-update-rings) and [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies that are created and managed by Windows Autopatch can be restored using the [Policy health](../monitor/windows-autopatch-policy-health-and-remediation.md) feature. For more information on remediation actions, see [restore Windows update policies](../monitor/windows-autopatch-policy-health-and-remediation.md#restore-missing-windows-update-policies).
+
+## Register devices into Autopatch groups
+
+Autopatch groups register devices with the Windows Autopatch service when you either [create](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) or [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group). For more information, see [Register devices into Autopatch groups](../deploy/windows-autopatch-register-devices.md#register-devices-into-autopatch-groups).
+
 ## High-level architecture diagram overview
 
 :::image type="content" source="../media/windows-autopatch-groups-high-level-architecture-diagram.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-groups-high-level-architecture-diagram.png":::
 
-Autopatch groups is a function app that is part of the device registration micro service within the Windows Autopatch service. The following table explains the high-level workflow:
+An Autopatch group is a function app that is part of the device registration micro service within the Windows Autopatch service. The following table explains the high-level workflow:
 
 | Step | Description |
 | ----- | ----- |
-| Step 1: Create an Autopatch group | Create an Autopatch group. |
-| Step 2: Windows Autopatch uses Microsoft Graph to create Microsoft Entra ID and policy assignments | Windows Autopatch service uses Microsoft Graph to coordinate the creation of:<ul><li>Microsoft Entra groups</li><li>Software update policy assignments with other Microsoft services, such as Microsoft Entra ID, Intune, and Windows Update for Business (WUfB) based on IT admin choices when you create or edit an Autopatch group.</li></ul> |
+| Step 1: Create an Autopatch group | Create an Autopatch group. Autopatch groups register devices with the Windows Autopatch service when you either [create](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) or [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group). |
+| Step 2: Windows Autopatch uses Microsoft Graph to create Microsoft Entra ID and policy assignments | Windows Autopatch service uses Microsoft Graph to coordinate the creation of:<ul><li>Microsoft Entra groups</li><li>Software update policy assignments with other Microsoft services, such as Microsoft Entra ID, Intune, and Windows Update for Business (WUfB) based on IT admin choices when you [create](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) or [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group).</li></ul> |
 | Step 3: Intune assigns software update policies | Once Microsoft Entra groups are created in the Microsoft Entra service, Intune is used to assign the software update policies to these groups and provide the number of devices that need the software update policies to the Windows Update for Business (WUfB) service. |
 | Step 4: Windows Update for Business responsibilities | Windows Update for Business (WUfB) is the service responsible for:<ul><li>Delivering those update policies</li><li>Retrieving update deployment statuses back from devices</li><li>Sending back the status information to Microsoft Intune, and then to the Windows Autopatch service</li></ul> |
 
-## Key concepts
-
-There are a few key concepts to be familiar with before using Autopatch groups.
-
-### About the Default Autopatch group
-
-> [!NOTE]
-> The Default Autopatch group is recommended for organizations that can meet their business needs using the pre-configured five deployment ring composition.
-
-The Default Autopatch group uses Windows Autopatch's default update management process recommendation. The Default Autopatch group contains:
-
-- A set of **[five deployment rings](#default-deployment-ring-composition)**
-- A default update deployment cadence for both [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md) and [feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md).
-
-The Default Autopatch group is intended to serve organizations that are looking to:
-
-- Enroll into the service
-- Align to Windows Autopatch's default update management process without requiring more customizations.
-
-The Default Autopatch group **can't** be deleted or renamed. However, you can customize its deployment ring composition to add and/or remove deployment rings, and you can also customize the update deployment cadences for each deployment ring within it.
-
-#### Default deployment ring composition
-
-By default, the following [software update-based deployment rings](#software-based-deployment-rings), represented by Microsoft Entra ID assigned groups, are used:
-
-- Windows Autopatch - Test
-- Windows Autopatch - Ring1
-- Windows Autopatch - Ring2
-- Windows Autopatch - Ring3
-- Windows Autopatch - Last
-
-**Windows Autopatch - Test** and **Last** can be only used as **Assigned** device distributions. **Windows Autopatch - Ring1**, **Ring2** and **Ring3** can be used with either **Assigned** or **Dynamic** device distributions, or have a combination of both device distribution types.
-
-> [!TIP]
-> For more information about the differences between **Assigned** and **Dynamic** deployment ring distribution types, see [about deployment rings](#about-deployment-rings). Only deployment rings that are placed in between the **Test** and the **Last** deployment rings can be used with the **Dynamic** deployment ring distributions.
-
-> [!CAUTION]
-> These and other Microsoft Entra ID assigned groups created by Autopatch groups **can't** be missing in your tenant, otherwise, Autopatch groups might not function properly.
-
-The **Last** deployment ring, the fifth deployment ring in the Default Autopatch group, is intended to provide coverage for scenarios where a group of specialized devices and/or VIP/Executive users. They must receive software update deployments after the organization's general population to mitigate disruptions to your organization's critical businesses.
-
-#### Default update deployment cadences
-
-The Default Autopatch group provides a default update deployment cadence for its deployment rings except for the **Last** (fifth) deployment ring.
-
-##### Update rings policy for Windows 10 and later
-
-Autopatch groups set up the [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) for each of its deployment rings in the Default Autopatch group. See the following default policy values:
-
-| Policy name | Microsoft Entra group assignment | Quality updates deferral in days | Feature updates deferral in days | Feature updates uninstall window in days | Deadline for quality updates in days | Deadline for feature updates in days | Grace period | Auto restart before deadline |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch Update Policy - default - Test | Windows Autopatch - Test | 0 | 0 | 30 | 0 | 5 | 0 | Yes |
-| Windows Autopatch Update Policy - default - Ring1 | Windows Autopatch - Ring1 | 1 | 0 | 30 | 2 | 5 |2 | Yes |
-| Windows Autopatch Update Policy - default - Ring2 | Windows Autopatch - Ring2 | 6 | 0 | 30 | 2 | 5 | 2 | Yes |
-| Windows Autopatch Update Policy - default - Ring3 | Windows Autopatch - Ring3 | 9 | 0 | 30 | 5 | 5 | 2 | Yes |
-| Windows Autopatch Update Policy - default - Last | Windows Autopatch - Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes |
-
-##### Feature update policy for Windows 10 and later
-
-Autopatch groups set up the [feature updates for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates) for each of its deployment rings in the Default Autopatch group, see the following default policy values:
-
-| Policy name | Microsoft Entra group assignment |Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy [Test] | Windows Autopatch - Test | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024; 1:00AM |
-| Windows Autopatch - DSS Policy [Ring1] | Windows Autopatch - Ring1 | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024; 1:00AM |
-| Windows Autopatch - DSS Policy [Ring2] | Windows Autopatch - Ring2 | Windows 10 21H2 | Make update available as soon as possible | December 14, 2022 | December 21, 2022 | 1 | June 11, 2024; 1:00AM |
-| Windows Autopatch - DSS Policy [Ring3] | Windows Autopatch - Ring3 | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024; 1:00AM |
-| Windows Autopatch - DSS Policy [Last] | Windows Autopatch - Last | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024; 1:00AM |
-
-### About Custom Autopatch groups
-
-> [!NOTE]
-> The [Default Autopatch group](#about-the-default-autopatch-group) is recommended for organizations that can meet their business needs using the pre-configured five deployment ring composition.
-
-Custom Autopatch groups are intended to help organizations that require a more precise representation of their organization's structures along with their own update deployment cadence in the service.
-
-By default, a Custom Autopatch group has the Test and Last deployment rings automatically present. For more information, see [Test and Last deployment rings](#about-the-test-and-last-deployment-rings).
-
-### About deployment rings
+## Autopatch group deployment rings
 
 Deployment rings make it possible for an Autopatch group to have software update deployments sequentially delivered in a gradual rollout within the Autopatch group.
 
@@ -137,92 +83,38 @@ Windows Autopatch aligns with Microsoft Entra ID and Intune terminology for devi
 | Assigned | You can use one single device-based Microsoft Entra group, either dynamic query-based, or assigned to use in your deployment ring composition. |
 | Combination of Dynamic and Assigned | To provide a greater level of flexibility when working on deployment ring compositions, you can combine both device distribution types in Autopatch groups.<p>The combination of Dynamic and Assigned device distribution is **not** supported for the Test and Last deployment ring in Autopatch groups.</p> |
 
-#### About the Test and Last deployment rings
+### Test and Last deployment rings
 
-Both the **Test** and **Last** deployment rings are default deployment rings that are automatically present in the Default Autopatch group and Custom Autopatch groups. These default deployment rings provide the recommended minimum number of deployment rings that an Autopatch group should have.
+Both the **Test** and **Last** deployment rings are default deployment rings that are automatically present in an Autopatch group. These default deployment rings provide the recommended minimum number of deployment rings that an Autopatch group should have.
 
-If you only keep Test and Last deployment rings in your Default Autopatch group, or you don't add more deployment rings when creating a Custom Autopatch group, the Test deployment ring can be used as the pilot deployment ring and Last can be used as the production deployment ring.
+If you don't add more deployment rings when creating an Autopatch group, the Test deployment ring can be used as the pilot deployment ring and Last can be used as the production deployment ring.
 
 > [!IMPORTANT]
-> Both the **Test** and **Last** deployment rings **can't** be removed or renamed from the Default or Custom Autopatch groups. Autopatch groups don't support the use of one single deployment ring as part of its deployment ring composition because you need at least two deployment rings for their gradual rollout. If you must implement a specific scenario with a single deployment ring, and gradual rollout isn't required, consider managing these devices outside Windows Autopatch.
+> Both the **Test** and **Last** deployment rings **can't** be removed or renamed from Autopatch groups. Autopatch groups don't support the use of one single deployment ring as part of its deployment ring composition because you need **at least two deployment rings** for their gradual rollout. If you must implement a specific scenario with a single deployment ring, and gradual rollout isn't required, consider managing these devices outside Autopatch groups.
 
 > [!TIP]
 > Both the **Test** and **Last** deployment rings only support one single Microsoft Entra group assignment at a time. If you need to assign more than one Microsoft Entra group, you can nest the other Microsoft Entra groups under the ones you plan to use with the **Test** and **Last** deployment rings. Only one level of Microsoft Entra group nesting is supported.
 
-#### Service-based versus software update-based deployment rings
-
-Autopatch groups creates two different layers. Each layer contains its own deployment ring set.
-
-> [!IMPORTANT]
-> Both service-based and software update-based deployment ring sets are, by default, assigned to devices that successfully register with Windows Autopatch.
-
-##### Service-based deployment rings
-
-The service-based deployment ring set is exclusively used to keep Windows Autopatch updated with both service and device-level configuration policies, apps and APIs needed for core functions of the service.
-
-The following are the Microsoft Entra ID assigned groups that represent the service-based deployment rings. These groups can't be deleted or renamed:
-
-- Modern Workplace Devices-Windows Autopatch-Test
-- Modern Workplace Devices-Windows Autopatch-First
-- Modern Workplace Devices-Windows Autopatch-Fast
-- Modern Workplace Devices-Windows Autopatch-Broad
-
-> [!CAUTION]
-> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly. <p>Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.</p>
-
-##### Software-based deployment rings
-
-The software-based deployment ring set is exclusively used with software update management policies, such as the Windows update ring and feature update policies, in the Default Windows Autopatch group.
-
-The following are the Microsoft Entra ID assigned groups that represent the software updates-based deployment rings. These groups can't be deleted or renamed:
-
-- Windows Autopatch - Test
-- Windows Autopatch - Ring1
-- Windows Autopatch - Ring2
-- Windows Autopatch - Ring3
-- Windows Autopatch - Last
-
-> [!IMPORTANT]
-> Additional Microsoft Entra ID assigned groups are created and added to list when you add more deployment rings to the Default Autopatch group.
-
-> [!CAUTION]
-> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly. <p>Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.</p>
-
-### About device registration
-
-Autopatch groups register devices with the Windows Autopatch service when you either [create](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) or [edit a Custom Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group), and/or when you [edit the Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to use your existing Microsoft Entra groups instead of the Windows Autopatch Device Registration group provided by the service.
-
 ## Common ways to use Autopatch groups
 
 The following are three common uses for using Autopatch groups.
 
 ### Use case #1
 
-> [!NOTE]
-> The [Default Autopatch group](#about-the-default-autopatch-group) is recommended for organizations that can meet their business needs using the pre-configured five deployment ring composition.
-
 | Scenario | Solution |
 | ----- | ----- |
-| You're working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You don't have extra time to spend setting up and managing several Autopatch groups.<p>Your organization currently operates its update management by using five deployment rings, but there's an opportunity to have flexible deployment cadences if it's precommunicated to your end-users.</p> | If you don't have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.<p>The Default Autopatch group is preconfigured and doesn't require extra configurations when registering devices with the Windows Autopatch service.</p><p>The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service.</p> |
-
-:::image type="content" source="../media/autopatch-groups-default-autopatch-group.png" alt-text="Default Autopatch group" lightbox="../media/autopatch-groups-default-autopatch-group.png":::
-
-### Use case #2
-
-| Scenario | Solution |
-| ----- | ----- |
-| You're working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units. For example, you can create a Custom Autopatch group for the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and then for the business.<p>The following is a visual representation of a gradual rollout for Contoso's Finance department.</p> |
+| You're working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create an Autopatch group for each of your business units. For example, you can create an Autopatch group for the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and then for the business.<p>The following is a visual representation of a gradual rollout for Contoso’s Finance department.</p> |
 
 :::image type="content" source="../media/autopatch-groups-finance-department-example.png" alt-text="Finance department example" lightbox="../media/autopatch-groups-finance-department-example.png":::
 
 > [!IMPORTANT]
 > Once Autopatch groups are setup, the release of either Windows quality or feature updates will be deployed sequentially through its deployment rings.
 
-### Use case #3
+### Use case #2
 
 | Scenario | Solution |
 | ----- | ----- |
-| You're working as the IT admin at Contoso Ltd. Your branch location in Chicago needs to plan a gradual rollout of software updates within specific departments to make sure the Chicago office doesn't experience disruptions in its operations. | You can create a Custom Autopatch group for the branch location in Chicago and breakdown the deployment ring composition per the departments within the branch location.<p>The following is a visual representation of a gradual rollout for the Contoso Chicago branch location.</p> |
+| You're working as the IT admin at Contoso Ltd. Your branch location in Chicago needs to plan a gradual rollout of software updates within specific departments to make sure the Chicago office doesn’t experience disruptions in its operations. | You can create an Autopatch group for the branch location in Chicago and breakdown the deployment ring composition per the departments within the branch location.<p>The following is a visual representation of a gradual rollout for the Contoso Chicago branch location.</p> |
 
 :::image type="content" source="../media/autopatch-groups-contoso-chicago-example.png" alt-text="Contoso Chicago example" lightbox="../media/autopatch-groups-contoso-chicago-example.png":::
 
@@ -235,16 +127,19 @@ The following configurations are supported when using Autopatch groups.
 
 ### Software update workloads
 
-Autopatch groups works with the following software update workloads:
+Autopatch groups work with the following software update workloads:
 
-- [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md)
-- [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
+- [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)
+- [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md)
+- [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
+- [Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md)
+- [Microsoft Edge](../manage/windows-autopatch-edge.md)
 
 ### Maximum number of Autopatch groups
 
-Windows Autopatch supports up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings.
+Windows Autopatch supports up to 50 Autopatch groups in your tenant. Each Autopatch group supports up to 15 deployment rings.
 
-> [!TIP]
-> If you reach the maximum number of Autopatch groups supported (50), and try to create more Custom Autopatch groups, the "**Create**" option in the Autopatch groups blade will be greyed out.
+> [!NOTE]
+> If you reach the maximum number of Autopatch groups supported (50), and try to create more Autopatch groups, the "Create" option in the Autopatch groups blade will be greyed out.
 
-To manage your Autopatch groups, see [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).
+To manage your Autopatch groups, see [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md).
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
index e48ce95422..c5f450553f 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
@@ -1,10 +1,10 @@
 ---
 title: Post-device registration readiness checks
 description: This article details how post-device registration readiness checks are performed in Windows Autopatch
-ms.date: 09/16/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -15,14 +15,13 @@ ms.collection:
   - tier1
 ---
 
-# Post-device registration readiness checks (public preview)
+# Post-device registration readiness checks
 
-> [!IMPORTANT]
-> This feature is in "public preview". It is being actively developed, and may not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios, and provide feedback.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
 One of the most expensive aspects of the software update management process is to make sure devices are always healthy to receive and report software updates for each software update release cycle.
 
-Having a way of measuring, quickly detecting and remediating when something goes wrong with on-going change management processes is important; it helps mitigate high Helpdesk ticket volumes, reduces cost, and improves overall update management results.
+Having a way of measuring, quickly detecting and remediating when something goes wrong with ongoing change management processes is important; it helps mitigate high Helpdesk ticket volumes, reduces cost, and improves overall update management results.
 
 Windows Autopatch provides proactive device readiness information about devices that are and aren't ready to be fully managed by the service. IT admins can easily detect and fix device-related issues that are preventing them from achieving their update management compliance report goals.
 
@@ -37,13 +36,13 @@ Device readiness in Windows Autopatch is divided into two different scenarios:
 
 ### Device readiness checks available for each scenario
 
-| Required device readiness (prerequisite checks) prior to device registration (powered by Intune Graph API)  | Required post-device registration readiness checks (powered by Microsoft Cloud Managed Desktop Extension) |
+| Required device readiness (prerequisite checks) before device registration (powered by Intune Graph API)  | Required post-device registration readiness checks (powered by Microsoft Cloud Managed Desktop Extension) |
 | ----- | ----- |
-| <ul><li>Windows OS (build, architecture and edition)</li></li><li>Managed by either Intune or ConfigMgr co-management</li><li>ConfigMgr co-management workloads</li><li>Last communication with Intune</li><li>Personal or non-Windows devices</li></ul> | <ul><li>Windows OS (build, architecture and edition)</li><li>Windows updates & Office Group Policy Object (GPO) versus Intune mobile device management (MDM) policy conflict</li><li>Bind network endpoints (Microsoft Defender, Microsoft Teams, Microsoft Edge, Microsoft Office)</li><li>Internet connectivity</li></ul> |
+| <ul><li>Windows OS (build, architecture, and edition)</li></li><li>Managed by either Intune or ConfigMgr co-management</li><li>ConfigMgr co-management workloads</li><li>Last communication with Intune</li><li>Personal or non-Windows devices</li></ul> | <ul><li>Windows OS (build, architecture, and edition)</li><li>Windows updates & Office Group Policy Object (GPO) versus Intune mobile device management (MDM) policy conflict</li><li>Bind network endpoints (Microsoft Defender, Microsoft Teams, Microsoft Edge, Microsoft Office)</li><li>Internet connectivity</li></ul> |
 
-The status of each post-device registration readiness check is shown in the Windows Autopatch's Devices blade under the **Not ready** tab. You can take appropriate action(s) on devices that aren't ready to be fully managed by the Windows Autopatch service.
+The status of each post-device registration readiness check is shown in the Windows Autopatch's Devices blade under the **Not registered** tab. You can take appropriate actions on devices that aren't ready to be fully managed by the Windows Autopatch service.
 
-## About the three tabs in the Devices blade
+## Devices blade: Registered and Not registered tabs
 
 You deploy software updates to secure your environment, but these deployments only reach healthy and active devices. Unhealthy or not ready devices affect the overall software update compliance.
 
@@ -52,13 +51,12 @@ Figuring out device health can be challenging and disruptive to the end user whe
 - Obtain proactive data sent by the device to the service, or
 - Proactively detect and remediate issues
 
-Windows Autopatch has three tabs within its Devices blade. Each tab is designed to provide a different set of device readiness statuses so IT admins know where to go to monitor, and remediate potential device health issues:
+Windows Autopatch has devices readiness states within its [**Devices report**](../deploy/windows-autopatch-register-devices.md#devices-report). Each state provides IT admins monitoring information on which devices might have potential device health issues.
 
 | Tab | Description |
 | ----- | ----- |
-| Ready | This tab only lists devices with the **Active** status. Devices with the **Active** status successfully:<ul><li>Passed the prerequisite checks.</li><li>Registered with Windows Autopatch.</li></ul>This tab also lists devices that have passed all postdevice registration readiness checks. |
-| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.<ul><li>**Readiness failed status**: Devices that didn't pass one or more post-device registration readiness checks.</li><li>**Inactive**: Devices that haven't communicated with the Microsoft Intune service in the last 28 days.</li></ul> |
-| Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn't pass one or more prerequisite checks during the device registration process. |
+| Registered |<ul><li>**Ready**</li><ul><li>Passed the prerequisite checks</li><li>Registered with Windows Autopatch</li><li>No active alerts targeted to the device</li></ul><li>**Not Ready**</li><ul><li>Devices that didn’t pass one or more post-device registration readiness checks</li><li>Devices that didn't communicate with the Microsoft Intune service in the last 28 days</li></ul></ul> |
+| Not registered |<ul><li>**Prerequisite failed**<ul><li>Devices with the **Prerequisite failed** status didn't pass one or more prerequisite checks during the device registration process.</li></ul><li>**Excluded**</li><ul><li>Devices with the Excluded status are removed from the Windows Autopatch service</li></ul></ul>|
 
 ## Details about the post-device registration readiness checks
 
@@ -68,7 +66,7 @@ A healthy or active device in Windows Autopatch is:
 - Actively sending data
 - Passes all post-device registration readiness checks
 
-The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** is a sub-component of the overall Windows Autopatch service.
+The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** is a subcomponent of the overall Windows Autopatch service.
 
 The following list of post-device registration readiness checks is performed in Windows Autopatch:
 
@@ -95,16 +93,16 @@ See the following diagram for the post-device registration readiness checks work
 | **Step 8: Perform readiness checks** |<ol><li>Once devices are successfully registered with Windows Autopatch, the devices are added to the **Ready** tab.</li><li>The Microsoft Cloud Managed Desktop Extension agent performs readiness checks against devices in the **Ready** tab every 24 hours.</li></ol> |
 | **Step 9: Check readiness status** |<ol><li>The Microsoft Cloud Managed Desktop Extension service evaluates the readiness results gathered by its agent.</li><li>The readiness results are sent from the Microsoft Cloud Managed Desktop Extension service component to the Device Readiness component within the Windows Autopatch's service.</li></ol>|
 | **Step 10: Add devices to the Not ready** | When devices don't pass one or more readiness checks, even if they're registered with Windows Autopatch, they're added to the **Not ready** tab so IT admins can remediate devices based on Windows Autopatch recommendations. |
-| **Step 11: IT admin understands what the issue is and remediates** | The IT admin checks and remediates issues in the Devices blade (**Not ready** tab). It can take up to 24 hours for devices to show back up into the **Ready** tab. |
+| **Step 11: IT admin understands what the issue is and remediates** | The IT admin checks and remediates issues in the Devices blade (**Not ready** tab). It can take up to 24 hours for devices to show in the **Ready** tab. |
 
 ## FAQ
 
 | Question | Answer |
 | ----- | ----- |
 | **How frequent are the post-device registration readiness checks performed?** |<ul><li>The **Microsoft Cloud Managed Desktop Extension** agent collects device readiness statuses when it runs (once a day).</li><li>Once the agent collects results for the post-device registration readiness checks, it generates readiness results in the device in the `%programdata%\Microsoft\CMDExtension\Plugins\DeviceReadinessPlugin\Logs\DRCResults.json.log`.</li><li>The readiness results are sent over to the **Microsoft Cloud Managed Desktop Extension service**.</li><li>The **Microsoft Cloud Managed Desktop Extension** service component sends the readiness results to the Device Readiness component. The results appear in the Windows Autopatch Devices blade (**Not ready** tab).</li></ul>|
-| **What to expect when one or more checks fail?** | Devices are automatically sent to the **Ready** tab once they're successfully registered with Windows Autopatch. When devices don't meet one or more post-device registration readiness checks, the devices are moved to the **Not ready** tab. IT admins can learn about these devices and take appropriate actions to remediate them. Windows Autopatch will provide information about the failure and how to potentially remediate devices.<p>Once devices are remediated, it can take up to **24 hours** to show up in the **Ready** tab.</p>|
+| **What to expect when one or more checks fail?** | Devices are automatically sent to the **Ready** tab once they're successfully registered with Windows Autopatch. When devices don't meet one or more post-device registration readiness checks, the devices are moved to the **Not ready** tab. IT admins can learn about these devices and take appropriate actions to remediate them. Windows Autopatch provides information about the failure and how to potentially remediate devices.<p>Once devices are remediated, it can take up to **24 hours** to appear in the **Ready** tab.</p>|
 
 ## Additional resources
 
-- [Device registration overview](windows-autopatch-device-registration-overview.md)
-- [Register your devices](windows-autopatch-register-devices.md)
+- [Device registration overview](../deploy/windows-autopatch-device-registration-overview.md)
+- [Register your devices](../deploy/windows-autopatch-register-devices.md)
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
index f0938f7fd7..a0a59d054a 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@@ -1,9 +1,9 @@
 ---
 title: Register your devices
 description: This article details how to register devices in Autopatch.
-ms.date: 02/15/2024
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,29 +17,106 @@ ms.collection:
 
 # Register your devices
 
-Before Microsoft can manage your devices in Windows Autopatch, you must have devices registered with the service.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
-## Before you begin
+Before Microsoft can manage your devices in Windows Autopatch, you must register devices with the service. Make sure your devices meet the [device registration prerequisites](../deploy/windows-autopatch-device-registration-overview.md#prerequisites-for-device-registration).
 
-Windows Autopatch can take over software update management control of devices that meet software-based prerequisites as soon as an IT admin decides to have their tenant managed by the service. The Windows Autopatch software update management scope includes the following software update workloads:
+## Detailed device registration workflow diagram
 
-- [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md)
-- [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
-- [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)
-- [Microsoft Edge updates](../operate/windows-autopatch-edge.md)
-- [Microsoft Teams updates](../operate/windows-autopatch-teams.md)
+See the following detailed workflow diagram. The diagram covers the Windows Autopatch device registration process:
 
-### Windows Autopatch groups device registration
+:::image type="content" source="../media/windows-autopatch-device-registration-workflow-diagram.png" alt-text="Diagram of the device registration workflow." lightbox="../media/windows-autopatch-device-registration-workflow-diagram.png":::
 
-When you either create/edit a [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or edit the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) to add or remove deployment rings, the device-based Microsoft Entra groups you use when setting up your deployment rings are scanned to see if devices need to be registered with the Windows Autopatch service.
+| Step | Description |
+| ----- | ----- |
+| **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
+| **Step 2: Add devices** | IT admin identifies and adds devices, or nests other Microsoft Entra device groups into any Microsoft Entra group when you [create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) or [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group) or imported (WUfB) policies. |
+| **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin from Microsoft Entra groups used with Autopatch groups in **step #2**. The Microsoft Entra device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Microsoft Entra ID when registering devices into its service.<ol><li>Once devices are discovered from the Microsoft Entra group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Microsoft Entra ID in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements before registration.</li></ol> |
+| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Microsoft Entra device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name, and other attributes. When this happens, the Windows Autopatch service uses the Microsoft Entra device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Microsoft Entra ID in **step 3a**, the device is flagged with the **Prerequisite failed** status, and the device's Autopatch readiness status appears as **Not registered** in the [**Devices report**](#devices-report). The IT admin can review the reasons the device wasn't registered into Windows Autopatch. The IT admin remediates these devices. In this case, the IT admin should check why the device wasn't enrolled into Intune.</li><li>A common reason is when the Microsoft Entra device ID is stale, it doesn't have an Intune device ID associated with it anymore. To remediate, [clean up any stale Microsoft Entra device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn't enabled on the device, the service marks the device as **Prerequisite failed** and the device's Autopatch readiness status appears as **Not registered** in the **Devices report**.</li></ol></ol></ol>|
+| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment is **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
+| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to two deployment ring sets, the first one being the service-based deployment ring set represented by the following Microsoft Entra groups:<ol><li>**Modern Workplace Devices-Windows Autopatch-First**</li><ol><li>The Windows Autopatch device registration process doesn't automatically assign devices to the Test ring represented by the Microsoft Entra group (**Modern Workplace Devices-Windows Autopatch-Test**). It's important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.</li></ol><li>**Modern Workplace Devices-Windows Autopatch-Fast**</li><li>**Modern Workplace Devices-Windows Autopatch-Broad**</li> |
+| **Step 7: Assign devices to a Microsoft Entra group** | Windows Autopatch also assigns devices to the following Microsoft Entra groups when certain conditions apply:<ol><li>**Modern Workplace Devices - All**</li><ol><li>This group has all devices managed by Windows Autopatch.</li></ol><li>**Modern Workplace Devices - Virtual Machine**</li><ol><li>This group has all **virtual devices** managed by Windows Autopatch.</li></ol> |
+| **Step 8: Post-device registration** | In post-device registration, three actions occur:<ol><li>Windows Autopatch adds devices to its managed database.</li><li>Flags devices as **Ready**. The device's Autopatch readiness status appears as **Registered** in the **Devices report**.</li><li>The Microsoft Entra device ID of the device successfully registered is added into the Microsoft Cloud Managed Desktop Extension's allowlist. Windows Autopatch installs the Microsoft Cloud Managed Desktop Extension agent once devices are registered, so the agent can communicate back to the Microsoft Cloud Managed Desktop Extension service.</li><ol><li>The agent is the **Modern Workplace - Autopatch Client setup** PowerShell script that was created during the Windows Autopatch tenant enrollment process. The script is executed once devices are successfully registered into the Windows Autopatch service.</li></ol> |
+| **Step 9: Review device registration status** | IT admins review the device's Autopatch readiness status. Devices are either **Registered** or **Not registered** in the **Devices report**.<ol><li>If the device was **successfully registered**, the device's Autopatch readiness status appears as **Registered** in the **Devices report**.</li><li>If **not**, the device's Autopatch readiness status appears as **Not registered** in the **Devices report**.</li></ol> |
+| **Step 10: End of registration workflow** | This is the end of the Windows Autopatch device registration workflow. |
 
-If devices aren't registered, Autopatch groups starts the device registration process by using your existing device-based Microsoft Entra groups instead of the Windows Autopatch Device Registration group.
+## Detailed prerequisite check workflow diagram
 
-For more information, see [create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method.
+As described in **step #4** in the previous [Detailed device registration workflow diagram](#detailed-device-registration-workflow-diagram), the following diagram is a visual representation of the prerequisite construct for the Windows Autopatch device registration process. The prerequisite checks are sequentially performed.
 
-<a name='supported-scenarios-when-nesting-other-azure-ad-groups'></a>
+:::image type="content" source="../media/windows-autopatch-prerequisite-check-workflow-diagram.png" alt-text="Diagram of the prerequisite check workflow." lightbox="../media/windows-autopatch-prerequisite-check-workflow-diagram.png":::
 
-#### Supported scenarios when nesting other Microsoft Entra groups
+## Devices report
+
+Windows Autopatch has a device report that allows you to see:
+
+- Each registered devices readiness for the service
+- Update status
+- Policies that target each device
+
+### View the device report
+
+**To view the device report:**
+
+1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
+1. Under Manage updates, select **Windows updates**.
+1. Select the **Monitor** tab, and then select **Autopatch devices**.
+
+Once a device is registered to the service, a readiness status is displayed. Each readiness status helps you to determine if there are any actions to take or if the device is ready for the service.
+
+#### Readiness statuses
+
+| Autopatch readiness status in the Devices report | Sub-status description |
+| --- | --- |
+| Registered |<ul><li>**Ready**: Devices successfully passed all prerequisite checks and successfully registered with Windows Autopatch. Additionally, Ready devices successfully passed all [post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) and don't have any active alerts targeting them.</li><li>**Not ready**: These devices were successfully registered with Windows Autopatch. However, these devices:</li><ul><li>Failed to pass one or more [post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</li><li>Aren't ready to have one or more software update workloads managed by the service.</li><li>The device didn't communicate with Microsoft Intune in the last 28 days</li><li>The device has a conflict with policies or with Autopatch group membership</li></ul></ul> |
+| Not registered |<ul><li>**Autopatch group conflict**: The device has a conflict with Autopatch group membership</li><li>**Prerequisites failed**: The device failed to pass one or more [post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</li><li>**Excluded**: Devices with this status are removed from the Windows Autopatch service only. Microsoft assumes you manage these devices yourself in some capacity.</li></ul> |
+
+### View only excluded devices
+
+You can view the excluded devices in the Not registered tab to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service.
+
+**To view only excluded devices:**
+
+1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), navigate to **Windows Autopatch** > **Devices**.
+2. In the **Not registered** tab, select **Excluded** from the filter list. Leave all other filter options unselected.
+
+## Move devices in between deployment rings
+
+If you want to move devices to different deployment rings after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Devices report**.
+
+> [!IMPORTANT]
+> **You can only move devices in between deployment rings within the same Autopatch group**. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you'll receive the following error message on the top right corner of the Microsoft Intune portal: **An error occurred. Please select devices within the same Autopatch group**.
+
+**To move devices in between deployment rings:**
+
+> [!NOTE]
+> You can only move devices to other deployment rings when the device's Autopatch readiness status appears as **Registered** and the Update status is **Active**.
+
+1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
+1. Under **Manage updates** section, select **Windows updates**.
+1. In the **Devices report**, select one or more devices you want to assign. All selected devices are assigned to the deployment ring you specify.
+1. Select **Device actions** from the menu.
+1. Select **Assign ring**. A fly-in opens.
+1. Use the dropdown menu to select the deployment ring to move devices to, and then select **Save**. The Ring assigned by column changes to **Pending**.
+1. When the assignment is complete, the **Ring assigned by** column changes to Admin (which indicates that you made the change) and the **Ring** column shows the new deployment ring assignment.
+
+> [!WARNING]
+> Moving devices between deployment rings through directly changing Microsoft Entra group membership isn't supported and might cause unintended configuration conflicts within the Windows Autopatch service. To avoid service interruption to devices, use the **Assign device to ring** action described previously to move devices between deployment rings.
+
+## Register devices into Autopatch groups
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/entra/fundamentals/groups-view-azure-portal), and software update policies. For more information, see [Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md).
+
+When you [create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) or [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group) to add or remove deployment rings, the device-based Microsoft Entra groups you use when setting up your deployment rings, are scanned to see if devices need to be registered with the Windows Autopatch service.
+
+If devices aren't registered, Autopatch groups start the device registration process by using your existing device-based Microsoft Entra groups.
+
+- For more information, see [create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) or [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group) to register devices into Autopatch groups.
+- For more information about moving devices between deployment rings, see [Move devices in between deployment rings](#move-devices-in-between-deployment-rings).
+
+### Supported scenarios when nesting other Microsoft Entra groups
 
 Windows Autopatch also supports the following Microsoft Entra nested group scenarios:
 
@@ -48,97 +125,7 @@ Microsoft Entra groups synced up from:
 - On-premises Active Directory groups (Windows Server AD)
 - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync)
 
-> [!WARNING]
-> It isn't recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Microsoft Entra group. Use a different Microsoft Entra group when syncing Configuration Manager collections to Microsoft Entra groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Microsoft Entra group.
-
-> [!IMPORTANT]
-> The **Windows Autopatch Device Registration** Microsoft Entra group only supports **one level** of Microsoft Entra nested groups.
-
-<a name='clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant'></a>
-
-### Clean up dual state of Microsoft Entra hybrid joined and Azure registered devices in your Microsoft Entra tenant
-
-An [Microsoft Entra dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) occurs when a device is initially connected to Microsoft Entra ID as an [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Microsoft Entra hybrid join, the same device is connected twice to Microsoft Entra ID but as a [Hybrid Microsoft Entra device](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
-
-In the dual state, you end up having two Microsoft Entra device records with different join types for the same device. In this case, the Hybrid Microsoft Entra device record takes precedence over the Microsoft Entra registered device record for any type of authentication in Microsoft Entra ID, which makes the Microsoft Entra registered device record stale.
-
-It's recommended to detect and clean up stale devices in Microsoft Entra ID before registering devices with Windows Autopatch, see [How To: Manage stale devices in Microsoft Entra ID](/azure/active-directory/devices/manage-stale-devices).
-
-> [!WARNING]
-> If you don't clean up stale devices in Microsoft Entra ID before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** pre-requisite check  in the **Not ready** tab because it's expected that these stale Microsoft Entra devices aren't enrolled into the Intune service anymore.
-
-## Prerequisites for device registration
-
-To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites:
-
-- Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture).
-- Either [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Microsoft Entra joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported).
-- Managed by Microsoft Intune.
-    - [Already enrolled into Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) and/or [Configuration Manager co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
-        - Must switch the following Microsoft Configuration Manager [co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Intune (either set to Pilot Intune or Intune):
-            - Windows updates policies
-            - Device configuration
-            - Office Click-to-run
-- Last Intune device check in completed within the last 28 days.
-
-> [!IMPORTANT]
-> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
-
-For more information, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md).
-
-## About the Registered, Not ready and Not registered tabs
-
-> [!IMPORTANT]
-> Registered devices can appear in the Registered, Not ready, or Not registered tabs. When devices successfully register with the service, the devices are listed in the Registered tab. However, even if the device(s)is successfully registered, they can be part of Not ready tab. If devices fail to register, the devices are listed in the Not registered tab.
-
-Windows Autopatch has three tabs within its device blade. Each tab is designed to provide a different set of device readiness statuses so the IT admin knows where to go to monitor, and fix potential device health issues.
-
-| Device blade tab | Purpose | Expected device readiness status |
-| ----- | ----- | ----- |
-| Registered | The purpose of this tab is to show devices that were successfully registered with the Windows Autopatch service. | Active |
-| Not ready | The purpose of this tab is to help you identify and remediate devices that failed to pass one or more post-device registration readiness checks. Devices showing up in this tab were successfully registered with Windows Autopatch. However, these devices aren't ready to have one or more software update workloads managed by the service. | Readiness failed and/or Inactive |
-| Not registered | The purpose of this tab is to help you identify and remediate devices that don't meet one or more prerequisite checks to successfully register with the Windows Autopatch service. | Prerequisites failed |
-
-## Device readiness statuses
-
-The following are the possible device readiness statuses in Windows Autopatch:
-
-| Readiness status | Description | Device blade tab |
-| ----- | ----- | ----- |
-| Active | Devices with this status successfully passed all prerequisite checks and then successfully registered with Windows Autopatch. Additionally, devices with this status successfully passed all post-device registration readiness checks. |  Registered |
-| Readiness failed | Devices with this status haven't passed one or more post-device registration readiness checks. These devices aren't ready to have one or more software update workloads managed by Windows Autopatch. | Not ready |
-| Inactive | Devices with this status haven't communicated with Microsoft Intune in the last 28 days. | Not ready |
-| Prerequisites failed | Devices with this status haven't passed one or more prerequisite checks and haven't successfully registered with Windows Autopatch | Not registered |
-
-## Built-in roles required for device registration
-
-A role defines the set of permissions granted to users assigned to that role. You can use one of the following built-in roles in Windows Autopatch to register devices:
-
-- Microsoft Entra Global Administrator
-- Intune Service Administrator
-
-For more information, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
-
-If you want to assign less-privileged user accounts to perform specific tasks in the Windows Autopatch portal, such as register devices with the service, you can add these user accounts into one of the two Microsoft Entra groups created during the [tenant enrollment](../prepare/windows-autopatch-enroll-tenant.md) process:
-
-| Microsoft Entra group name | Discover devices | Modify columns | Refresh device list | Export to .CSV | Device actions |
-| ----- | ----- | ----- | ----- | ----- | ----- |
-| Modern Workplace Roles - Service Administrator | Yes | Yes | Yes | Yes | Yes |
-| Modern Workplace Roles - Service Reader | No | Yes | Yes | Yes | No |
-
-> [!TIP]
-> If you're adding less-privileged user accounts into the **Modern Workplace Roles - Service Administrator** Microsoft Entra group, it's recommended to add the same users as owners of the **Windows Autopatch Device Registration** Microsoft Entra group. Owners of the **Windows Autopatch Device Registration** Microsoft Entra group can add new devices as members of the group for registration purposes.<p>For more information, see [assign an owner of member of a group in Microsoft Entra ID](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group).</p>
-
-## Details about the device registration process
-
-Registering your devices with Windows Autopatch does the following:
-
-1. Makes a record of devices in the service.
-2. Assign devices to the [two deployment ring sets](../deploy/windows-autopatch-groups-overview.md#about-deployment-rings) and other groups required for software update management.
-
-For more information, see [Device registration overview](../deploy/windows-autopatch-device-registration-overview.md).
-
-### Windows Autopatch on Windows 365 Enterprise Workloads
+## Windows Autopatch on Windows 365 Enterprise Workloads
 
 Windows 365 Enterprise gives IT admins the option to register devices with the Windows Autopatch service as part of the Windows 365 provisioning policy creation. This option provides a seamless experience for admins and users to ensure your Cloud PCs are always up to date. When IT admins decide to manage their Windows 365 Cloud PCs with Windows Autopatch, the Windows 365 provisioning policy creation process calls Windows Autopatch device registration APIs to register devices on behalf of the IT admin.
 
@@ -151,22 +138,19 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
 1. Provide a policy name and select **Join Type**. For more information, see [Device join types](/windows-365/enterprise/identity-authentication#device-join-types).
 1. Select **Next**.
 1. Choose the desired image and select **Next**.
-1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) can't manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue.
+1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) can't manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md) to continue.
 1. Assign your policy accordingly and select **Next**.
-1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.
+1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs are automatically enrolled and managed by Windows Autopatch.
 
 For more information, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
 
-> [!IMPORTANT]
-> Starting in May 2023, Windows 365 Cloud PC devices are assigned to two deployment ring sets, the service-based and the software-based deployment rings. Additionally, once registered with Windows Autopatch, Windows 365 Cloud PC devices are automatically added to the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group). For more information, see [service-based versus software update-based deployment ring sets](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings).
-
-### Windows Autopatch on Azure Virtual Desktop workloads
+## Windows Autopatch on Azure Virtual Desktop workloads
 
 Windows Autopatch is available for your Azure Virtual Desktop workloads. Enterprise admins can provision their Azure Virtual Desktop workloads to be managed by Windows Autopatch using the existing device registration process.
 
-Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#windows-autopatch-groups-device-registration). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified.
+Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](../deploy/windows-autopatch-device-registration-overview.md). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified.
 
-#### Prerequisites
+### Prerequisites
 
 Windows Autopatch for Azure Virtual Desktop follows the same [prerequisites](../prepare/windows-autopatch-prerequisites.md) as Windows Autopatch, and the [Azure Virtual Desktop prerequisites](/azure/virtual-desktop/prerequisites).
 
@@ -180,9 +164,9 @@ The following Azure Virtual Desktop features aren't supported:
 - Pooled non persistent virtual machines
 - Remote app streaming
 
-#### Deploy Autopatch on Azure Virtual Desktop
+### Deploy Autopatch on Azure Virtual Desktop
 
-Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#windows-autopatch-groups-device-registration).
+Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your physical devices.
 
 For ease of deployment, we recommend nesting a dynamic device group in your Autopatch device registration group. The dynamic device group would target the **Name** prefix defined in your session host, but **exclude** any Multi-Session Session Hosts. For example:
 
@@ -190,13 +174,30 @@ For ease of deployment, we recommend nesting a dynamic device group in your Auto
 | ----- | ----- |
 | Windows Autopatch - Host Pool Session Hosts | <ul><li>`(device.displayName -contains "AP")`</li><li>`(device.deviceOSType -ne "Windows 10 Enterprise for Virtual Desktops")`</li></ul> |
 
+<a name='clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant'></a>
+
+### Clean up dual state of Microsoft Entra hybrid joined and Azure registered devices in your Microsoft Entra tenant
+
+An [Microsoft Entra dual state](/entra/identity/devices/hybrid-join-plan#handling-devices-with-azure-ad-registered-state) occurs when a device is initially connected to Microsoft Entra ID as an [Microsoft Entra registered](/entra/identity/devices/concept-device-registration) device. However, when you enable Microsoft Entra hybrid join, the same device is connected twice to Microsoft Entra ID but as a [Hybrid Microsoft Entra device](/entra/identity/devices/concept-hybrid-join).
+
+In the dual state, you end up having two Microsoft Entra device records with different join types for the same device. In this case, the Hybrid Microsoft Entra device record takes precedence over the Microsoft Entra registered device record for any type of authentication in Microsoft Entra ID, which makes the Microsoft Entra registered device record stale.
+
+It's recommended to detect and clean up stale devices in Microsoft Entra ID before registering devices with Windows Autopatch, see [How To: Manage stale devices in Microsoft Entra ID](/entra/identity/devices/manage-stale-devices).
+
+> [!WARNING]
+> If you don't clean up stale devices in Microsoft Entra ID before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** pre-requisite check  in the **Not ready** tab because it's expected that these stale Microsoft Entra devices aren't enrolled into the Intune service anymore.
+
 ### Contact support for device registration-related incidents
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.
 
 - For Windows 365 support, see [Get support](/mem/get-support).
 - For Azure Virtual Desktop support, see [Get support](https://azure.microsoft.com/support/create-ticket/).
-- For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request).
+- For Windows Autopatch support, see [Submit a support request](../manage/windows-autopatch-support-request.md).
+
+---
 
 ## Device management lifecycle scenarios
 
@@ -206,17 +207,17 @@ There's a few more device management lifecycle scenarios to consider when planni
 
 If a device was previously registered into the Windows Autopatch service, but it needs to be reimaged, you must run one of the device provisioning processes available in Microsoft Intune to reimage the device.
 
-The device will be rejoined to Microsoft Entra ID (either Hybrid or Microsoft Entra-only). Then, re-enrolled into Intune as well. No further action is required from you or the Windows Autopatch service, because the Microsoft Entra device ID record of that device remains the same.
+The device is rejoined to Microsoft Entra ID (either Hybrid or Microsoft Entra-only). Then, re-enrolled into Intune as well. No further action is required from you or the Windows Autopatch service, because the Microsoft Entra device ID record of that device remains the same.
 
 ### Device repair and hardware replacement
 
-If you need to repair a device that was previously registered into the Windows Autopatch service, by replacing the motherboard, non-removable network interface cards (NIC) or hard drive, you must re-register the device into the Windows Autopatch service, because a new hardware ID is generated when there are major hardware changes, such as:
+If you need to repair a device that was previously registered into the Windows Autopatch service, by replacing the motherboard, nonremovable network interface cards (NIC) or hard drive, you must re-register the device into the Windows Autopatch service, because a new hardware ID is generated when there are major hardware changes, such as:
 
 - SMBIOS UUID (motherboard)
-- MAC address (non-removable NICs)
+- MAC address (nonremovable NICs)
 - OS hard drive's serial, model, manufacturer information
 
 When one of these hardware changes occurs, Microsoft Entra ID creates a new device ID record for that device, even if it's technically the same device.
 
 > [!IMPORTANT]
-> If a new Microsoft Entra device ID is generated for a device that was previously registered into the Windows Autopatch service, even if it's technically same device, the new Microsoft Entra device ID must be added either through device direct membership or through nested Microsoft Entra dynamic/assigned group into the **Windows Autopatch Device Registration** Microsoft Entra group. This process guarantees that the newly generated Microsoft Entra device ID is registered with Windows Autopatch and that the device continues to have its software updates managed by the service.
+> If a new Microsoft Entra device ID is generated for a device that was previously registered into the Windows Autopatch service, even if it's technically same device, the new Microsoft Entra device ID must be added either through device direct membership or through nested Microsoft Entra dynamic/assigned group in the Windows Autopatch group experience. This process guarantees that the newly generated Microsoft Entra device ID is registered with Windows Autopatch and that the device continues to have its software updates managed by the service.
diff --git a/windows/deployment/windows-autopatch/includes/windows-autopatch-applies-to-all-licenses.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-applies-to-all-licenses.md
new file mode 100644
index 0000000000..28cef2dd9a
--- /dev/null
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-applies-to-all-licenses.md
@@ -0,0 +1,14 @@
+---
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: include
+ms.date: 09/16/2024
+ms.localizationpriority: medium
+---
+<!--This file is used throughout the Windows Autopatch documentation. -->
+
+> [!IMPORTANT]
+> The information in section applies to Business premium, A3+, E3+ and F3 licenses. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities) and [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements).
diff --git a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-audience-graph-explorer.md
similarity index 96%
rename from windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-audience-graph-explorer.md
index 572d549362..1b467a2ff9 100644
--- a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-audience-graph-explorer.md
@@ -1,11 +1,11 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-drivers.md and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
diff --git a/windows/deployment/windows-autopatch/includes/windows-autopatch-business-premium-a3-licenses.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-business-premium-a3-licenses.md
new file mode 100644
index 0000000000..30ab466ec3
--- /dev/null
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-business-premium-a3-licenses.md
@@ -0,0 +1,14 @@
+---
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: include
+ms.date: 09/16/2024
+ms.localizationpriority: medium
+---
+<!--This file is used throughout the Windows Autopatch documentation. -->
+
+> [!IMPORTANT]
+> To [activate all Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses), you must have Windows 10/11 Enterprise E3+ or F3 (included in Microsoft 365 F3, E3, or E5) licenses. [Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you when you have Windows 10/11 Enterprise E3+ or F3 licenses. For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements).
diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-driver-policy-considerations.md
similarity index 60%
rename from windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-driver-policy-considerations.md
index c386f7fd42..080b40a056 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-driver-policy-considerations.md
@@ -1,16 +1,16 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
-<!--This file is shared by deployment-service-drivers.md, deployment-service-troubleshoot.md, and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
+<!--This file is shared by windows-autopatch-driver-and-firmware-programmatic-controls.md, windows-autopatch-troubleshoot-programmatic-controls.md, and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
 
-It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure these policies to fit their current or future needs. For instance, organizations may want to review applicable driver content through the deployment service, but not allow installation. Configuring this sort of behavior can be useful, especially when transitioning management of driver updates due to changing organizational needs. The following list describes driver related update policies that can affect deployments through the deployment service: 
+It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure these policies to fit their current or future needs. For instance, organizations may want to review applicable driver content, but not allow installation. Configuring this sort of behavior can be useful, especially when transitioning management of driver updates due to changing organizational needs. The following list describes driver related update policies that can affect deployments: 
 
 ### Policies that exclude drivers from Windows Update for a device
 
@@ -22,10 +22,10 @@ The following policies exclude drivers from Windows Update for a device:
   - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversFromQualityUpdates` set to `1`
   - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Block` 
 
-**Behavior with the deployment service**: Devices with driver exclusion polices that are enrolled for **drivers** and added to an audience though the deployment service:
-  - Will display the applicable driver content in the deployment service
-  - Won't install drivers that are approved from the deployment service
-    - If drivers are deployed to a device that's blocking them, the deployment service displays the driver is being offered and reporting displays the install is pending.
+**Behavior**: Devices with driver exclusion polices that are enrolled for **drivers** and added to an audience:
+  - Will display the applicable driver content
+  - Won't install drivers that are approved
+    - If drivers are deployed to a device that's blocking them, Windows Autopatch displays the driver is being offered and reporting displays the install is pending.
 
 ### Policies that define the source for driver updates
 
@@ -37,9 +37,9 @@ The following policies define the source for driver updates as either Windows Up
   - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetPolicyDrivenUpdateSourceForDriverUpdates` set to `0`. Under `\AU`, `UseUpdateClassPolicySource` also needs to be set to `1`
   - **Intune**: Not applicable. Intune deploys updates using Windows Update for Business. [Co-managed clients from Configuration Manager](/mem/configmgr/comanage/overview?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json) with the workload for Windows Update policies set to Intune will also use Windows Update for Business.
 
-**Behavior with the deployment service**: Devices with these update source policies that are enrolled for **drivers** and added to an audience though the deployment service:
-  - Will display the applicable driver content in the deployment service
-  - Will install drivers that are approved from the deployment service
+**Behavior**: Devices with these update source policies that are enrolled for **drivers** and added to an audience:
+  - Will display the applicable driver content
+  - Will install drivers that are approved
 
-> [!NOTE] 
-> When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device. 
+> [!NOTE]
+> When the scan source for drivers is set to WSUS, Windows Autopatch doesn't get inventory events from devices. This means that Windows Autopatch won't be able to report the applicability of a driver for the device.
diff --git a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-enroll-device-graph-explorer.md
similarity index 96%
rename from windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-enroll-device-graph-explorer.md
index f84dd43e0a..4c86165a65 100644
--- a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-enroll-device-graph-explorer.md
@@ -1,11 +1,11 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-drivers.md and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
diff --git a/windows/deployment/windows-autopatch/includes/windows-autopatch-enterprise-e3-f3-licenses.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-enterprise-e3-f3-licenses.md
new file mode 100644
index 0000000000..37b872ad2a
--- /dev/null
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-enterprise-e3-f3-licenses.md
@@ -0,0 +1,14 @@
+---
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: include
+ms.date: 09/16/2024
+ms.localizationpriority: medium
+---
+<!--This file is used throughout the Windows Autopatch documentation. -->
+
+> [!IMPORTANT]
+> **The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>
diff --git a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-find-device-name-graph-explorer.md
similarity index 91%
rename from windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-find-device-name-graph-explorer.md
index 9cfcff85ad..00dc5b6ebd 100644
--- a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-find-device-name-graph-explorer.md
@@ -1,16 +1,16 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
 
-Use the [device](/graph/api/resources/device) resource type to find clients to enroll into the deployment service. Change the query parameters to fit your specific needs. For more information, see [Use query parameters](/graph/query-parameters).
+Use the [device](/graph/api/resources/device) resource type to find clients to enroll into Windows Autopatch. Change the query parameters to fit your specific needs. For more information, see [Use query parameters](/graph/query-parameters).
 
 - Displays the **AzureAD Device ID** and **Name** of all devices:
 
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-graph-explorer-permissions.md
similarity index 56%
rename from windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-graph-explorer-permissions.md
index 40f67810ab..439c49b803 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-graph-explorer-permissions.md
@@ -1,18 +1,18 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
-<!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
+<!--This file is shared by windows-autopatch-driver-and-firmware-programmatic-controls.md, windows-autopatch-windows-quality-update-programmatic-controls.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
 
 The following permissions are needed for the queries listed in this article:
 
-- [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions) for [Windows Update for Business deployment service](/graph/api/resources/adminwindowsupdates) operations.
+- [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions) for [Windows Autopatch](/graph/api/resources/adminwindowsupdates) operations.
 - At least [Device.Read.All](/graph/permissions-reference#device-permissions) permission to display [device](/graph/api/resources/device) information.
 
 Some roles, such as the [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator), already have these permissions.
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-graph-explorer.md
similarity index 80%
rename from windows/deployment/update/includes/wufb-deployment-graph-explorer.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-graph-explorer.md
index 8250bc9e1d..8ce80d8b36 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-graph-explorer.md
@@ -1,14 +1,14 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
-<!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
+<!--This file is shared by windows-autopatch-driver-and-firmware-programmatic-controls.md, windows-autopatch-windows-quality-update-programmatic-controls.md, and the windows-autopatch-windows-feature-update-programmatic-controls.md articles. Headings may be driven by article context. 7512398 -->
 
 For this article, you'll use Graph Explorer to make requests to the [Microsoft Graph APIs](/graph/api/resources/adminwindowsupdates) to retrieve, add, delete, and update data. Graph Explorer is a developer tool that lets you learn about Microsoft Graph APIs. For more information about using Graph Explorer, see [Get started with Graph Explorer](/graph/graph-explorer/graph-explorer-overview).
 
@@ -21,8 +21,7 @@ For this article, you'll use Graph Explorer to make requests to the [Microsoft G
 1. You may need to enable the [`WindowsUpdates.ReadWrite.All` permission](/graph/permissions-reference#windows-updates-permissions) to use the queries in this article. To enable the permission:
     1. Select the **Modify permissions** tab in Graph Explorer.
     1. In the permissions dialog box, select the **WindowsUpdates.ReadWrite.All** permission then select **Consent**. You may need to sign in again to grant consent.
-    
-       :::image type="content" source="../media/7512398-wufbds-graph-modify-permission.png" alt-text="Screenshot of the modify permissions tab in Graph Explorer" lightbox="../media/7512398-wufbds-graph-modify-permission.png" :::
+       :::image type="content" source="../media/7512398-graph-modify-permission.png" alt-text="Screenshot of the modify permissions tab in Graph Explorer" lightbox="../media/7512398-graph-modify-permission.png" :::
 
 1. To make requests:
    1. Select either GET, POST, PUT, PATCH, or DELETE from the drop-down list for the HTTP method.
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-graph-unenroll.md
similarity index 58%
rename from windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-graph-unenroll.md
index d4681b40c2..f91004dfa0 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-graph-unenroll.md
@@ -1,19 +1,19 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
-<!--This file is shared by deployment-service-drivers.md and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
+<!--This file is shared by windows-autopatch-driver-and-firmware-programmatic-controls.md, windows-autopatch-windows-feature-update-programmatic-controls.md articles. Headings may be driven by article context. 7512398 -->
 
-When a device no longer requires management, unenroll it from the deployment service. Just like [enrolling a device](#enroll-devices), specify either `driver` or `feature` as the value for the `updateCategory`. The device will no longer receive updates from the deployment service for the specified update category. Depending on the device's configuration, it may start to receive updates from Windows Update. For instance, if a device is still enrolled for feature updates, but it's unenrolled from drivers:
+When a device no longer requires management, unenroll it from Windows Autopatch. Just like [enrolling a device](#enroll-devices), specify either `driver` or `feature` as the value for the `updateCategory`. The device will no longer receive updates from Windows Autopatch for the specified update category. Depending on the device's configuration, it may start to receive updates from Windows Update. For instance, if a device is still enrolled for feature updates, but it's unenrolled from drivers:
 
 - Existing driver deployments from the service won't be offered to the device
-- The device continues to receive feature updates from the deployment service
+- The device continues to receive feature updates from Windows Autopatch
 - Drivers may start being installed from Windows Update depending on the device's configuration
 
 To unenroll a device, POST to [updatableAssets](/graph/api/resources/windowsupdates-updatableasset) using [unenrollAssets](/graph/api/windowsupdates-updatableasset-unenrollassets). In the request body, specify:
diff --git a/windows/deployment/windows-autopatch/includes/windows-autopatch-limitations.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-limitations.md
new file mode 100644
index 0000000000..dc0fd1a739
--- /dev/null
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-limitations.md
@@ -0,0 +1,15 @@
+---
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: include
+ms.date: 09/16/2024
+ms.localizationpriority: medium
+---
+<!--This file is shared by windows-autopatch-overview.md and the windows-autopatch-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
+
+Windows Autopatch is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, Windows Autopatch is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
+
+Windows Autopatch isn't available in Azure Government for [Office 365 GCC High and DoD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.
diff --git a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md b/windows/deployment/windows-autopatch/includes/windows-autopatch-update-health-tools-logs.md
similarity index 71%
rename from windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
rename to windows/deployment/windows-autopatch/includes/windows-autopatch-update-health-tools-logs.md
index cd39b4dd7e..adc812a9a0 100644
--- a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
+++ b/windows/deployment/windows-autopatch/includes/windows-autopatch-update-health-tools-logs.md
@@ -1,14 +1,14 @@
 ---
-author: mestew
-ms.author: mstewart
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
-ms.subservice: itpro-updates
 ms.service: windows-client
+ms.subservice: autopatch
 ms.topic: include
-ms.date: 02/14/2023
+ms.date: 09/16/2024
 ms.localizationpriority: medium
 ---
-<!--This file is shared by deployment-service-expedite.md and the deployment-service-troubleshoot.md articles. Headings may be driven by article context. 7512398 -->
+<!--This file is shared by windows-autopatch-windows-quality-update-programmatic-controls, and windows-autopatch-troubleshoot-programmatic-controls.md articles. Headings may be driven by article context. 7512398 -->
 ## Log location for the Update Health Tools
 
 The Update Health Tools are used when you deploy expedited updates. In some cases, you may wish to review the logs for the Update Health Tools.
diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml
index 2c2a7c6642..2a64ebfccd 100644
--- a/windows/deployment/windows-autopatch/index.yml
+++ b/windows/deployment/windows-autopatch/index.yml
@@ -11,13 +11,12 @@ metadata:
   author: tiaraquan #Required; your GitHub user alias, with correct capitalization.
   ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
   manager: aaroncz
-  ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
+  ms.date: 08/27/2024 #Required; mm/dd/yyyy format.
   ms.service: windows-client
-  ms.subservice: itpro-updates
+  ms.subservice: autopatch
   ms.collection:
     - highpri
     - tier2
-    - essentials-navigation
 
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-customize-windows-update-settings.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-customize-windows-update-settings.md
similarity index 62%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-customize-windows-update-settings.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-customize-windows-update-settings.md
index 8afa348a89..5cf7948782 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-customize-windows-update-settings.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-customize-windows-update-settings.md
@@ -1,9 +1,9 @@
 ---
 title: Customize Windows Update settings Autopatch groups experience
 description: How to customize Windows Updates with Autopatch groups
-ms.date: 07/25/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,9 +17,11 @@ ms.collection:
 
 # Customize Windows Update settings
 
-You can customize the Windows Update deployment schedule for each deployment ring in Windows Autopatch groups per your business and organizational needs. This capability is allowed for both [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) and [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups). However, we recommend that you remain within service defined boundaries to maintain compliance.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
-When the deployment cadence is customized, Windows Autopatch will override our service defaults with your preferred deployment cadence. Depending on the selected options, devices with [customized schedules](#scheduled-install) may not count towards the Windows Autopatch [Windows quality update service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective).
+You can customize the Windows Update deployment schedule for each deployment ring in Windows Autopatch groups per your business and organizational needs. However, we recommend that you remain within service defined boundaries to maintain compliance.
+
+When the deployment cadence is customized, Windows Autopatch overrides our service defaults with your preferred deployment cadence. Depending on the selected options, devices with [customized schedules](#scheduled-install) might not count towards the Windows Autopatch [Windows quality update service level objective](../manage/windows-autopatch-windows-quality-update-overview.md#service-level-objective).
 
 ## Deployment cadence
 
@@ -37,35 +39,30 @@ For each tenant, at the deployment ring level, there are two cadence types to co
 
 With the deadline-drive cadence type, you can control and customize the deferral, deadline, and grace period to meet your specific business needs and organizational requirements.
 
-There are certain limits that Windows Autopatch defines and you'll only be able to make changes with those boundaries. The following boundaries are implemented so that Windows Autopatch can maintain update compliance.
-
-| Boundary | Description |
-| ----- | ----- |
-| Deferrals and deadlines | Windows Autopatch will enforce that deadline plus deferral days for a deployment ring to be less than or equal to 14 days. |
-| Grace period | The permitted customization range is zero to seven days. |
-
 > [!NOTE]
 > The configured grace period will apply to both Windows quality updates and Windows feature updates.
 
-Each deployment ring can be scheduled independent of the others, and there are no dependencies that the previous deployment ring must be scheduled before the next ring. Further, if the cadence type is set as **Deadline-driven**, the automatic update behavior setting, **Reset to default** in the Windows Update for Business policy, will be applied.
+Each deployment ring can be scheduled independent of the others, and there are no dependencies that the previous deployment ring must be scheduled before the next ring. Further, if the cadence type is set as **Deadline-driven**, the automatic update behavior setting, **Reset to default** in the Windows Update for Business policy, are applied.
 
-It's possible for you to change the cadence from the Windows Autopatch Release management blade while update deployments are in progress. Windows Autopatch will abide by the principle to always respect your preferences over service-defined values.
+It's possible for you to change the cadence from the Windows Autopatch groups blade while update deployments are in progress. Windows Autopatch abides by the principle to always respect your preferences over service-defined values.
 
-However, if an update has already started for a particular deployment ring, Windows Autopatch won't be able to change the cadence for that ring during that ongoing update cycle. The changes will only be effective in the next update cycle.
+However, if an update already started for a particular deployment ring, Windows Autopatch isn't able to change the cadence for that ring during that ongoing update cycle. The changes will only be effective in the next update cycle.
 
 #### Scheduled install
 
 > [!NOTE]
->If you select the Schedule install cadence type, the devices in that ring won't be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective).
+>If you select the Schedule install cadence type, the devices in that ring won't be counted towards the [Windows quality update service level objective](../manage/windows-autopatch-windows-quality-update-overview.md#service-level-objective).
 
-While the Windows Autopatch default options will meet the majority of the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times. The **Scheduled install** cadence type will minimize disruptions by preventing forced restarts and interruptions to critical business activities for end users. Upon selecting the **Scheduled install** cadence type, any previously set deadlines and grace periods will be removed. Devices will only update and restart according to the time specified.
+While the Windows Autopatch default options meet most the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times.
 
-If other applications force a device to restart outside of the specified time and a Windows Update is pending a restart, the Windows Update will complete its installation at this time. For this reason, ensure that you consider your update and restart scenarios for devices running business critical activities, or restart sensitive workloads before using the Scheduled Install option.
+The **Scheduled install** cadence type minimizes disruptions by preventing forced restarts and interruptions to critical business activities for end users. When you select the **Scheduled install** cadence type, any previously set deadlines and grace periods are removed. Devices will only update and restart according to the time specified.
+
+If other applications force a device to restart outside of the specified time and a Windows Update is pending a restart, the Windows Update completes its installation at this time. For this reason, ensure that you consider your update and restart scenarios for devices running business critical activities, or restart sensitive workloads before using the Scheduled Install option.
 
 > [!NOTE]
 > The compliance deadline and grace period for Windows quality updates won't be configured for the Scheduled Install cadence type.
 
-Devices **must** be active and available at the time when the device is scheduled for installation to ensure the optimal experience. If the device is consistently unavailable during the scheduled install time, the device can remain unprotected and unsecured, or the device may have the Windows Update scan and install during active hours.
+Devices **must** be active and available at the time when the device is scheduled for installation to ensure the optimal experience. If the device is consistently unavailable during the scheduled install time, the device can remain unprotected and unsecured, or the device might have the Windows Update scan and install during active hours.
 
 ##### Scheduled install types
 
@@ -76,7 +73,7 @@ The Scheduled install cadence has two options:
 
 | Option | Description |
 | ----- | ----- |
-| Active hours | The period (daily) that the user normally does their work, or the device is busy performing business critical actions.<p>The time outside of active hours is when the device is available for Windows to perform an update and restart the device (daily). The max range for Active hours is 18 hours. The six-hour period outside of the active hours is the deployment period, when Windows Update for Business will scan, install and restart the device.</p>
+| Active hours | The period (daily) that the user normally does their work, or the device is busy performing business critical actions.<p>The time outside of active hours is when the device is available for Windows to perform an update and restart the device (daily). The max range for Active hours is 18 hours. The six-hour period outside of the active hours is the deployment period, when Windows Update for Business scans, install and restart the device.</p>
 | Schedule install and restart | Use this option to prevent the service from installing Windows Updates except during the specified start time. You can specify the following occurrence options:<ul><li>Weekly</li><li>Bi-weekly</li><li>Monthly</li></ul><p>Select a time when the device has low activity for the updates to complete. Ensure that the Windows Update has three to four hours to complete the installation and restart the device.</p> |
 
 > [!NOTE]
@@ -84,7 +81,7 @@ The Scheduled install cadence has two options:
 
 ### User notifications
 
-In addition to the cadence type, you can also manage the end user notification settings. End users will receive all update notifications by default. For critical devices or devices where notifications need to be hidden, use the **Manage notifications** option to configure notifications. For each tenant, at the deployment ring level, there are four options for you to configure end user update notification settings:
+In addition to the cadence type, you can also manage the end user notification settings. End users receive all update notifications by default. For critical devices or devices where notifications need to be hidden, use the **Manage notifications** option to configure notifications. For each tenant, at the deployment ring level, there are four options for you to configure end user update notification settings:
 
 - Not configured
 - Use the default Windows Update notifications
@@ -101,12 +98,12 @@ For more information, see [Windows Update settings you can manage with Intune up
 **To customize the Windows Update deployment cadence:**
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release settings** select **Autopatch groups**. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
+2. Navigate to **Tenant administration** > **Windows Autopatch** > **Autopatch groups**. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
 3. Select the **horizontal ellipses (…)** across each ring to manage the deployment cadence or notification settings.
 4. Select **Next** to navigate to the Windows update settings page. The page lists the existing settings for each of the deployment rings in the Autopatch group.
 5. Select [**Manage deployment cadence**](#cadence-types) to customize Windows Update settings.
     1. Select one of the cadence types for the ring:
-        1. Select **Deadline-driven** to configure the deferral, deadline, and grace periods. This option will enforce forced restarts based on the selected deadline and grace period. In the event you want to switch back to the service recommended defaults, for each of the settings, select the option tagged as "default".
+        1. Select **Deadline-driven** to configure the deferral, deadline, and grace periods. This option enforces forced restarts based on the selected deadline and grace period. In the event you want to switch back to the service recommended defaults, for each of the settings, select the option tagged as "default".
         1. Select **Scheduled install** to opt-out of deadline-based forced restart.
             1. Select either **Active hours** or **Schedule install and restart time**.
     2. Select **Save**.
@@ -118,5 +115,5 @@ For more information, see [Windows Update settings you can manage with Intune up
         1. Turn off all notifications included restart warnings
     1. Select **Save** once you select the preferred setting.
 7. Repeat the same process to customize each of the rings. Once done, select **Next**.
-8. In **Review + apply**, you'll be able to review the selected settings for each of the rings.
-9. Select **Apply** to apply the changes to the ring policy. Once the settings are applied, the saved changes can be verified in the **Release schedule** tab. The Windows quality update schedule on the **Release schedule** tab will be updated as per the customized settings.
+8. In **Review + apply**, you're able to review the selected settings for each of the rings.
+9. Select **Apply** to apply the changes to the ring policy.
diff --git a/windows/deployment/update/deployment-service-drivers.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-driver-and-firmware-update-programmatic-controls.md
similarity index 85%
rename from windows/deployment/update/deployment-service-drivers.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-driver-and-firmware-update-programmatic-controls.md
index ca104fce34..9557d457c6 100644
--- a/windows/deployment/update/deployment-service-drivers.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-driver-and-firmware-update-programmatic-controls.md
@@ -1,12 +1,12 @@
 ---
-title: Deploy drivers and firmware updates
-titleSuffix: Windows Update for Business deployment service 
-description: Use Windows Update for Business deployment service to deploy driver and firmware updates to devices.
+title: Programmatic controls for drivers and firmware
+titleSuffix: Windows Autopatch 
+description: Use programmatic controls to deploy driver and firmware updates to devices.
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-author: mestew
-ms.author: mstewart
+ms.subservice: autopatch
+ms.topic: how-to
+author: tiaraquan
+ms.author: tiaraquan
 manager: aaroncz
 ms.collection:
   - tier1
@@ -14,13 +14,13 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 06/22/2023
+ms.date: 09/16/2024
 ---
 
-# Deploy drivers and firmware updates with Windows Update for Business deployment service
+# Programmatic controls for drivers and firmware updates
 <!--7260403, 7512398-->
 
-The Windows Update for Business deployment service is used to approve and schedule software updates. The deployment service exposes its capabilities through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune). 
+Windows Autopatch programmatic controls are used to approve and schedule software updates through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune).
 
 This article uses [Graph Explorer](/graph/graph-explorer/graph-explorer-overview) to walk through the entire process of deploying a driver update to clients. In this article, you will:
 > [!div class="checklist"]
@@ -37,36 +37,36 @@ This article uses [Graph Explorer](/graph/graph-explorer/graph-explorer-overview
 
 ## Prerequisites
 
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
+All of the [Windows Autopatch prerequisites](../prepare/windows-autopatch-fix-issues.md) must be met.
 
 ### Permissions
 
 <!--Using include for Graph Explorer permissions-->
-[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-graph-explorer-permissions.md)]
+[!INCLUDE [Windows Autopath permissions using Graph Explorer](../includes/windows-autopatch-graph-explorer-permissions.md)]
 
 ## Open Graph Explorer
 
 <!--Using include for Graph Explorer sign in-->
-[!INCLUDE [Graph Explorer sign in](./includes/wufb-deployment-graph-explorer.md)]
+[!INCLUDE [Graph Explorer sign in](../includes/windows-autopatch-graph-explorer.md)]
 
 ## Run queries to identify devices
 
 <!--Using include for Graph Explorer device queries-->
-[!INCLUDE [Graph Explorer device queries](./includes/wufb-deployment-find-device-name-graph-explorer.md)]
+[!INCLUDE [Graph Explorer device queries](../includes/windows-autopatch-find-device-name-graph-explorer.md)]
 
 ## Enroll devices
 
-When you enroll devices into driver management, the deployment service becomes the authority for driver updates coming from Windows Update. Devices don't receive drivers or firmware from Windows Update until a deployment is manually created or they're added to a driver update policy with approvals.
+When you enroll devices into driver management, Windows Autopatch becomes the authority for driver updates coming from Windows Update. Devices don't receive drivers or firmware from Windows Update until a deployment is manually created or they're added to a driver update policy with approvals.
 
 <!--Using include for enrolling devices using Graph Explorer-->
-[!INCLUDE [Graph Explorer enroll devices](./includes/wufb-deployment-enroll-device-graph-explorer.md)]
+[!INCLUDE [Graph Explorer enroll devices](../includes/windows-autopatch-enroll-device-graph-explorer.md)]
 
 ## Create a deployment audience and add audience members
 
 <!--Using include for creating deployment audiences and adding audience members using Graph Explorer-->
-[!INCLUDE [Graph Explorer enroll devices](./includes/wufb-deployment-audience-graph-explorer.md)]
+[!INCLUDE [Graph Explorer enroll devices](../includes/windows-autopatch-audience-graph-explorer.md)]
 
-Once a device has been enrolled and added to a deployment audience, the Windows Update for Business deployment service will start collecting scan results from Windows Update to build a catalog of applicable drivers to be browsed, approved, and scheduled for deployment.
+Once a device has been enrolled and added to a deployment audience, Windows Autopatch will start collecting scan results from Windows Update to build a catalog of applicable drivers to be browsed, approved, and scheduled for deployment.
 
 ## Create an update policy
 
@@ -75,7 +75,6 @@ Update policies define how content is deployed to a deployment audience. An [upd
 > [!IMPORTANT]
 > Any [deployment settings](/graph/api/resources/windowsupdates-deploymentsettings) configured for a [content approval](#approve-driver-content-for-deployment) will be combined with the existing update policy's deployment settings. If the content approval and update policy specify the same deployment setting, the setting from the content approval is used.
 
-
 ### Create a policy and define the settings later
 
 To create a policy without any deployment settings, in the request body specify the **Audience ID** as `id`. In the following example, the **Audience ID** is `d39ad1ce-0123-4567-89ab-cdef01234567`, and the `id` given in the response is the **Policy ID**:
@@ -115,6 +114,7 @@ content-type: application/json
 ### Specify settings during policy creation
 
 To create a policy with additional settings, in the request body:
+
   - Specify the **Audience ID** as `id`
   - Define any [deployment settings](/graph/api/resources/windowsupdates-deploymentsettings).
   - Add the `content-length` header to the request if a status code of 411 occurs. The value should be the length of the request body in bytes. For information on error codes, see [Microsoft Graph error responses and resource types](/graph/errors).
@@ -147,7 +147,6 @@ To create a policy with additional settings, in the request body:
    }
    ```
 
-
 ### Review and edit update policy settings
 
 To review the policy settings, run the following query using the **Policy ID**, for example `9011c330-1234-5678-9abc-def012345678`:
@@ -181,10 +180,9 @@ content-type: application/json
 }
 ```
 
-
 ## Review applicable driver content
 
-Once Windows Update for Business deployment service has scan results from devices, the applicability for driver and firmware updates can be displayed for a deployment audience. Each applicable update returns the following information:
+Once Windows Autopatch has scan results from devices, the applicability for driver and firmware updates can be displayed for a deployment audience. Each applicable update returns the following information:
 
 - An `id` for its [catalog entry](/graph/api/resources/windowsupdates-catalogentry)
 - The **Microsoft Entra ID** of the devices it's applicable to
@@ -197,6 +195,7 @@ GET https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/d
 ```
 
 The following truncated response displays:
+
   - An **Microsoft Entra ID** of `01234567-89ab-cdef-0123-456789abcdef`
   - The **Catalog ID** of `5d6dede684ba5c4a731d62d9c9c2a99db12c5e6015e9f8ad00f3e9387c7f399c`  
 
@@ -332,9 +331,9 @@ GET https://graph.microsoft.com/beta/admin/windows/updates/deployments?orderby=c
 ## Unenroll devices
 
 <!--Using include for removing device enrollment-->
-[!INCLUDE [Graph Explorer enroll devices](./includes/wufb-deployment-graph-unenroll.md)]
+[!INCLUDE [Graph Explorer unenroll devices](../includes/windows-autopatch-graph-unenroll.md)]
 
 ## Policy considerations for drivers
 
 <!--Using include for Policy considerations for drivers-->
-[!INCLUDE [Windows Update for Business deployment service driver policy considerations](./includes/wufb-deployment-driver-policy-considerations.md)]
+[!INCLUDE [Windows Autopatch driver policy considerations](../includes/windows-autopatch-driver-policy-considerations.md)]
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-edge.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-edge.md
new file mode 100644
index 0000000000..831fe0e8a1
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-edge.md
@@ -0,0 +1,89 @@
+---
+title: Microsoft Edge
+description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Microsoft Edge
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch uses the [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel) of Microsoft Edge.
+
+> [!IMPORTANT]
+> To update Microsoft 365 Apps for enterprise, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) first and **Microsoft Edge update setting** must be set to [**Allow**](#allow-or-block-microsoft-edge-updates). For more information on workloads supported by Windows Autopatch groups, see [Software update workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).
+
+## Device eligibility
+
+For a device to be eligible for Microsoft Edge updates as a part of Windows Autopatch, they must meet the following criteria:
+
+- The device must be powered on and have an internet connection.
+- There are no policy conflicts between Windows Autopatch policies and customer policies.
+- The device must be able to access the required network endpoints to reach the Microsoft Edge update service.
+- If Microsoft Edge is open, it must restart for the update process to complete.
+
+## Allow or block Microsoft Edge updates
+
+> [!IMPORTANT]
+> You must be an Intune Administrator to make changes to the setting.
+
+For organizations seeking greater control, you can allow or block Microsoft Edge updates for Windows Autopatch-enrolled devices.
+
+| Microsoft Edge setting | Description |
+| ----- | ----- |
+| **Allow** | When set to **Allow**, Windows Autopatch assigns devices to Microsoft Edge's [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel). To manage updates manually, set the Microsoft Edge setting to **Block**. |
+| **Block** | When set to **Block**, Windows Autopatch doesn't assign devices to Microsoft Edge's [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel) updates on your behalf, and your organizations have full control over these updates. You can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). |
+
+**To allow or block Edge updates:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Tenant administration** > **Windows Autopatch** > **Autopatch groups** > **Update settings**.
+1. Go to the **Edge updates** section. By default, the Allow/Block toggle is set to **Block**.
+1. Turn off the **Allow** toggle (set to Block) to opt out of Microsoft Edge update policies. You see the notification: *Update in process. This setting will be unavailable until the update is complete.*
+1. Once the update is complete, you receive the notification: *This setting is updated*.
+
+> [!NOTE]
+> If the notification: *This setting couldn't be updated. Please try again or submit a support request.* appears, use the following steps:<ol><li>Refresh your page.</li><li>Please repeat the same steps in To allow or block Edge updates.</li><li>If the issue persists, [submit a support request](../manage/windows-autopatch-support-request.md).</li>
+
+**To verify if the Edge update setting is set to Allow:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
+3. The following profiles should be discoverable from the list of profiles:
+    1. Windows Autopatch - Microsoft Edge Update Channel Stable
+    2. Windows Autopatch - Microsoft Edge Update Channel Beta
+
+**To verify if the Edge update setting is set to Block:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
+3. The following **five** profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Microsoft Edge Configuration". The result should return *0 profiles filtered*.
+    1. Windows Autopatch - Microsoft Edge Update Channel Stable
+    2. Windows Autopatch - Microsoft Edge Update Channel Beta
+
+## Update release schedule
+
+Microsoft Edge checks for updates every 10 hours. Quality updates occur weekly by default. The Microsoft Edge product group [progressively](/deployedge/microsoft-edge-update-progressive-rollout) rolls out feature updates automatically every four weeks to ensure the best experience for customers. The update is available within a few days of the initial release.
+
+Browser updates with critical security fixes have a faster rollout cadence than updates that don't have critical security fixes to ensure fast protection from vulnerabilities.
+
+Devices in the Test device group receive feature updates from the [Beta Channel](/deployedge/microsoft-edge-channels#beta-channel). This channel is fully supported and automatically updated with new features approximately every four weeks.
+
+## Pause and resume updates
+
+Currently, Windows Autopatch can't pause or resume Microsoft Edge updates.
+
+## Incidents and outages
+
+If you're experiencing issues related to Microsoft Edge updates, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-exclude-device.md
similarity index 67%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-exclude-device.md
index 89a23620fb..1c024c812e 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-exclude-device.md
@@ -1,9 +1,9 @@
 ---
 title: Exclude a device
 description: This article explains how to exclude a device from the Windows Autopatch service
-ms.date: 08/08/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -16,9 +16,11 @@ ms.collection:
 
 # Exclude a device
 
-To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Microsoft Entra device records. Microsoft assumes you'll keep managing those devices yourself in some capacity.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
-When you exclude a device from the Windows Autopatch service, the device is flagged as **excluded** so Windows Autopatch doesn't try to restore the device into the service again, since the exclusion command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** group, or any other Microsoft Entra group, used with Autopatch groups.
+To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Microsoft Entra device records. Microsoft assumes you manage those devices yourself in some capacity.
+
+When you exclude a device from the Windows Autopatch service, the device is flagged as **Excluded** so Windows Autopatch doesn't try to restore the device into the service again. The exclusion command doesn't trigger device membership removal from any other Microsoft Entra group, used with Autopatch groups.
 
 > [!IMPORTANT]
 > The Microsoft Entra team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues.
@@ -28,7 +30,7 @@ When you exclude a device from the Windows Autopatch service, the device is flag
 1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Windows Autopatch** in the left navigation menu.
 1. Select **Devices**.
-1. In either the **Ready** or **Not ready** tab, select the device(s) you want to exclude.
+1. Select the devices you want to exclude.
 1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Exclude device**.
 
 > [!WARNING]
@@ -36,14 +38,14 @@ When you exclude a device from the Windows Autopatch service, the device is flag
 
 ## Only view excluded devices
 
-You can view the excluded devices in the **Not registered** tab to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service.
+You can view the excluded devices in the [**Devices report**](../deploy/windows-autopatch-register-devices.md#devices-report) to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service.
 
 **To view only excluded devices:**
 
 1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Windows Autopatch** in the left navigation menu.
 1. Select **Devices**.
-1. In the **Not registered** tab, select **Excluded** from the filter list. Leave all other filter options unselected.
+1. Select **Excluded** from the filter list. Leave all other filter options unselected.
 
 ## Restore a device or multiple devices previously excluded
 
@@ -52,5 +54,5 @@ You can view the excluded devices in the **Not registered** tab to make it easie
 1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Windows Autopatch** in the left navigation menu.
 1. Select **Devices**.
-1. In the **Not registered** tab, select the device(s) you want to restore.
+1. Select the devices you want to restore.
 1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Restore excluded device**.
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation.md
new file mode 100644
index 0000000000..2fae25dbc4
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation.md
@@ -0,0 +1,62 @@
+---
+title: Deactivate Windows Autopatch
+description: This article explains what deactivation means for your organization and what actions you must take.
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Deactivate Windows Autopatch
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+If you're looking to deactivate Windows Autopatch features, this article details what deactivation means for your organization and what actions you must take.
+
+> [!IMPORTANT]
+> You must be a Global Administrator to deactivate Windows Autopatch features.
+
+Deactivating from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team:
+
+- Removes Windows Autopatch access to your tenant.
+    - We remove the [Modern Workplace Management application](../references/windows-autopatch-changes-made-at-feature-activation.md#windows-autopatch-enterprise-applications) from your tenant that is used to run the Windows Autopatch service on your tenant
+- Excludes your devices from the Windows Autopatch service. Excluding your devices from Windows Autopatch doesn't remove your devices from Intune, Microsoft Entra ID or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Exclude a device](../manage/windows-autopatch-exclude-device.md).
+- Deletes all data that we stored in the Windows Autopatch data storage.
+
+> [!NOTE]
+> We will **not** delete any of your customer or Intune data.
+
+## Microsoft's responsibilities during deactivation
+
+| Responsibility | Description |
+| ----- | ----- |
+| Windows Autopatch data | Windows Autopatch deletes user data that is within the Windows Autopatch service. We don't make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). |
+| Excluding devices | Windows Autopatch excludes all devices previously registered with the service. Only the Windows Autopatch device record is deleted. We don't delete Microsoft Intune and/or Microsoft Entra device records. For more information, see [Exclude a device](../manage/windows-autopatch-exclude-device.md). |
+
+## Your responsibilities after deactivating Windows Autopatch features
+
+| Responsibility | Description |
+| ----- | ----- |
+| Updates | After the Windows Autopatch service is deactivated, we'll no longer provide updates to your devices.  You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. |
+| Optional Windows Autopatch configuration | Windows Autopatch doesn't remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant deactivation. If you don't wish to use these policies for your devices after deactivation, you can safely delete them. For more information, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md). |
+| Microsoft Intune roles | After deactivation, you can safely remove the Modern Workplace Intune Admin role. |
+
+## To Deactivate Windows Autopatch features
+
+**To deactivate Windows Autopatch features:**
+
+1. [Submit a support request](../manage/windows-autopatch-support-request.md) and request to deactivate Windows Autopatch features.
+1. The Windows Autopatch Service Engineering Team communicates with your IT Administrator to confirm your intent to deactivate Windows Autopatch features.
+    1. You have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team.
+    2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner.
+1. The Windows Autopatch Service Engineering Team proceeds with the removal of all items listed under [Microsoft's responsibilities during deactivation](#microsofts-responsibilities-during-deactivation).
+1. The Windows Autopatch Service Engineering Team informs you when deactivation is complete.
+1. You're responsible for the items listed under [Your responsibilities after deactivating Windows Autopatch features](#your-responsibilities-after-deactivating-windows-autopatch-features).
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-groups-policies.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-groups-policies.md
new file mode 100644
index 0000000000..4fa624de44
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-groups-policies.md
@@ -0,0 +1,48 @@
+---
+title: Autopatch group policies
+description: This article describes Autopatch group policies
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Autopatch group policies
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+The following Autopatch group policies are only created when you create an Autopatch group.
+
+## Update rings policy for Windows 10 and later
+
+Update rings policy for Windows 10 and later
+
+Autopatch groups set up the [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) for each of its deployment rings in the Default Autopatch group. See the following default policy values:
+
+| Policy name | Quality updates deferral in days | Feature updates deferral in days | Feature updates uninstall window in days | Deadline for quality updates in days | Deadline for feature updates in days | Grace period | Auto restart before deadline |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| Test | 0 | 0 | 30 | 0 | 5 | 0 | Yes |
+| Ring 1 | 1 | 0 | 30 | 2 | 5 |2 | Yes |
+| Ring 2 | 6 | 0 | 30 | 2 | 5 | 2 | Yes |
+| Ring 3 | 9 | 0 | 30 | 5 | 5 | 2 | Yes |
+| Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes |
+
+## Feature update policy for Windows 10 and later
+
+Autopatch groups set up the [feature updates for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates) for each of its deployment rings in the Default Autopatch group, see the following default policy values:
+
+| Policy name |Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| Autopatch group name - DSS Policy [Test]| Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024 |
+| Autopatch group name - DSS Policy [Ring1] | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024 |
+| Autopatch group name - DSS Policy [Ring2] | Windows 10 21H2 | Make update available as soon as possible | December 14, 2022 | December 21, 2022 | 1 | June 11, 2024 |
+| Autopatch group name - DSS Policy [Ring3] | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024 |
+| Autopatch group name - DSS Policy [Last] | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024 |
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md
new file mode 100644
index 0000000000..cce3435eec
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md
@@ -0,0 +1,138 @@
+---
+title: Manage Windows Autopatch groups
+description: This article explains how to manage Autopatch groups
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Manage Windows Autopatch groups
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Autopatch groups help Microsoft Cloud-Managed services meet organizations where they are in their update management journey.
+
+An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates policy for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).
+
+Before you start managing Autopatch groups, ensure you meet the [Windows Autopatch groups prerequisites](../deploy/windows-autopatch-groups-overview.md#prerequisites).
+
+## Create an Autopatch group
+
+> [!IMPORTANT]
+> Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
+
+> [!TIP]
+> For more information on workloads supported by Windows Autopatch groups, see [Supported software workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).<ul><li>To manage Microsoft 365 Apps for enterprise, you must create an Autopatch group first and [set the Microsoft 365 app update setting to Allow](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates).</li><li>To manage Microsoft Edge updates, you must create an Autopatch group first and [set the Edge update setting to Allow](../manage/windows-autopatch-edge.md#allow-or-block-microsoft-edge-updates).</li></ul>
+
+**To create an Autopatch group:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Tenant administration** from the left navigation menu.
+1. Under the **Windows Autopatch** section, select **Autopatch groups**.
+1. In the **Autopatch groups** blade, select **Create**.
+1. In the **Basics** page, enter a **name** and a **description** then select **Next: Deployment rings**.
+    1. Enter up to 64 characters for the Autopatch group name and 150 characters maximum for the description. The Autopatch group name is appended to both the update rings and the DSS policy names that get created once the Autopatch group is created.
+1. In the **Deployment rings** page, select **Add deployment ring** to add the number of deployment rings to the Autopatch group.
+1. Each new deployment ring added must have either a Microsoft Entra device group assigned to it, or a Microsoft Entra group that is dynamically distributed across your deployments rings using defined percentages.
+    1. In the **Dynamic groups** area, select **Add groups** to select one or more existing device-based Microsoft Entra groups to be used for Dynamic group distribution.
+    1. In the **Dynamic group distribution** column, select the desired deployment ring checkbox. Then, either:
+        1. Enter the percentage of devices that should be added from the Microsoft Entra groups selected in step 9. The percentage calculation for devices must equal to 100%, or
+        1. Select **Apply default dynamic group distribution** to use the default values.
+1. In the **Assigned group** column, select **Add group to ring** to add an existing Microsoft Entra group to any of the defined deployment rings. The **Test** and **Last** deployment rings only support Assigned group distribution. These deployment rings don't support Dynamic distribution.
+1. Select **Next: Windows Update settings**.
+1. Select the **horizontal ellipses (…)** > **Manage deployment cadence** to [customize your gradual rollout of Windows quality and feature updates](../manage/windows-autopatch-customize-windows-update-settings.md). Select **Save**.
+1. Select the **horizontal ellipses (…)** > **Manage notifications** to customize the end-user experience when receiving Windows updates. Select **Save**.
+1. Select **Review + create** to review all changes made.
+1. Once the review is done, select **Create** to save your Autopatch group.
+
+> [!CAUTION]
+> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.<p>Additionally, it's not supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.</p>
+
+> [!CAUTION]
+> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from creating or editing the Autopatch group.
+
+## Edit an Autopatch group
+
+> [!TIP]
+> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there's one or more on-going Windows feature update release targeted to this Autopatch group.**"
+> For more information on release and phase statuses, see [Windows feature update](../manage/windows-autopatch-windows-feature-update-overview.md).
+
+**To edit an Autopatch group:**
+
+1. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
+1. You can only modify the **description** of an Autopatch group. You **can't** modify the name. Once the description is modified, select **Next: Deployment rings**. To rename an Autopatch group, see [Rename an Autopatch group](#rename-an-autopatch-group).
+1. Make the necessary changes in the **Deployment rings** page, then select **Next: Windows Update settings**.
+1. Make the necessary changes in the **Windows Update settings** page, then select **Next: Review + save**.
+1. Select **Review + create** to review all changes made.
+1. Once the review is done, select **Save** to finish editing the Autopatch group.
+
+> [!IMPORTANT]
+> Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
+
+## Rename an Autopatch group
+
+**To rename an Autopatch group:**
+
+1. Select the **horizontal ellipses (…)** > **Rename** for the Autopatch group you want to rename. The **Rename Autopatch group** fly-in opens.
+1. In the **New Autopatch group name**, enter the new Autopatch group name of your choice, then select **Rename group**.
+
+> [!IMPORTANT]
+> Autopatch supports up to 64 characters for the Autopatch group name. Additionally, when you rename a Autopatch group all [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) associated with the Autopatch group are renamed to include the new Autopatch group name you define in its name string. Also, when renaming an Autopatch group all Microsoft Entra groups representing the Autopatch group's deployment rings are renamed to include the new Autopatch group name you define in its name string.
+
+## Delete an Autopatch group
+
+**To delete an Autopatch group:**
+
+1. Select the **horizontal ellipses (…)** > **Delete** for the Autopatch group you want to delete.
+1. Select **Yes** to confirm you want to delete the Autopatch group.
+
+> [!CAUTION]
+> You can't delete an Autopatch group when it's being used as part of one or more active or paused feature update releases. However, you can delete an Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses.
+
+## Manage device conflict scenarios when using Autopatch groups
+
+Overlap in device membership is a common scenario when working with device-based Microsoft Entra groups. Sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Microsoft Entra groups.
+
+Since Autopatch groups allow you to use your existing Microsoft Entra groups to create your own deployment ring composition, the service takes on the responsibility of monitoring and automatically solving some of the device conflict scenarios that might occur.
+
+> [!CAUTION]
+> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from creating or editing the Autopatch group.
+
+### Device conflict in deployment rings within an Autopatch group
+
+Autopatch groups use the following logic to solve device conflicts on your behalf within an Autopatch group:
+
+| Step | Description |
+| -----  | ----- |
+| Step 1: Checks for the deployment ring distribution type (**Assigned** or **Dynamic**) that the device belongs to. | For example, if a device is part of one deployment ring with **Dynamic** distribution (Ring3), and one deployment ring with **Assigned** distribution (Test) within the same Autopatch group, the deployment ring with **Assigned** distribution (Test) takes precedence over the one with the **Dynamic** distribution type (Ring3). |
+| Step 2: Checks for deployment ring ordering when device belongs to one or more deployment ring with the same distribution type (**Assigned** or **Dynamic**) | For example, if a device is part of one deployment ring with **Assigned** distribution (Test), and in another deployment ring with **Assigned** distribution (Ring3) within the **same** Autopatch group, the deployment ring that comes later (Ring3) takes precedence over the deployment ring that comes earlier (Test) in the deployment ring order. |
+
+> [!IMPORTANT]
+> When a device belongs to a deployment ring that has combined distribution types (**Assigned** and **Dynamic**), and a deployment ring that has only the **Dynamic** distribution type, the deployment ring with the combined distribution types takes precedence over the one with only the **Dynamic** distribution. If a device belongs to two deployment rings that have combined distribution types (**Assigned** and **Dynamic**), the deployment ring that comes later takes precedence over the deployment ring that comes earlier in the deployment ring order.
+
+### Device conflict across different Autopatch groups
+
+Device conflict across different deployment rings in different Autopatch groups might occur, review the following examples about how the Windows Autopatch services handles the following scenarios:
+
+#### Same device in different deployment rings across different Autopatch groups
+
+| Conflict scenario | Conflict resolution |
+| -----  | ----- |
+| You, the IT admin at Contoso Ltd., are using several Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade, you notice that the same device is part of different deployment rings across several different Autopatch groups. This device appears as **Not ready**. | You must resolve this conflict.<p>Autopatch groups inform you about the device conflict in the [**Devices report**](../deploy/windows-autopatch-register-devices.md#devices-report). Select the **Not ready** status for the device you want to address. You're required to manually indicate which of the existing Autopatch groups the device should exclusively belong to.</p> |
+
+#### Device conflict before device registration
+
+When you create or edit an Autopatch group, Windows Autopatch checks if the devices that are part of the Microsoft Entra groups, used in Autopatch groups’ deployment rings, are registered with the service.
+
+| Conflict scenario | Conflict resolution |
+| -----  | ----- |
+| Device conflict before device registration due to device membership overlap | You must resolve this conflict.<p>Devices fail to register with the service and are marked with a **Not registered** status. You’re required to make sure the Microsoft Entra groups that are used in an Autopatch group don’t have device membership overlaps.</p> |
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-driver-and-firmware-updates.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-driver-and-firmware-updates.md
new file mode 100644
index 0000000000..ddab13c440
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-driver-and-firmware-updates.md
@@ -0,0 +1,132 @@
+---
+title: Manage driver and firmware updates
+description: This article explains how you can manage driver and firmware updates with Windows Autopatch
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Manage driver and firmware updates
+
+You can manage driver and firmware profiles for Windows 10 and later devices. By using targeted policies, you can expedite a specific driver and firmware update to release to your tenant. For more information about driver updates for Windows 10 and later, see [Windows driver update management in Intune](/mem/intune/protect/windows-driver-updates-overview).
+
+## Driver and firmware controls
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+You can manage and control your driver and firmware updates by:
+
+- Controlling the flow of all drivers to an Autopatch group or rings within an Autopatch group
+- Controlling the flow of a specific driver or firmware across your entire tenant via approvals
+- Approving and deploying other drivers and firmware that previously couldn’t be centrally managed
+
+### Automatic and Manual modes
+
+The Autopatch service creates additional driver profiles on a per-deployment ring and per group basis within your tenant.
+
+> [!NOTE]
+> For more information about policies created for Driver updates for Windows 10 and later, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md#driver-updates-for-windows-10-and-later).
+
+Choosing between Automatic and Manual modes can be done per-deployment ring and/or per Autopatch group. For a single Autopatch group, a mix of both Automatic and Manual policies is allowed. If you were previously in Manual mode, we create Manual policies for all your group rings. If Automatic (the default) was previously used, we create Automatic policies instead.  
+
+> [!IMPORTANT]
+> If you switch between Automatic and Manual modes, new policies are generated to **replace old policies**. **You’ll lose any approvals, paused drivers, and declined drivers previously made for those groups and/or deployment rings**.
+
+| Modes | Description |
+| ----- | -----|
+| Automatic | We recommend using **Automatic** mode.<p>Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues occurred due to Windows Updates.</p><p>Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout. You can also choose to deploy additional drivers from the **Other** tab to your deployment rings or Autopatch groups that are set to **Automatic**.</p> |
+| Manual | When you use **Manual** mode, no drivers are installed in your environment without your explicit approval. You can also choose to deploy additional drivers from the Other tab to your deployment rings or Autopatch groups that are set to Manual.<p>Manual mode turns off Windows Autopatch’s automatic driver deployment. Instead, the Administrator controls the driver deployment.</p><p>The Administrator selects the individual drivers to be deployed to their tenant. Then, the Administrator can choose to approve those drivers for deployment. Drivers approved can vary between deployment rings.</p> |
+
+> [!NOTE]
+> In both Automatic and Manual modes, the drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch deployment rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.
+
+#### Set driver and firmware updates to Automatic or Manual mode
+
+**To set driver and firmware updates to Automatic or Manual mode:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Devices** > **Manage Updates** > **Windows Updates** > **Driver Updates** tab.
+1. Select the groups you’d like to modify. Find the Driver update settings section, then select Edit.
+1. Set the policy to be **Automatic** or **Manual** for each deployment ring within the previously selected group.  
+    1. If you select **Automatic**, you can choose a **Deferral period** in days from the dropdown menu.
+    2. If you select **Manual**, the deferral day setting can’t be set and displays **Not applicable**.
+1. Select **Review + Save** to review all changes made.
+1. Once the review is done, select **Save** to commit your changes.
+
+##### Choose the deferral period for driver and firmware updates for Automatic deployment rings
+
+For deployment rings set to **Automatic**, you can choose the deferral period for driver and firmware updates. The deferral period is the number of days that you must wait to deploy after a driver becomes available. By default, these deferral values match the values you set for your Windows quality updates.
+
+The deferral period allows you to delay the installation of driver and firmware updates on the devices in the specified deployment ring in case you want to test the update on a smaller group of devices first or avoid potential disruptions during a busy period.  
+
+The deferral period can be set from 0 to 14 days, and it can be different for each deployment ring.  
+
+> [!NOTE]
+> The deferral period only applies to automatically approved driver and firmware updates. An admin must specify the date to start offering a driver with any manual approval.
+
+### Recommended driver and firmware updates across managed devices
+
+#### Recommended drivers and firmware
+
+Recommended drivers are the best match for the 'required' driver updates that Windows Update can identify for a device. To be a recommended update, the OEM or driver publisher must mark the update as required and the update must be the most recent update version marked as required. These updates are the same ones available through Windows Update and are almost always the most current update version for a driver.
+
+When an OEM releases a newer update version that qualifies to be the new recommended driver, it replaces the previous update as the recommended driver update. If the older update version is still applicable to a device in the policy, it's moved to the **Other drivers** tab. If the older version was previously approved, it remains approved.
+
+##### Approve and deploy recommended drivers
+
+**To approve and deploy recommended drivers:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), navigate to **Devices** > **Manage updates** > **Windows updates** > **Driver updates**.
+1. Select **Manage drivers for Autopatch groups** or select one of the **Drivers to review** links.
+1. Select the driver or drivers you’d like to manage.  
+1. Select **Manage**. You can either:
+    1. Approve for all policies
+    2. Decline for all unreviewed policies
+    3. Manage for individual policies
+1. In the **Approve for all policies** dropdown, select the date to make the driver available through Windows Update.
+1. In the **Manage for individual policies** dropdown, select the policies to approve or decline the driver.
+1. Select **Save**.
+
+### Extensions and Plug and play driver updates
+
+Extensions and Plug and play driver updates might not require admin approval.
+
+| Driver update | Description |
+| ----- | ----- |
+| Extensions | Windows Autopatch doesn't manage extension drivers. They're easily identified by the term 'extension' in the name. Extensions are typically minor updates to a base driver package that can enhance, modify, or filter the functionality provided by the base driver. They play a crucial role in facilitating effective communication between the operating system and the hardware. If the device hasn't received drivers from Windows Update for some time, the device might have multiple extension drivers offered during the first scan. For more information, see [Why do my devices have driver updates installed that didn't pass through an updates policy?](/mem/intune/protect/windows-driver-updates-overview#why-do-my-devices-have-driver-updates-installed-that-didnt-pass-through-an-updates-policy). |
+| Plug and play | When Windows detects a hardware or software component (such as, but not limited to, a mouse, keyboard, or webcam) without an existing driver, it automatically downloads and installs the latest driver to ensure the component functions properly to keep the end-user productive. After the initial installation, the driver becomes manageable. Any additional updates require approval before being offered to the device. |
+
+### Other drivers and firmware
+
+Other driver updates are updates available from the original equipment manufacturer (OEM) aside from the current recommended driver update. These updates remain in the policy if they're newer than the driver version that is currently installed on at least one device with the policy.
+
+These updates can include:
+
+- A previously recommended update is superseded by a newer update version
+- Firmware updates
+- Optional driver updates, or updates that the OEM doesn't intend to be installed on all devices by default
+
+#### Approve and deploy other drivers
+
+**To approve and deploy other drivers:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), navigate to **Devices** > **Manage updates** > **Windows update** > **Driver Updates**.
+1. Select **Manage drivers for Autopatch groups** or select one of the **Drivers to review** links.
+1. Select **Other drivers** tab. You can either:
+1. Select the driver or drivers you’d like to manage.
+1. Select **Manage**. You can either:
+    1. Approve for all policies
+    2. Decline for all unreviewed policies
+    3. Manage for individual policies
+1. In the **Approve for all policies** dropdown, select the date to make the driver available through Windows Update.  
+1. In the **Manage for individual policies** dropdown, select the policies to approve or decline the driver.
+1. Select **Save**.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-apps-enterprise.md
similarity index 77%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-apps-enterprise.md
index f0c70e6586..2ba3d40763 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-apps-enterprise.md
@@ -1,9 +1,9 @@
 ---
 title: Microsoft 365 Apps for enterprise
 description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates
-ms.date: 10/27/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,8 +17,13 @@ ms.collection:
 
 # Microsoft 365 Apps for enterprise
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 ## Service level objective
 
+> [!IMPORTANT]
+> To update Microsoft 365 Apps for enterprise, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) first and **Microsoft 365 app update setting** must be set to [**Allow**](#allow-or-block-microsoft-365-app-updates). For more information on workloads supported by Windows Autopatch groups, see [Software update workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).
+
 Windows Autopatch aims to keep at least 90% of eligible devices on a [supported version](/deployoffice/overview-update-channels#support-duration-for-monthly-enterprise-channel) of the Monthly Enterprise Channel (MEC) for the:
 
 - [Enterprise Standard Suite](/deployoffice/about-microsoft-365-apps). The Enterprise Standard Suite includes Access, Excel, OneNote, Outlook, PowerPoint, and Word.
@@ -27,7 +32,7 @@ Windows Autopatch aims to keep at least 90% of eligible devices on a [supported
 Microsoft 365 Apps deployed on the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview) are supported for two months.
 
 > [!NOTE]
-> [Microsoft Teams](../operate/windows-autopatch-teams.md) uses a different update channel from the rest of Microsoft 365 Apps.
+> [Microsoft Teams](../manage/windows-autopatch-teams.md) uses a different update channel from the rest of Microsoft 365 Apps.
 
 ## Device eligibility
 
@@ -36,14 +41,14 @@ For a device to be eligible for Microsoft 365 Apps for enterprise updates (both
 - The device must be turned on and have an internet connection.
 - The device must be able to access the [required network endpoints](../prepare/windows-autopatch-configure-network.md#required-microsoft-product-endpoints) to reach the Office Content Delivery Network (CDN).
 - There are no policy conflicts between Microsoft Autopatch policies and customer policies.
-- The device must have checked into the Intune service in the last five days.
+- The device must check into the Intune service in the last five days.
 - If Microsoft 365 Apps are running, the apps must close for the update process to complete.
 
 ## Update release schedule
 
 All devices registered for Windows Autopatch receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
 
-Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](../references/windows-autopatch-microsoft-365-policies.md) that specifies how long the user has until the user must apply the update.
+Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](../manage/windows-autopatch-microsoft-365-policies.md) that specifies how long the user has until the user must apply the update.
 
 ## Deployment rings
 
@@ -63,7 +68,7 @@ Windows Autopatch configures the following end user experiences:
 
 Updates are only applied when Microsoft 365 Apps aren't running. Therefore, [end user notifications for Microsoft 365 Apps](/deployoffice/updates/end-user-update-notifications-microsoft-365-apps) usually appear when:
 
-- The user is working in a Microsoft 365 App, such as Microsoft Outlook, and hasn't closed it in several days.
+- The user is working in a Microsoft 365 App, such as Microsoft Outlook, and didn't closed it in several days.
 - The update [deadline arrives](/deployoffice/updates/end-user-update-notifications-microsoft-365-apps#notifications-your-users-see-when-you-set-an-update-deadline-for-microsoft-365-apps) and the updates still aren't applied.
 
 ### Office client app configuration
@@ -74,7 +79,7 @@ To ensure that users are receiving automatic updates, Windows Autopatch prevents
 
 Windows Autopatch doesn't allow you to pause or roll back an update in the Microsoft Intune admin center.
 
-[Submit a support request](../operate/windows-autopatch-support-request.md) to the Windows Autopatch Service Engineering Team to pause or roll back an update when needed.
+[Submit a support request](../manage/windows-autopatch-support-request.md) to the Windows Autopatch Service Engineering Team to pause or roll back an update when needed.
 
 > [!NOTE]
 > Updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). Therefore, we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise.
@@ -94,19 +99,19 @@ For organizations seeking greater control, you can allow or block Microsoft 365
 **To allow or block Microsoft 365 App updates:**
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Navigate to the **Devices** > **Release Management** > **Release settings**.
-3. Go to the **Microsoft 365 apps updates** section. By default, the **Allow/Block** toggle is set to **Allow**.
-4. Turn off the **Allow** toggle to opt out of Microsoft 365 App update policies. You'll see the notification: *Update in process. This setting will be unavailable until the update is complete.*
-5. Once the update is complete, you'll receive the notification: *This setting is updated.*
+2. Navigate to the **Tenant administration** > **Windows Autopatch** > **Autopatch groups** > **Update settings**.
+3. Go to the **Microsoft 365 apps updates** section. By default, the **Allow/Block** toggle is set to **Block**.
+4. Turn off the **Allow** toggle to opt out of Microsoft 365 App update policies. You see the notification: *Update in process. This setting will be unavailable until the update is complete.*
+5. Once the update is complete, you receive the notification: *This setting is updated.*
 
 > [!NOTE]
-> If the notification: *This setting couldn't be updated. Please try again or submit a support request.* appears, use the following steps:<ol><li>Refresh your page.</li><li>Please repeat the same steps in To block Windows Autopatch Microsoft 365 apps updates.</li><li>If the issue persists, [submit a support request](../operate/windows-autopatch-support-request.md).</li>
+> If the notification: *This setting couldn't be updated. Please try again or submit a support request.* appears, use the following steps:<ol><li>Refresh your page.</li><li>Please repeat the same steps in To block Microsoft 365 apps updates.</li><li>If the issue persists, [submit a support request](../manage/windows-autopatch-support-request.md).</li>
 
 **To verify if the Microsoft 365 App update setting is set to Allow:**
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
-3. The following **five** profiles should be discoverable from the list of profiles:
+3. The following profiles should be discoverable from the list of profiles:
     1. Windows Autopatch - Office Configuration
     2. Windows Autopatch - Office Update Configuration [Test]
     3. Windows Autopatch - Office Update Configuration [First]
@@ -117,7 +122,7 @@ For organizations seeking greater control, you can allow or block Microsoft 365
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
-3. The following **five** profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Office Configuration". The result should return *0 profiles filtered*.
+3. The following profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Office Configuration". The result should return *0 profiles filtered*.
     1. Windows Autopatch - Office Configuration
     2. Windows Autopatch - Office Update Configuration [Test]
     3. Windows Autopatch - Office Update Configuration [First]
@@ -128,12 +133,8 @@ For organizations seeking greater control, you can allow or block Microsoft 365
 
 [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
 
-A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management.
-
-However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload.
+A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management. However, the device might still be eligible for other managed updates.
 
 ## Incidents and outages
 
-If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident is raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
-
-If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../operate/windows-autopatch-support-request.md).
+If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../manage/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-policies.md
similarity index 91%
rename from windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-policies.md
index c08d4cf821..b82a92e490 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-policies.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft 365 Apps for enterprise update policies
 description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
-ms.date: 06/23/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -16,6 +16,8 @@ ms.collection:
 
 # Microsoft 365 Apps for enterprise update policies
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 ## Conflicting and unsupported policies
 
 Deploying any of the following policies to a managed device makes that device ineligible for management since the device prevents us from delivering the service as designed.
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-release-schedule.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-release-schedule.md
new file mode 100644
index 0000000000..3b0fc4bdb1
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-release-schedule.md
@@ -0,0 +1,35 @@
+---
+title: Manage the release schedule
+description: How to manage the release schedule
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Manage the Release schedule
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+Windows Autopatch provides a unique update experience and a single view for all your current quality, feature, and driver and firmware releases. This view:
+
+- Consolidates all your applicable policies into a view consolidated by releases
+- Provides an all-up summary of the current release applicable to your tenant
+
+When you select a release, Windows Autopatch provides a list view of associated policies and metrics including:
+
+- Start and end dates
+- percentage complete
+
+These metrics are a summary of the individual workload views that should be used to manage your updates.
+
+> [!NOTE]
+> **The device count metric is only available if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-support-request.md
similarity index 79%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-support-request.md
index 13b19e6e47..6465a2a404 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-support-request.md
@@ -1,9 +1,9 @@
 ---
 title: Submit a support request
 description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
-ms.date: 09/06/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,6 +17,8 @@ ms.collection:
 
 # Submit a support request
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 > [!IMPORTANT]
 > Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with remediating issues.
 
@@ -29,7 +31,7 @@ Support requests are triaged and responded to as they're received.
 1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant administration** menu.
 1. In the **Windows Autopatch** section, select **Support requests**.
 1. In the **Support requests** section, select **+ New support request**.
-1. Enter your question(s) and/or a description of the problem.
+1. Enter your questions and/or a description of the problem.
 1. Review all the information you provided for accuracy.
 1. When you're ready, select **Create**.
 
@@ -44,12 +46,12 @@ Depending on your support contract, the following severity options are available
 
 | Support contract | Severity options |
 | ----- | ----- |
-| Premier | Severity A, B or C |
-| Unified | Critical or non-critical |
+| Premier | Severity A, B, or C |
+| Unified | Critical or noncritical |
 
 ## Manage an active support request
 
-The primary contact for the support request will receive email notifications when a case is created, assigned to a service engineer to investigate, and mitigated. If, at any point, you have a question about the case, the best way to get in touch is to reply directly to one of those emails. If we have questions about your request or need more details, we'll email the primary contact listed on the support requests.
+The primary contact for the support request receives email notifications when a case is created, assigned to a service engineer to investigate, and mitigated. If, at any point, you have a question about the case, the best way to get in touch is to reply directly to one of those emails. If we have questions about your request or need more details, we email the primary contact listed on the support requests.
 
 ## View all your active support requests
 
@@ -75,7 +77,7 @@ You can edit support request details, for example, updating the primary case con
 1. Update the editable information, add attachments to the case, or add a note for the Windows Autopatch Service Engineering Team.
 1. Select **Save**.
 
-Once a support request is mitigated, it can no longer be edited. If a request has been mitigated for less than 24 hours, you'll see the option to reactivate instead of edit. Once reactivated, you can again edit the request.
+Once a support request is mitigated, it can no longer be edited. If a request was mitigated in less than 24 hours, you can reactivate instead of edit. Once reactivated, you can again edit the request.
 
 ## Microsoft FastTrack
 
@@ -83,4 +85,4 @@ Once a support request is mitigated, it can no longer be edited. If a request ha
 
 Customers who need help with Microsoft 365 workloads can sign in to [Microsoft FastTrack](https://fasttrack.microsoft.com/) with a valid Azure ID and submit a Request for Assistance.
 
- Contact your Microsoft account team if you need additional assistance.
+Contact your Microsoft account team if you need additional assistance.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-teams.md
similarity index 70%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-teams.md
index b474ff2498..e6b32fd7ca 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-teams.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft Teams
 description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
-ms.date: 09/15/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -17,6 +17,8 @@ ms.collection:
 
 # Microsoft Teams
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 Windows Autopatch uses the [standard automatic update channel](/microsoftteams/teams-client-update#can-admins-deploy-updates-instead-of-teams-auto-updating) for Microsoft Teams.
 
 ## Device eligibility
@@ -30,13 +32,13 @@ For a device to be eligible for automated Teams updates as a part of Windows Aut
 
 ## Update release schedule
 
-The Teams desktop client updates are released once a month for all users, and twice a month for members of the Technology Adoption Program (TAP).
+The Teams desktop client updates are released once a month for all users, and twice a month for members of the [Technology Adoption Program (TAP)](https://developer.microsoft.com/microsoft-365/tap).
 
-Updates undergo vigorous internal testing and are first released to members of TAP for validation. The update usually takes place on a Monday. If a critical update is needed, Teams will bypass this schedule and release the update as soon as it's available.
+Updates undergo vigorous internal testing and are first released to members of [Technology Adoption Program (TAP)](https://developer.microsoft.com/microsoft-365/tap) for validation. The update usually takes place on a Monday. If a critical update is needed, Teams bypasses this schedule and releases the update as soon as it's available.
 
 ## End user experience
 
-Teams will check for updates every few hours behind the scenes, download the updates, and then will wait for the computer to be idle for at least 40 minutes before automatically installing the update.
+Teams checks for updates every few hours behind the scenes, download the updates, and then waits for the computer to be idle for at least 40 minutes before automatically installing the update.
 
 When an update is available, the following are required to be able to download the update:
 
@@ -47,7 +49,7 @@ When an update is available, the following are required to be able to download t
 > [!NOTE]
 > If a user is on a version of Teams that is out of date, Teams will force the user to update prior to allowing them to use the application.
 
-## Pausing and resuming updates
+## Pause and resume updates
 
 Windows Autopatch can't pause or resume Teams updates.
 
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-troubleshoot-programmatic-controls.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-troubleshoot-programmatic-controls.md
new file mode 100644
index 0000000000..62a8d7c8e5
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-troubleshoot-programmatic-controls.md
@@ -0,0 +1,63 @@
+---
+title: Troubleshoot programmatic controls
+titleSuffix: Windows Autopatch
+description: Solutions to commonly encountered problems when using Windows Autopatch API.
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: troubleshooting
+ms.author: tiaraquan
+author: tiaraquan
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 09/16/2024
+---
+
+# Troubleshoot programmatic controls
+
+This troubleshooting guide addresses the most common issues that IT administrators face when using Windows Autopatch API. For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
+
+## The device isn't receiving an update that I deployed
+
+- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](/windows/deployment/update/waas-configure-wufb) and [Pause quality updates](/windows/deployment/update/waas-configure-wufb).
+- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](/windows/deployment/update/safeguard-holds) and [Opt out of safeguard holds](/windows/deployment/update/safeguard-opt-out).
+- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* doesn't deploy content to devices.
+- Check that the device was scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](/windows/deployment/update/how-windows-update-works#scanning-updates).
+- **Feature updates only**: Check that the device is successfully enrolled in feature update management. A device that is successfully enrolled will be represented by a Microsoft Entra device resource with an update management enrollment for feature updates and have no Microsoft Entra device registration errors.
+- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`.
+
+## The device is receiving an update that I didn't deploy
+
+- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](/windows/deployment/update/how-windows-update-works#scanning-updates).
+- **Feature updates only**: Check that the device is successfully enrolled in feature update management. A device that isn't successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by a Microsoft Entra device resource with an update management enrollment for feature updates and have no Microsoft Entra device registration errors.
+
+### The device installed a newer update than the expedited update I deployed
+
+There are some scenarios when a deployment to expedite an update results in the installation of a more recent update than specified in policy. This result occurs when the newer update includes and surpasses the specified update, and that newer update is available before a device checks in to install the update that's specified in the expedited update policy.
+
+Installing the most recent quality update reduces disruptions to the device and user while applying the benefits of the intended update. This avoids having to install multiple updates, which each might require separate reboots.
+
+A more recent update is deployed when the following conditions are met:
+
+- The device isn't targeted with a deferral policy that blocks installation of a more recent update. In this case, the most recently available update that isn't deferred is the update that might install.
+
+- During the process to expedite an update, the device runs a new scan that detects the newer update. This can occur due to the timing of:
+  - When the device restarts to complete installation
+  - When the device runs its daily scan
+  - When a new update becomes available
+
+  When a scan identifies a newer update, Windows Update attempts to stop installation of the original update, cancel the restart, and then starts the download and installation of the more recent update.
+
+While expedite update deployments override an update deferral for the update version that's specified, they don't override deferrals that are in place for any other update version.
+
+<!--Using include for Update Health Tools log location-->
+[!INCLUDE [Windows Autopatch Update Health Tools](../includes/windows-autopatch-update-health-tools-logs.md)]
+
+## Policy considerations for drivers
+
+<!--Using include for Policy considerations for drivers-->
+[!INCLUDE [Windows Autopatch driver policy considerations](../includes/windows-autopatch-driver-policy-considerations.md)]
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md
new file mode 100644
index 0000000000..e68df90cbb
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md
@@ -0,0 +1,68 @@
+---
+title: Manage Update rings
+description: How to manage update rings
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Manage Update rings
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+You can manage Update rings for Windows 10 and later devices with Windows Autopatch. Using Update rings, you can control when and how updates are installed on your devices. For more information, see  [Configure Update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings).
+
+## Import Update rings for Windows 10 and later
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+You can import your organization’s existing Intune Update rings for Windows 10 and later into Windows Autopatch. Importing your organization’s Update rings provides the benefits of the Windows Autopatch's reporting and device readiness without the need to redeploy, or change your organization’s existing update rings.
+
+Imported rings automatically register all targeted devices into Windows Autopatch. For more information about device registration, see the [device registration workflow diagram](../deploy/windows-autopatch-register-devices.md#detailed-device-registration-workflow-diagram).
+
+> [!NOTE]
+> Devices which are registered as part of an imported ring, might take up to 72 hours after the devices have received the latest version of the policy, to be reflected in Windows Autopatch devices blade and reporting. For more information about reporting, see [Windows quality and feature update reports overview](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md).
+
+> [!NOTE]
+> Device registration failures don't affect your existing update schedule or targeting. However, devices that fail to register might affect Windows Autopatch's ability to provide reporting and insights. Any conflicts should be resolved as needed. For additional assistance, [submit a support request](../manage/windows-autopatch-support-request.md).
+
+### To import Update rings for Windows 10 and later
+
+**To import Update rings for Windows 10 and later:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Devices** from the left navigation menu.
+3. Under the **Manage updates** section, select **Windows updates**.
+4. In the **Windows updates** blade, go to the **Update rings** tab.
+5. Select **Enroll policies**.
+6. Select the existing rings you would like to import.
+7. Select **Import**.
+
+### Remove an imported Update ring for Windows 10 and later
+
+**To remove an Imported Update rings for Windows 10 and later:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Devices** from the left navigation menu.
+3. Under the **Manage updates** section, select **Windows updates**.
+4. In the **Windows updates** blade, go to the **Update rings**.
+5. Select the Update rings for Windows 10 and later you would like to remove.
+6. Select the **horizontal ellipses (...)** and select **Remove**.
+
+### Known limitations
+
+The following Windows Autopatch features aren't available with imported Intune Update rings:
+
+- [Autopatch groups](../deploy/windows-autopatch-groups-overview.md) and [features dependent on Autopatch groups](../deploy/windows-autopatch-groups-overview.md#supported-configurations)
+- [Moving devices in between deployment rings in devices](../deploy/windows-autopatch-register-devices.md#move-devices-in-between-deployment-rings)
+- [Automated deployment ring remediation functions](../deploy/windows-autopatch-device-registration-overview.md#automated-deployment-ring-remediation-functions)
+- [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md
new file mode 100644
index 0000000000..cd90f48781
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md
@@ -0,0 +1,143 @@
+---
+title: Windows feature updates overview
+description: This article explains how Windows feature updates are managed
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: overview
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Windows feature update
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch provides tools to assist with the controlled roll out of annual Windows feature updates. These policies provide tools to allow version targeting, phased releases, and even Windows 10 to Windows 11 update options. For more information about how to configure feature update profiles, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
+
+## Multi-phase feature update
+
+Multi-phase feature update allows you to create customizable feature update deployments using multiple phases for your [existing Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md). These phased releases can be tailored to meet your organizational unique needs.
+
+### Release statuses
+
+A release is made of one or more phases. The release status is based on the calculation and consolidation of each phase status.
+
+The release statuses are described in the following table:
+
+| Release status | Definition | Options |
+| ----- | ----- | ----- |
+| Scheduled | Release is scheduled and not all phases created its Windows feature update policies |<ul><li>Releases with the **Scheduled status** can't be canceled but can have its deployment cadence edited as not all phases created its Windows feature update policies.</li><li>Autopatch groups and its deployment rings that belong to a **Scheduled** release can't be assigned to another release.</li></ul> |
+| Active | All phases in the release are active. All phases reached their first deployment date, which created the Windows feature update policies. |<ul><li>Release can be paused but can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Autopatch groups and their deployment rings can be assigned to another release.</li></ul> |
+| Inactive | All the Autopatch groups within the release are assigned to a new release. As a result, the Windows feature update policies were unassigned from all phases from within the release. |<ul><li>Release can be viewed as a historical record.</li><li>Releases can't be deleted, edited, or canceled.</li></ul> |
+| Paused | All phases in the release are paused. The release remains paused until you resume it. | <ul><li>Releases with the Paused status can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Release can be resumed.</li></ul> |
+| Canceled | All phases in the release are canceled. | <ul><li>Releases with the Canceled status can't be edited or canceled since the Windows feature update policy wasn't created for its phases.</li><li>Canceled release can't be deleted.</li></ul> |
+
+#### Phase statuses
+
+A phase is made of one or more [Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#autopatch-group-deployment-rings). Each phase reports its status to its release.
+
+> [!IMPORTANT]
+> The determining factor that makes a phase status transition from **Scheduled** to **Active** is when the service automatically creates the Windows feature update policy for each Autopatch group deployment ring. Additionally, the phase status transition from **Active** to **Inactive** occurs when Windows feature update policies are unassigned from the Autopatch groups that belong to a phase. This can happen when an Autopatch group and its deployment rings are re-used as part of a new release.
+
+| Phase status | Definition |
+| ----- | ----- |
+| Scheduled | The phase is scheduled but didn't reach its first deployment date yet. The Windows feature update policy wasn't created for the respective phase yet. |
+| Active | The first deployment date reached. The Windows feature update policy was created for the respective phase. |
+| Inactive | All Autopatch groups within the phase are reassigned to a new release. All Windows feature update policies were unassigned from the Autopatch groups. |
+| Paused | Phase is paused. You must resume the phase. |
+| Canceled | Phase is canceled. All Autopatch groups within the phase can be used with a new release. A phase that is canceled can't be deleted. |
+
+#### Phase policy configuration
+
+For more information about Windows feature update policies that are created for phases within a release, see [Windows feature update policies](../manage/windows-autopatch-windows-feature-update-policies.md).
+
+## Create a custom release
+
+**To create a custom release:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** from the left navigation menu.
+1. Under the **Manage updates** section, select **Windows updates**.
+1. In the **Windows updates** blade, select the **Feature updates** tab.
+1. Select **Create Autopatch multi-phase release**.
+1. In the **Basics** page:
+    1. Enter a **Name** for the custom release.
+    2. Select the **Version** to deploy.
+    3. Enter a **Description** for the custom release.
+    4. Select **Next**.
+1. In the **Autopatch groups** page, choose one or more existing Autopatch groups you want to include in the custom release, then select Next.
+1. You can't choose Autopatch groups that are already part of an existing custom release. Select **Autopatch groups assigned to other releases** to review existing assignments.
+1. In the Release phases page, review the number of autopopulated phases. You can Edit, Delete, and Add a phase based on your needs. Once you're ready, select **Next**. **Before you proceed to the next step**, all deployment rings must be assigned to a phase, and all phases must have deployment rings assigned.
+1. In the **Release schedule** page, choose **First deployment date**, and the number of **Gradual rollout groups**, then select **Next**. **You can only select the next day**, not the current day, as the first deployment date. The service creates feature update policy for Windows 10 and later twice a day at 4:00AM and 4:00PM (UTC) and can't guarantee that the release starts on the current day given the UTC variance across the globe.
+    1. The **Goal completion date** only applies to the [Deadline-driven deployment cadence type](../operate/windows-autopatch-groups-windows-update.md#deadline-driven). The Deadline-drive deployment cadence type can be specified when you configure the Windows Updates settings during the Autopatch group creation/editing flow.
+    2. Additionally, the formula for the goal completion date is `<First Deployment Date> + (<Number of gradual rollout groups> - 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days)`.
+1. In the **Review + create** page, review all settings. Once you're ready, select **Create**.
+
+> [!NOTE]
+> Custom releases can't be deleted from the Feature updates tab in the Windows updates blade. The custom release record serves as a historical record for auditing purposes when needed.
+
+## Edit a custom release
+
+> [!NOTE]
+> Only custom releases that have the **Scheduled** status can be edited. A release phase can only be edited prior to reaching its first deployment date. Additionally, you can only edit the deployment dates when editing a release.
+
+**To edit a custom release:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** from the left navigation menu.
+1. Under the **Manage updates** section, select **Windows updates**.
+1. In the **Windows update** blade, select the **Feature updates** tab.
+1. In the **Feature updates** tab, select the **horizontal ellipses (…)** > Edit to customize your gradual rollout of your feature updates release, then select **Save**.
+    1. Only the release schedule can be customized when using the edit function. You can't add or remove Autopatch groups or modify the phase order when editing a release.
+1. Select **Review + Create**.
+1. Select **Apply** to save your changes.
+
+## Cancel a release
+
+> [!IMPORTANT]
+> You can only cancel a release under the **Scheduled** status. You cannot cancel a release under the **Active**, **Inactive, or **Paused** statuses.
+
+**To cancel a release:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** from the left navigation menu.
+1. Under the **Manage updates** section, select **Windows updates**.
+1. In the **Windows updates** blade, select the **Feature updates** tab.
+1. In the **Feature updates** tab, select the **horizontal ellipses (…)** > **Cancel** to cancel your feature updates release.
+1. Select a reason for cancellation from the dropdown menu.
+1. Optional. Enter details about why you're pausing or resuming the selected update.
+1. Select **Cancel deployment** to save your changes.
+
+## Pause and resume a release
+
+> [!IMPORTANT]
+> **Pausing or resuming an update can take up to eight hours to be applied to devices**. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates. For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
+
+**To pause and resume a release:**
+
+> [!IMPORTANT]
+> **You can only pause an Autopatch group if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>
+
+> [!NOTE]
+> If you pause an update, the specified release has the **Paused** status. The Windows Autopatch service can't overwrite IT admin's pause. You must select **Resume** to resume the update. [The **Paused by Service Pause** status **only** applies to Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release). Windows Autopatch doesn't pause Windows feature updates on your behalf.
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** from the left navigation menu.
+1. Under the **Manage updates** section, select **Windows updates**.
+1. In the **Windows updates** blade, select the **Feature updates** tab.
+1. In the **Feature updates** tab, select the **horizontal ellipses (…)** > **Pause** or **Resume** to pause or resume your feature updates release.
+1. Select a reason from the dropdown menu.
+1. Optional. Enter details about why you're pausing or resuming the selected update.
+1. If you're resuming an update, you can select one or more deployment rings.
+1. Select **Pause deployment** or **Resume deployment** to save your changes.
+
+## Roll back a release
+
+Windows Autopatch doesn't support the rollback of Windows feature updates through its end-user experience flows.
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md
new file mode 100644
index 0000000000..37b1203eff
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md
@@ -0,0 +1,111 @@
+---
+title: Windows feature updates policies
+description: This article describes Windows feature update policies used in Windows Autopatch
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Windows feature update policies
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+## Windows feature updates for Windows 10 and later
+
+These policies control the minimum target version of Windows that a device is meant to accept. Throughout the rest of the article, these policies are referred to as DSS policies. There are four of these policies in your tenant with the following naming convention:
+
+**`Modern Workplace DSS Policy [ring name]`**
+
+### Windows feature update deployment settings
+
+| Setting name | Test | First | Fast | Broad |
+| ----- | ----- | ----- | ----- | ----- |
+| Name | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows |
+| Rollout options | Immediate start | Immediate start | Immediate start | Immediate start |
+
+### Windows feature update policy assignments
+
+| Setting name | Test | First | Fast | Broad |
+| ----- | ----- | ----- | ----- | ----- |
+| Included groups | Modern Workplace Devices-Windows Autopatch-Test  | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad |
+
+## Default release policy configuration
+
+You can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
+
+| Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| Windows Autopatch - DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch - DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch - DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch - DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023  | N/A | N/A | June 11, 2024 |
+
+> [!NOTE]
+> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
+
+## Global release policy configuration
+
+Windows Autopatch configures the values for its global Windows feature update policy. See the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
+
+| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| Windows Autopatch - Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A  | N/A | N/A | June 11, 2024 |
+
+> [!NOTE]
+> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
+
+### Difference between the default and global update policies
+
+> [!IMPORTANT]
+> Once you create a custom Windows feature update release, both the global and the default Windows feature update policies are unassigned from Autopatch group's deployment rings behind the scenes.
+
+The differences in between the global and the default Windows feature update policy values are:
+
+| Default Windows feature update policy | Global Windows feature update policy |
+| ----- | ----- |
+| <ul><li>Set by default with an Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in an Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of an Autopatch group customization</li><li>Set by default and assigned to all deployment rings created as part of Autopatch groups.</li></ul> |
+
+## Windows Update ring policies
+
+Feature update policies work with Windows Update rings policies. Windows Update rings policies are created for each deployment ring for the [Autopatch group](../deploy/windows-autopatch-groups-overview.md#key-benefits) based on the deployment settings you define. The policy name convention is **`Windows Autopatch Update Policy - <Autopatch group name> - <Deployment group name>`**.
+
+The following table details the default Windows Update rings policy values that affect either the default or custom Windows feature updates releases:
+
+| Policy name | Microsoft Entra group assignment | Quality updates deferral in days | Feature updates deferral in days | Feature updates uninstall window in days | Deadline for quality updates in days | Deadline for feature updates in days | Grace period | Auto restart before deadline |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| Windows Autopatch Update Policy - Default - Test | Windows Autopatch - Test | 0 | 0 | 30 | 0 | 5 | 0 | Yes |
+| Windows Autopatch Update Policy - Default - Ring1 | Windows Autopatch - Ring1 | 1 | 0 | 30 | 2 | 5 |2 | Yes |
+| Windows Autopatch Update Policy - Default - Ring2 | Windows Autopatch - Ring2 | 6 | 0 | 30 | 2 | 5 | 2 | Yes |
+| Windows Autopatch Update Policy - Default - Ring3 | Windows Autopatch - Ring3 | 9 | 0 | 30 | 5 | 5 | 2 | Yes |
+| Windows Autopatch Update Policy - Default - Last | Windows Autopatch - Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes |
+
+> [!IMPORTANT]
+> When you create a custom Windows feature update release, new Windows feature update policies are:<ul><li>Created corresponding to the settings you defined while creating the release.</li><li>Assigned to the Autopatch group's deployment rings you select to be included in the release.</li></ul>
+
+## Phase policy configuration
+
+Windows Autopatch creates one Windows feature update policy per phase using the following naming convention:
+
+**`Windows Autopatch - DSS policy - <Release Name> - Phase <Phase Number>`**
+
+These policies can be viewed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+The following table is an example of the Windows feature update policies that were created for phases within a release:
+
+| Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| Windows Autopatch - DSS Policy - My feature update release - Phase 1  | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release - Phase 2  | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release - Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release - Phase 4  | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release - Phase 5  | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 |
+
diff --git a/windows/deployment/update/deployment-service-feature-updates.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-programmatic-controls.md
similarity index 79%
rename from windows/deployment/update/deployment-service-feature-updates.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-programmatic-controls.md
index 99d6c26f7c..db264d3c4f 100644
--- a/windows/deployment/update/deployment-service-feature-updates.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-programmatic-controls.md
@@ -1,12 +1,12 @@
 ---
-title: Deploy feature updates 
-titleSuffix: Windows Update for Business deployment service
-description: Use Windows Update for Business deployment service to deploy feature updates to devices in your organization. 
+title: Programmatic controls for feature updates 
+titleSuffix: Windows Autopatch
+description: Use programmatic controls to deploy feature updates to devices in your organization. 
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.author: mstewart
-author: mestew
+ms.subservice: autopatch
+ms.topic: how-to
+ms.author: tiaraquan
+author: tiaraquan
 manager: aaroncz
 ms.collection:
   - tier1
@@ -14,17 +14,21 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 08/29/2023
+ms.date: 09/16/2024
 ---
 
-# Deploy feature updates with Windows Update for Business deployment service
+# Programmatic controls for Windows feature updates
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
 <!--7512398-->
-The Windows Update for Business deployment service is used to approve and schedule software updates. The deployment service exposes its capabilities through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune). 
+Windows Autopatch programmatic controls are used to approve and schedule software updates through [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune).
 
 This article uses [Graph Explorer](/graph/graph-explorer/graph-explorer-overview) to walk through the entire process of deploying a feature update to clients. In this article, you will:
 
 In this article, you will:
 > [!div class="checklist"]
+>
 > * [Open Graph Explorer](#open-graph-explorer)
 > * [Run queries to identify devices](#run-queries-to-identify-devices)
 > * [Enroll devices](#enroll-devices)
@@ -35,36 +39,35 @@ In this article, you will:
 > * [Delete a deployment](#delete-a-deployment)
 > * [Unenroll devices](#unenroll-devices)
 
-
 ## Prerequisites
 
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
+All of the [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md) must be met.
 
 ### Permissions
 
 <!--Using include for Graph Explorer permissions-->
-[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-graph-explorer-permissions.md)]
+[!INCLUDE [Windows Autopatch permissions using Graph Explorer](../includes/windows-autopatch-graph-explorer-permissions.md)]
 
 ## Open Graph Explorer
 
 <!--Using include for Graph Explorer sign in-->
-[!INCLUDE [Graph Explorer sign in](./includes/wufb-deployment-graph-explorer.md)]
+[!INCLUDE [Graph Explorer sign in](../includes/windows-autopatch-graph-explorer.md)]
 
 ## Run queries to identify devices
 
 <!--Using include for Graph Explorer device queries-->
-[!INCLUDE [Graph Explorer device queries](./includes/wufb-deployment-find-device-name-graph-explorer.md)]
+[!INCLUDE [Graph Explorer device queries](../includes/windows-autopatch-find-device-name-graph-explorer.md)]
 
 ## Enroll devices
 
-When you enroll devices into feature update management, the deployment service becomes the authority for feature updates coming from Windows Update.
-As long as a device remains enrolled in feature update management through the deployment service, the device doesn't receive any other feature updates from Windows Update unless explicitly deployed using the deployment service. A device is offered the specified feature update if it hasn't already received the update. For example, if you deploy Windows 11 feature update version 22H2 to a device that's enrolled into feature update management and is currently on an older version of Windows 11, the device updates to version 22H2. If the device is already running version 22H2 or a later version, it stays on its current version.
+When you enroll devices into feature update management, Windows Autopatch becomes the authority for feature updates coming from Windows Update.
+As long as a device remains enrolled in feature update management through Windows Autopatch, the device doesn't receive any other feature updates from Windows Update unless explicitly deployed using Windows Autopatch. A device is offered the specified feature update if it hasn't already received the update. For example, if you deploy Windows 11 feature update version 22H2 to a device that's enrolled into feature update management and is currently on an older version of Windows 11, the device updates to version 22H2. If the device is already running version 22H2 or a later version, it stays on its current version.
 
 > [!TIP]
-> Windows Update for Business reports has a [workbook](wufb-reports-workbook.md#feature-updates-tab) that displays the current operating system version for devices. In the workbook, go to the **Feature updates** tab and in the **In Service feature update** tile, select the **View details** link to open the details flyout. The OS version and Microsoft Entra ID of devices can easily be exported into a .csv file or opened in [Azure Monitor Logs](/azure/azure-monitor/logs/log-query-overview) to help when creating a deployment audience.
+> Windows Update for Business reports has a [workbook](/windows/deployment/update/wufb-reports-workbook#feature-updates-tab) that displays the current operating system version for devices. In the workbook, go to the **Feature updates** tab and in the **In Service feature update** tile, select the **View details** link to open the details flyout. The OS version and Microsoft Entra ID of devices can easily be exported into a .csv file or opened in [Azure Monitor Logs](/azure/azure-monitor/logs/log-query-overview) to help when creating a deployment audience.
 
 <!--Using include for enrolling devices using Graph Explorer-->
-[!INCLUDE [Graph Explorer enroll devices](./includes/wufb-deployment-enroll-device-graph-explorer.md)]
+[!INCLUDE [Graph Explorer enroll devices](../includes/windows-autopatch-enroll-device-graph-explorer.md)]
 
 ## List catalog entries for feature updates
 
@@ -99,7 +102,7 @@ When creating a deployment for a feature update, there are multiple options avai
 
 - Deployment [start date](/graph/api/resources/windowsupdates-schedulesettings) of February 14, 2023 at 5 AM UTC
 - [Gradual rollout](/graph/api/resources/windowsupdates-gradualrolloutsettings) at a rate of 100 devices every three days
-- [Monitoring rule](/graph/api/resources/windowsupdates-monitoringrule) that will pause the deployment if five devices rollback the feature update
+- [Monitoring rule](/graph/api/resources/windowsupdates-monitoringrule) that pauses the deployment if five devices rollback the feature update
 - Default [safeguard hold](/graph/api/resources/windowsupdates-safeguardprofile) behavior of applying all applicable safeguards to devices in a deployment
   - When safeguard holds aren't explicitly defined, the default safeguard hold behavior is applied automatically
 
@@ -138,7 +141,8 @@ content-type: application/json
 }
 ```
 
-The response body will contain:
+The response body contains:
+
 - The new **Deployment ID**, `de910e12-3456-7890-abcd-ef1234567890` in the example
 - The new **Audience ID**, `d39ad1ce-0123-4567-89ab-cdef01234567` in the example
 - Any settings defined in the deployment request body
@@ -228,7 +232,7 @@ GET https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e12-
 
 ## Add members to the deployment audience
 
-The **Audience ID**, `d39ad1ce-0123-4567-89ab-cdef01234567`, was created when the deployment was created. The **Audience ID** is used to add members to the deployment audience. After the deployment audience is updated, Windows Update starts offering the update to the devices according to the deployment settings. As long as the deployment exists and the device is in the audience, the update will be offered. 
+The **Audience ID**, `d39ad1ce-0123-4567-89ab-cdef01234567`, was created when the deployment was created. The **Audience ID** is used to add members to the deployment audience. After the deployment audience is updated, Windows Update starts offering the update to the devices according to the deployment settings. As long as the deployment exists and the device is in the audience, the update is offered. 
 
 The following example adds three devices to the deployment audience using the **Microsoft Entra ID** for each device:
 
@@ -282,7 +286,7 @@ content-type: application/json
 
 ## Delete a deployment
 
-To remove the deployment completely, DELETE the deployment. Deleting the deployment will prevent the content from being offered to devices if they haven't already received it. To resume offering the content, a new approval will need to be created.
+To remove the deployment completely, DELETE the deployment. Deleting the deployment prevents the content from being offered to devices if they haven't already received it. To resume offering the content, a new approval needs to be created.
 
 
 The following example deletes the deployment with a **Deployment ID** of `de910e12-3456-7890-abcd-ef1234567890`:
@@ -294,4 +298,4 @@ DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e
 ## Unenroll devices
 
 <!--Using include for removing device enrollment-->
-[!INCLUDE [Graph Explorer enroll devices](./includes/wufb-deployment-graph-unenroll.md)]
+[!INCLUDE [Graph Explorer unenroll devices](../includes/windows-autopatch-graph-unenroll.md)]
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-communications.md
similarity index 72%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-communications.md
index 2433c7acb7..02ddb0ce1e 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-communications.md
@@ -1,10 +1,10 @@
 ---
-title: Windows quality update communications for Autopatch groups
-description: This article explains Windows quality update communications for Autopatch groups
-ms.date: 07/25/2023
+title: Windows quality update communications
+description: This article explains Windows quality update communications
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -17,6 +17,8 @@ ms.collection:
 
 # Windows quality update communications
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 There are three categories of communication that are sent out during a Windows quality and feature update:
 
 - [Standard communications](#standard-communications)
@@ -35,7 +37,7 @@ Communications are posted to, as appropriate for the type of communication, to t
 
 | Communication | Location | Timing | Description |
 | ----- | ----- |  ----- | ----- |
-| Release schedule | <ul><li>Messages blade</li><li>Email sent to your specified [admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><ul> | At least seven days prior to the second Tuesday of the month| Notification of the planned release window for each ring. |
+| Release schedule | <ul><li>Messages blade</li><li>Email sent to your specified [admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><ul> | At least seven days before the second Tuesday of the month| Notification of the planned release window for each ring. |
 | Release start | Same as release schedule | The second Tuesday of every month. | Notification that the update is now being released into your environment. |
 | Release summary | Same as release schedule | The fourth Tuesday of every month. | Informs you of the percentage of eligible devices that were patched during the release. |
 
@@ -56,10 +58,10 @@ If you don't want to receive standard communications for Windows Updates release
 
 The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Autopatch becomes aware of the new information.
 
-There are some circumstances where Autopatch will need to change the release schedule based on new information.
+There are some circumstances where Autopatch needs to change the release schedule based on new information.
 
-For example, new threat intelligence may require us to expedite a release, or we may pause due to user experience concerns. If the schedule of a quality update is changed, paused, resumed, or expedited, we'll inform you as quickly as possible so that you can adapt to the new information.
+For example, new threat intelligence might require us to expedite a release, or we might pause due to user experience concerns. If the schedule of a quality update is changed, paused, resumed, or expedited, we inform you as quickly as possible so that you can adapt to the new information.
 
 ## Incident communications
 
-Despite the best intentions, every service should plan for failure and success. When there's an incident, timely and transparent communication is key to building and maintaining your trust. If insufficient numbers of devices have been updated to meet the service level objective, devices will experience an interruption to productivity, and an incident will be raised. Microsoft will update the status of the incident at least once every 24 hours.
+Despite the best intentions, every service should plan for failure and success. When there's an incident, timely and transparent communication is key to building and maintaining your trust. If insufficient numbers of devices are updated to meet the service level objective, devices experience an interruption to productivity, and an incident are raised. Microsoft updates the status of the incident at least once every 24 hours.
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md
new file mode 100644
index 0000000000..665fc298c0
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md
@@ -0,0 +1,74 @@
+---
+title: Windows quality update end user experience
+description: This article explains the Windows quality update end user experience
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Windows quality update end user experience
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+## User notifications
+
+In this section we review what an end user would see in the following three scenarios:
+
+1. Typical update experience
+2. Quality update deadline forces an update
+3. Quality update grace period
+
+> [!NOTE]
+> The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.
+
+### Typical update experience
+
+The Windows quality update is published and devices in the Broad ring have a deferral period of nine days. Devices wait nine days before downloading the latest quality update.
+
+In the following example, the user:
+
+| Day | Description |
+| --- | --- |
+| Day 0 | The Windows quality update is published. |
+| Day 7 | The deferral period expires.<p>Once the deferral period passes, the device downloads the update and notifies the end user that updates are ready to install.</p><p>The end user can either:<ul><li>Restart immediately to install the updates</li><li>Schedule the installation, or</li><li>Snooze the device attempts to install outside of active hours.</li></ul></p><p>In this example, the user schedules the restart and is notified 15 minutes before the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.</p> |
+| Day 10 | Windows quality update deadline. The end user must download the update and restart their device. |
+
+:::image type="content" source="../media/windows-quality-typical-update-experience.png" alt-text="Typical windows quality update experience" lightbox="../media/windows-quality-typical-update-experience.png":::
+
+### Quality update deadline forces an update
+
+In the following example, the user:
+
+| Day | Description |
+| --- | --- |
+| Day 0 | The Windows quality update is published. |
+| Day 7-9 | The deferral period expires.<p><ul><li>Ignores the notification and selects snooze.</li><li>Further notifications are received, which the user ignores.</li><li>The device is unable to install the updates outside of active hours.</li></ul></p> |
+| Day 10 | Windows quality update deadline.<p>The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device ignores the [active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart) and force a restart to complete the update installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.</p> |
+
+:::image type="content" source="../media/windows-quality-force-update.png" alt-text="Force Windows quality update" lightbox="../media/windows-quality-force-update.png":::
+
+### Quality update grace period
+
+In the following example, the user:
+
+| Day | Description |
+| --- | --- |
+| Day 0-13 | While the user is on holiday and the device is offline:<ul><li>The Windows quality update is published.</li><li>The deferral period expires.</li><li>The deadline expires.</li></ul> |
+| Day 14 |<ul><li>Grace period starts. Since the deadline passed, the device is granted a two-day grace period to install the update and restart.</li><li>The user returns to work and the device is turned back on.</li></ul> |
+| Day 15 | The user is notified of a pending installation and given the following options:<ul><li>Pick a time</li><li>Remind me later</li><li>Restart now</li></ul>|
+| Day 16 | Grace period expires.<p>Once the two-day grace period expired, the user is forced to restart with a 15-minute warning notification.</p> |
+
+:::image type="content" source="../media/windows-quality-update-grace-period.png" alt-text="Windows quality update grace period" lightbox="../media/windows-quality-update-grace-period.png":::
+
+## Minimize user disruption due to updates
+
+Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. By default, [Active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart) are configured dynamically based on device usage patterns. Device restarts occur outside of active hours until the deadline is reached.
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md
new file mode 100644
index 0000000000..942d898c05
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md
@@ -0,0 +1,102 @@
+---
+title: Windows quality updates overview
+description: This article explains how Windows quality updates are managed
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Windows quality updates
+
+You can manage Windows quality update profiles for Windows 10 and later devices. You can expedite a specific Windows quality update using targeted policies.
+
+For more information about how to expedite quality update for Windows 10 or later in Microsoft Intune, see [Use Intune to expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates).
+
+## Service level objective
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch aims to keep at least 95% of [Up to Date devices](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. Autopatch uses the previously defined release schedule on a per ring basis with a five-day reporting period to calculate and evaluate the service level objective (SLO). The result of the service level objective is the column "% with the latest quality update" displayed in the Windows updates blade and reporting.
+
+## Service level objective calculation
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+There are two states a device can be in when calculating the service level objective (SLO):
+
+- Devices that are active during the release
+- Devices that become active after the release
+
+The service level objective for each of these states is calculated as:
+
+| State | Calculation |
+| ----- | ----- |
+| Device that is active during release | This service level objective calculation assumes the device has typical activity during the scheduled release period. Calculated by:<p>`Deferral + Deadline + Reporting Period = service level objective`</p> |
+| Device that becomes active after release | This service level objective calculation refers to offline devices during the scheduled release period but come back online later. Calculated by:<p>`Grace Period + Reporting period = service level objective`</p> |
+
+| Timeframe | Value defined in |
+| ----- | ----- |
+| Deferral | Targeted deployment ring |
+| Deadline | Targeted deployment ring |
+| Grace period | Targeted deployment ring |
+| Reporting period | Five days. Value defined by Windows Autopatch. |
+
+> [!NOTE]
+> Targeted deployment ring refers to the deployment ring value of the device in question. If a device has a five day deferral with a two day deadline, and two day grace period, the SLO for the device would be calculated to `5 + 2 + 5 = 12`-day service level objective from the second Tuesday of the month. The five day reporting period is one established by Windows Autopatch to allow enough time for device check-in reporting and data evaluation within the service.
+
+> [!IMPORTANT]
+> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
+
+## Out of Band releases
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
+
+For the deployment rings that pass quality updates deferral date, the OOB release schedule is expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs are released as per the set deferral dates.
+
+## Pause and resume a release
+
+The service-level pause is driven by the various software update deployment-related signals Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.
+
+If Windows Autopatch detects a significant issue with a release, we might decide to pause that release.
+
+> [!IMPORTANT]
+> **Pausing or resuming an update can take up to eight hours to be applied to devices**. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
+
+**To pause and resume a release:**
+
+> [!IMPORTANT]
+> **You can only pause an Autopatch group if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** from the left navigation menu.
+1. Under the **Manage updates** section, select **Windows updates**.
+1. In the **Windows updates** blade, select the **Quality updates** tab.
+1. Select the Autopatch group or deployment ring that you want to pause or resume. Select either: **Pause** or **Resume**. Alternatively, you can select the **horizontal ellipses (...)** of the Autopatch group or deployment ring you want to pause or resume. Select, **Pause, or **Resume** from the dropdown menu.
+1. Optional. Enter the justification about why you're pausing or resuming the selected update.
+1. Optional. Select **This pause is related to Windows Update**. When you select this checkbox, you must provide information about how the pause is related to Windows Update.
+1. If you're resuming an update, you can select one or more Autopatch groups or deployment rings.
+1. Select **Pause or Resume deployment**.
+
+The following statuses are associated with paused quality updates:
+
+| Status | Description |
+| ----- | ------ |
+| Paused by Service | If the Windows Autopatch service paused an update, the release has the **Paused by Service** status. The **Paused by Service** status only applies to rings that aren't Paused by the Tenant. |
+| Paused by Tenant | If you paused an update, the release has the **Paused by Tenant** status. The Windows Autopatch service can't overwrite a tenant pause. You must select **Resume** to resume the update. |
+
+## Remediating Not ready and/or Not up to Date devices
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+To ensure your devices receive Windows quality updates, Windows Autopatch provides information on how you can [remediate Windows Autopatch device alerts](../monitor/windows-autopatch-device-alerts.md).
diff --git a/windows/deployment/update/deployment-service-expedited-updates.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md
similarity index 89%
rename from windows/deployment/update/deployment-service-expedited-updates.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md
index 8220c332c7..87af926fae 100644
--- a/windows/deployment/update/deployment-service-expedited-updates.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md
@@ -1,12 +1,12 @@
 ---
-title: Deploy expedited updates
-titleSuffix: Windows Update for Business deployment service
-description: Learn how to use Windows Update for Business deployment service to deploy expedited updates to devices in your organization. 
+title: Programmatic controls for expedited Windows quality updates
+titleSuffix: Windows Autopatch
+description: Use programmatic controls to deploy expedited Windows quality updates to devices in your organization. 
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.author: mstewart
-author: mestew
+ms.subservice: autopatch
+ms.topic: how-to
+ms.author: tiaraquan
+author: tiaraquan
 manager: aaroncz
 ms.collection:
   - tier1
@@ -14,10 +14,10 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 04/05/2024
+ms.date: 09/16/2024
 ---
 
-# Deploy expedited updates with Windows Update for Business deployment service
+# Programmatic controls for expedited Windows quality updates
 <!--7512398-->
 
 In this article, you will:
@@ -32,7 +32,8 @@ In this article, you will:
 
 ## Prerequisites
 
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met, including ensuring that the *Update Health Tools* is installed on the clients.
+All of the [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md) must be met, including ensuring that the *Update Health Tools* is installed on the clients.
+
 - The *Update Health Tools* are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device, use one of the following methods:
   - Run a [readiness test for expedited updates](#readiness-test-for-expediting-updates)
   - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
@@ -41,21 +42,21 @@ All of the [prerequisites for the Windows Update for Business deployment service
 ### Permissions
 
 <!--Using include for Graph Explorer permissions-->
-[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-graph-explorer-permissions.md)]
+[!INCLUDE [Windows Autopatch permissions using Graph Explorer](../includes/windows-autopatch-graph-explorer-permissions.md)]
 
 ## Open Graph Explorer
 
 <!--Using include for Graph Explorer sign in-->
-[!INCLUDE [Graph Explorer sign in](./includes/wufb-deployment-graph-explorer.md)]
+[!INCLUDE [Graph Explorer sign in](../includes/windows-autopatch-graph-explorer.md)]
 
 ## Run queries to identify devices
 
 <!--Using include for Graph Explorer device queries-->
-[!INCLUDE [Graph Explorer device queries](./includes/wufb-deployment-find-device-name-graph-explorer.md)]
+[!INCLUDE [Graph Explorer device queries](../includes/windows-autopatch-find-device-name-graph-explorer.md)]
 
 ## List catalog entries for expedited updates
 
-Each update is associated with a unique [catalog entry](/graph/api/resources/windowsupdates-catalogentry). You can query the catalog to find updates that can be expedited. The `id` returned is the **Catalog ID** and is used to create a deployment. The following query lists all security and nonsecurity<!--8891502--> quality updates that can be deployed as expedited updates by the deployment service. Using `$top=2` and ordering by `ReleaseDateTimeshows` displays the most recent updates that can be deployed as expedited.
+Each update is associated with a unique [catalog entry](/graph/api/resources/windowsupdates-catalogentry). You can query the catalog to find updates that can be expedited. The `id` returned is the **Catalog ID** and is used to create a deployment. The following query lists all security and nonsecurity<!--8891502--> quality updates that can be deployed as expedited updates by Windows Autopatch. Using `$top=2` and ordering by `ReleaseDateTimeshows` displays the most recent updates that can be deployed as expedited.
 
 ```msgraph-interactive
 GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=isof('microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry') and microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/isExpeditable eq true&$orderby=releaseDateTime desc&$top=2
@@ -98,7 +99,7 @@ The following truncated response displays a **Catalog ID** of  `e317aa8a0455ca60
 }
 ```
 
-The deployment service can display more information about updates that were released on or after January 2023. Using [product revision](/graph/api/resources/windowsupdates-productrevision) gives you additional information about the updates, such as the KB numbers, and the `MajorVersion.MinorVersion.BuildNumber.UpdateBuildRevision`. Windows 10 and 11 share the same major and minor versions, but have different build numbers. 
+Windows Autopatch can display more information about updates that were released on or after January 2023. Using [product revision](/graph/api/resources/windowsupdates-productrevision) gives you additional information about the updates, such as the KB numbers, and the `MajorVersion.MinorVersion.BuildNumber.UpdateBuildRevision`. Windows 10 and 11 share the same major and minor versions, but have different build numbers.
 <!--8092737-->
 Use the following to display the product revision information for the most recent quality update:
 
@@ -106,7 +107,6 @@ Use the following to display the product revision information for the most recen
 GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$expand=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions&$orderby=releaseDateTime desc&$top=1
 ```
 
-
 The following truncated response displays information about KB5029244 for Windows 10, version 22H2, and KB5029263 for Windows 11, version 22H2:
 
 ```json
@@ -296,7 +296,6 @@ To verify the devices were added to the audience, run the following query using
 
 To stop an expedited deployment, DELETE the deployment. Deleting the deployment will prevent the content from being offered to devices if they haven't already received it. To resume offering the content, a new approval will need to be created.
 
-
 The following example deletes the deployment with a **Deployment ID** of `de910e12-3456-7890-abcd-ef1234567890`:
 
 ```msgraph-interactive
@@ -305,7 +304,7 @@ DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e
 
 ## Readiness test for expediting updates
 <!--8705528-->
-You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies  it's an expedite readiness test, then add members to the deployment audience. The service will check to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results. 
+You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies  it's an expedite readiness test, then add members to the deployment audience. The service will check to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](/windows/deployment/update/wufb-reports-workbook#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results.
 
 ```msgraph-interactive
 POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
@@ -330,7 +329,7 @@ content-type: application/json
 }
 ```
 
-The truncated response displays that **isReadinessTest** is set to `true` and gives you a **DeploymentID** of `de910e12-3456-7890-abcd-ef1234567890`. You can then [add members to the deployment audience](#add-members-to-the-deployment-audience) to have the service check that the devices meet the preresquites then review the results in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab).
+The truncated response displays that **isReadinessTest** is set to `true` and gives you a **DeploymentID** of `de910e12-3456-7890-abcd-ef1234567890`. You can then [add members to the deployment audience](#add-members-to-the-deployment-audience) to have the service check that the devices meet the preresquites then review the results in the [Windows Update for Business reports workbook](/windows/deployment/update/wufb-reports-workbook#quality-updates-tab).
 
 ```json
         "expedite": {
@@ -347,4 +346,4 @@ The truncated response displays that **isReadinessTest** is set to `true` and gi
 ```
 
 <!--Using include for Update Health Tools log location-->
-[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-update-health-tools-logs.md)]
+[!INCLUDE [Windows Autopatch Update Health Tools](../includes/windows-autopatch-update-health-tools-logs.md)]
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-update-policies.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-update-policies.md
new file mode 100644
index 0000000000..38ee9e58cb
--- /dev/null
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-update-policies.md
@@ -0,0 +1,40 @@
+---
+title: Windows quality update policies
+description: This article explains Windows quality update policies in Windows Autopatch
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: concept-article
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: adnich
+ms.collection:
+  - tier2
+---
+
+# Windows quality update policies
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+## Conflicting and unsupported policies
+
+Deploying any of the following policies to a Windows Autopatch device makes that device ineligible for management since the device prevents us from delivering the service as designed.
+
+### Update policies
+
+Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices are excluded from management.
+
+| Allowed policy | Policy CSP | Description |
+| ----- | ----- | ----- |
+| [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | Update/ActiveHoursStart | This policy controls the end of the protected window where devices don't restart.<p><p>Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
+| [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | Update/ActiveHoursEnd | This policy controls the end of the protected window where devices don't restart.<p><p>Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
+| [Active hours max range](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange) | Update/ActiveHoursMaxRange | Allows the IT admin to specify the max active hours range.<p><p>This value sets the maximum number of active hours from the start time. Supported values are from eight through to 18. |
+
+### Group policy and other policy managers
+
+Group policy and other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
+
+- `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`
+- `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`
diff --git a/windows/deployment/update/media/7512398-deployment-enroll-asset-graph.png b/windows/deployment/windows-autopatch/media/7512398-deployment-enroll-asset-graph.png
similarity index 100%
rename from windows/deployment/update/media/7512398-deployment-enroll-asset-graph.png
rename to windows/deployment/windows-autopatch/media/7512398-deployment-enroll-asset-graph.png
diff --git a/windows/deployment/update/media/7512398-deployment-service-graph-modify-header.png b/windows/deployment/windows-autopatch/media/7512398-deployment-service-graph-modify-header.png
similarity index 100%
rename from windows/deployment/update/media/7512398-deployment-service-graph-modify-header.png
rename to windows/deployment/windows-autopatch/media/7512398-deployment-service-graph-modify-header.png
diff --git a/windows/deployment/update/media/7512398-deployment-service-overview.png b/windows/deployment/windows-autopatch/media/7512398-deployment-service-overview.png
similarity index 100%
rename from windows/deployment/update/media/7512398-deployment-service-overview.png
rename to windows/deployment/windows-autopatch/media/7512398-deployment-service-overview.png
diff --git a/windows/deployment/update/media/7512398-wufbds-graph-modify-permission.png b/windows/deployment/windows-autopatch/media/7512398-graph-modify-permission.png
similarity index 100%
rename from windows/deployment/update/media/7512398-wufbds-graph-modify-permission.png
rename to windows/deployment/windows-autopatch/media/7512398-graph-modify-permission.png
diff --git a/windows/deployment/windows-autopatch/media/release-process-timeline.png b/windows/deployment/windows-autopatch/media/release-process-timeline.png
deleted file mode 100644
index 693ad5ecf9..0000000000
Binary files a/windows/deployment/windows-autopatch/media/release-process-timeline.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-historical-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-historical-report.png
deleted file mode 100644
index 4a7cf97197..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-historical-report.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-report.png
deleted file mode 100644
index 31350b563f..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-report.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-overview.png b/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-overview.png
index 2098b9cd0c..bf4ba54006 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-overview.png and b/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-overview.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-workflow-diagram.png b/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-workflow-diagram.png
index d59d22d90c..18d4f8c542 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-workflow-diagram.png and b/windows/deployment/windows-autopatch/media/windows-autopatch-device-registration-workflow-diagram.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-eligible-devices-historical-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-eligible-devices-historical-report.png
deleted file mode 100644
index cb56852f3d..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-eligible-devices-historical-report.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-ineligible-devices-historical-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-ineligible-devices-historical-report.png
deleted file mode 100644
index 2aeacfd0d5..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-ineligible-devices-historical-report.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-licensing.svg b/windows/deployment/windows-autopatch/media/windows-autopatch-licensing.svg
new file mode 100644
index 0000000000..168e2f4fad
--- /dev/null
+++ b/windows/deployment/windows-autopatch/media/windows-autopatch-licensing.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048">
+  <path d="M441 1792q-63 0-120-25t-99-68-68-100-26-120V441q0-63 25-120t68-99 100-68 120-26h1038q63 0 120 25t99 68 68 100 26 120v368q-61-30-128-48V448q0-39-15-74t-41-61-62-42-74-15H448q-39 0-74 15t-61 41-42 62-15 74v1024q0 39 15 74t41 61 62 42 74 15h313q18 67 48 128H441zM576 640q-26 0-45-19t-19-45q0-26 19-45t45-19h768q26 0 45 19t19 45q0 26-19 45t-45 19H576zm0 384q-26 0-45-19t-19-45q0-26 19-45t45-19h438q-35 28-67 60t-59 68H576zm320 448q0-119 45-224t124-183 183-123 224-46q79 0 152 20t138 58 117 91 90 117 58 137 21 153q0 119-45 224t-124 183-183 123-224 46q-120 0-225-45t-183-123-123-183-45-225zm640 64h192q26 0 45-19t19-45q0-26-19-45t-45-19h-192v-192q0-26-19-45t-45-19q-26 0-45 19t-19 45v192h-192q-26 0-45 19t-19 45q0 26 19 45t45 19h192v192q0 26 19 45t45 19q26 0 45-19t19-45v-192z" />
+</svg>
\ No newline at end of file
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-summary-dashboard.png b/windows/deployment/windows-autopatch/media/windows-autopatch-summary-dashboard.png
deleted file mode 100644
index 82cb1b1fcd..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-autopatch-summary-dashboard.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-force-update.png b/windows/deployment/windows-autopatch/media/windows-feature-force-update.png
deleted file mode 100644
index 2f0dd5f089..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-force-update.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png b/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png
deleted file mode 100644
index a49f39ce2c..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png b/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png
deleted file mode 100644
index d0829576f6..0000000000
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png and /dev/null differ
diff --git a/windows/deployment/windows-autopatch/monitor/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-device-alerts.md
new file mode 100644
index 0000000000..aed2b1e644
--- /dev/null
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-device-alerts.md
@@ -0,0 +1,106 @@
+---
+title: Device alerts
+description: Provide notifications and information about the necessary steps to keep your devices up to date.
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Device alerts
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information helps you understand:
+
+- Microsoft and/or Windows Autopatch performs the actions to keep the device properly updated.
+- The actions you must perform so the device can properly be updated.
+
+> [!NOTE]
+> At any given point, one or both of these actions can be present in your tenant.
+
+## Windows Autopatch alerts
+
+Windows Autopatch alerts are alerts specific to the Windows Autopatch service. These alerts include:
+
+- [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md)
+- [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
+
+## Windows quality and feature update alerts
+
+These alerts represent data reported to the Windows Update service related to Windows quality and feature updates. These alerts can help identify actions that must be performed if an update doesn't apply as expected. Alerts are only provided by device that actively reports to the Windows Update service.
+
+## Customer and Microsoft Actions
+
+Windows Autopatch assigns alerts to either Microsoft Action or Customer Action. These assignments give a clear understanding of who has the responsibility to remediate the alert.
+
+| Assignment | Description |
+| ----- | ----- |
+| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. Windows Autopatch performs these actions automatically. |
+| Customer Action | Refers to your responsibility to carry out the appropriate actions to resolve the reported alert. |
+
+## Alert resolutions
+
+Alert resolutions are provided through the Windows Update service and provide the reason why an update didn't perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md).
+
+| Alert message | Description | Windows Autopatch recommendations |
+| ----- | ----- | ----- |
+| `CancelledByUser` | User canceled the update | The Windows Update service reported the update was canceled by the user.<p>It's recommended to work with the end user to allow updates to execute as scheduled.</p> |
+| `DamagedMedia` | The update file or hard drive is damaged | The Windows Update service indicated the update payload might be damaged or corrupt. <p>It's recommended to run `Chkdsk /F` on the device with administrator privileges, then retry the update. For more information, see [chkdsk](/windows-server/administration/windows-commands/chkdsk?tabs=event-viewer).</p> |
+| `DeploymentConflict` | Device is in more than one deployment of the same update type. Only the first deployment assigned is effective. | The Windows Update service reported a policy conflict.<p>For more information, see the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DeviceRegistrationInvalidAzureADDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Microsoft Entra Device ID. | The Windows Update service reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DeviceRegistrationInvalidGlobalDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Global Device ID. |The Windows Update service reported that the MSA Service might be disabled preventing Global Device ID assignment.<p>Check that the MSA Service is running or able to run on device.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DeviceRegistrationIssue` | The device isn't able to register or authenticate properly with Windows Update. | The Windows Update service reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DeviceRegistrationNoTrustType` | The device isn't able to register or authenticate properly with Windows Update because it can't establish Trust. | The Windows Update service reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](https://support.microsoft.com/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65).</p> |
+| `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service reported an issue with your update server. Validate that your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
+| `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service ([BITS](/windows/win32/bits/about-bits)) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadIssue` | There was an issue downloading the update. | The Windows Update service reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/windows/win32/bits/about-bits).<p>If it doesn't start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
+| `EndOfService` | The device is on a version of Windows that passed its end of service date. | Windows Update service reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
+| `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
+| `FailureResponseThreshold` | The failure response threshold setting was met for a deployment to which the device belongs. | The Windows Update service reported the client hit the Failure Response Threshold. Consider pausing the deployment and assess for issues. If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md). |
+| `FileNotFound` | The downloaded update files can't be found. The Disk Cleanup utility or a non-Microsoft software cleaning tool might remove the files during cleanup. | Windows Update reported that the update files couldn't be found, download the update again, and then retry the installation.<p>This can often occur with third-party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `Incompatible` | The system doesn't meet the minimum requirements to install the update. | The Windows Update service reported the update is incompatible with this device for more details please review the `ScanResult.xml` file in the `C:\WINDOWS\PANTHER folder for "Block Type=Hard`.<p>If this is occurring on a Windows Autopatch managed device, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `IncompatibleArchitecture` | This update is for a different CPU architecture. | The Windows Update service reported the update architecture doesn't match the destination architecture. Make sure the target operating system architecture matches the host operating system architecture.<p>This is **not** typical for Windows Update based environments.</p><p>If this is occurring on a Windows Autopatch managed device, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `IncompatibleServicingChannel` | Device is in a servicing channel that is incompatible with a deployment to which the device belongs. | The Windows Update service reported the servicing channel on the client isn't compatible with the targeted payload.<p>We recommend configuring the device's servicing channel to the [Semi-Annual Enterprise Channel](/windows-server/get-started/servicing-channels-comparison#semi-annual-channel).</p> |
+| `InstallAccessDenied` | Installer doesn't have permission to access or replace a file. The installer might try to replace a file that an antivirus, anti-malware, or a backup program is currently scanning. | The Windows Update service reported it couldn't access the necessary system locations. Ensure no other service has a lock or handle on the Windows Update client folders and retry the installation.<p>This can often occur with third-party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).</p> |
+| `InstalledCancelled` | The installation was canceled. | The Windows Update service reported the update was canceled by the user.<p>It's recommended to work with the end user to allow updates to execute as scheduled.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `InstallFileLocked` | Installer couldn't access a file that is already in use. The installer tried to replace a file that an antivirus, anti-malware, or backup program is currently scanning. | The Windows Update service reported it couldn't access the necessary system locations.<p>Check the files under the `%SystemDrive%\$Windows.~bt` directory and retry the installation.</p><p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `InstallIssue` | There was an issue installing the update. | The Windows Update service reported the update installation failed.<p>If the alert persists, run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows might be required.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p>|
+| `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might be redirected to another drive. | The Windows Update service reported that the Windows Update file location was redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service reported that another update replaced the one you're trying to install. Check the update, and then try reinstalling it. |
+| `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefiles. For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
+| `InstallSetupBlock` | There's an application or driver blocking the upgrade. | The Windows Update service detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
+| `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service reported an error during installation. Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `PolicyConflictPause` | Updates are paused on the device, preventing the update from installing. | The Windows Update service reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `PostRestartIssue` | Windows Update couldn't determine the results of installing the update. The error is false, and the update probably succeeded. | The Windows Update Service reported the update you're trying to install isn't available.<p>No action is required.</p><p>If the update is still available, retry the installation.</p> |
+| `RollbackInitiated` | A rollback was started on this device, indicating a catastrophic issue occurred during the Windows Setup install process. | The Windows Update service reported a failure with the update. Run the Setup Diagnostics Tool on the Device or review the HEX error in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md). **Don't** retry the installation until the impact is understood.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
+| `SafeguardHold` | Update can't install because of a known Safeguard Hold. | The Windows Update Service reported a [Safeguard Hold](/windows/deployment/update/update-compliance-feature-update-status#safeguard-holds) which applies to this device.<p>For more information about safeguards, see [Windows 10/11 release information for the affected versions](/windows/release-health/release-information).</p> |
+| `UnexpectedShutdown` | The installation was stopped because a Windows shutdown or restart was in progress. | The Windows Update service reported Windows was unexpectedly restarted during the update process.<p>No action is necessary the update should retry when windows is available.</p><p>If the alert persists, ensure the device remains on during Windows installation.</p> |
+| `VersionMismatch` | Device is on a version of Windows that wasn't intended by Windows Update. | The Windows Update service reported that the version of Windows wasn't intended.<p>Confirm whether the device is on the intended version.</p> |
+| `WindowsRepairRequired` | The current version of Windows needs to be repaired before it can be updated. | The Windows Update service indicated that the service is in need of repair. Run the Startup Repair Tool on this device.<p>For more information, see [Windows boot issues - troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool).</p> |
+| `WUBusy` | Windows Update can't do this task because it's busy. | The Windows Update service reported that Windows Update is busy. No action is needed. Restart Windows should and retry the installation. |
+| `WUComponentMissing` | Windows Update might be missing a component, or the update file might be damaged. | The Windows Update service reported key components for Windows Update are missing.<p>Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges. Repair these components. Then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows might be required.</p> |
+| `WUDamaged` | Windows Update or the update file might be damaged. | The Windows Update service reported key components for Windows Update are missing.<p>Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges. Repair these components. Then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows might be required.</p> |
+| `WUDecryptionIssue` | Windows Update couldn't decrypt the encrypted update file because it couldn't find the proper key. | The Windows Update service reported it couldn't decrypt the update payload.<p>This alert could be a network transit error and might resolve on its own. If the alert persists, validate any network Riverbeds, Application, or http proxies and retry.</p>|
+| `WUDiskError` | Windows Update encountered an error while reading or writing to the system drive. | The Windows Update service reported an alert reading or writing to the system disk. This alert is often a client issue with the target system. We recommend running the Windows Update Troubleshooter on the device. Retry the installation.<p>For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd).</p> |
+| `WUIssue` | Windows Update couldn't understand the metadata provided by the update service. This error usually indicates a problem with the update. | The Windows Update service reported an issue with the Update payload. This could be a transient alert.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+
+## Additional resources
+
+- [Troubleshoot problems updating Windows](https://support.microsoft.com/windows/troubleshoot-problems-updating-windows-188c2b0f-10a7-d72f-65b8-32d177eb136c)
+- [How to use the PC Health Check app](https://support.microsoft.com/windows/how-to-use-the-pc-health-check-app-9c8abd9b-03ba-4e67-81ef-36f37caa7844)
+- [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd)
diff --git a/windows/deployment/windows-autopatch/monitor/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-maintain-environment.md
new file mode 100644
index 0000000000..735d7a1414
--- /dev/null
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-maintain-environment.md
@@ -0,0 +1,72 @@
+---
+title: Maintain the Windows Autopatch environment
+description: This article details how to maintain the Windows Autopatch environment
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: smithcharles
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Maintain the Windows Autopatch environment
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+After you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), some management settings might need to be adjusted. If any of the following items apply to your environment, make the adjustments as described.
+
+> [!NOTE]
+> As your operations continue in the following months, if you make changes after enrollment to policies in Microsoft Intune, Microsoft Entra ID, or Microsoft 365 that affect Windows Autopatch, it's possible that Windows Autopatch could stop operating properly.
+
+## Windows Autopatch configurations
+
+Windows Autopatch deploys, manages, and maintains all configurations related to the operation of the service, as described in [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md). Don't make any changes to any of the Windows Autopatch configurations.
+
+## Windows Autopatch tenant management
+
+### Windows Autopatch tenant actions
+
+The Tenant management blade presents IT admins with any actions that are required to maintain Windows Autopatch service health. The **Tenant management** blade can be found by navigating to **Tenant administration** > **Windows Autopatch** > **Tenant management**.
+
+> [!IMPORTANT]
+> If you have any critical actions in your tenant, you must take action as soon as possible as the Windows Autopatch service might not be able to manage your tenant. When a critical action is active on your tenant, Windows Autopatch will consider your tenant as **[inactive](#inactive-status)**.
+
+The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed.
+
+### Tenant action severity types
+
+| Severity | Description |
+| ----- | ----- |
+| Critical | You must take action as soon as possible to avoid disruption to the Windows Autopatch service.<p>If no action is taken, Windows Autopatch might not be able to manage devices in your tenant, and the Windows Autopatch service might be marked as **inactive**.</p><p>To restore service health and return to an active status, all critical pending actions must be resolved.</p> |
+
+### Critical actions
+
+| Action type | Severity | Description |
+| ----- | ----- | ----- |
+| Maintain tenant access | Critical | Required licenses expired. The licenses include:<ul><li>Microsoft Intune</li><li>Microsoft Entra ID P1 or P2</li><li>Windows 10/11 Enterprise E3 or higher</li><ul><li>For more information about specific services plans, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li></ul><p>To take action on missing licenses, you can visit the Microsoft 365 admin center or contact your Microsoft account manager. Until you renew the required licenses to run the service, Windows Autopatch marks your tenant as **inactive**. For more information, see [Microsoft 365 - What happens after my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires)</p> |
+| Maintain tenant access | Critical | Address tenant access issues. Windows Autopatch currently can't manage your tenant. Until you take action, your tenant is marked as **inactive**, and you have only limited access to the Windows Autopatch portal.<p>Reasons for tenant access issues:<ul><li>You didn't migrate to the new [Windows Autopatch enterprise application](../references/windows-autopatch-changes-made-at-feature-activation.md#windows-autopatch-enterprise-applications). Windows Autopatch uses this enterprise application to run the service.</li><li>You blocked or removed the permissions required for the Windows Autopatch enterprise application.</li></ul><p>Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you.</p><p>For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access).</p> |
+
+### Inactive status
+
+> [!NOTE]
+> Only the Windows Autopatch sections of your tenant will be marked as **inactive**.
+
+When Windows Autopatch is **inactive**, you're alerted with banners on all Windows Autopatch blades. You only have access to the Tenant management and Support requests blades. All other blades return an error message and redirect you to Tenant management blade.
+
+To be taken out of the **inactive** status, you must [resolve any critical actions shown in the Tenant management blade](#critical-actions).
+
+> [!NOTE]
+> Once critical actions are resolved, it can take up to two hours for Windows Autopatch to return to an **active** state.
+
+#### Impact to your tenant
+
+| Impact area | Description |
+| ----- | ----- |
+| Management | Windows Autopatch isn't able to manage your tenant and perform non-interactive actions we use to run the service. Non-interactive actions include:<ul><li>Managing the Windows Autopatch service</li><li>Publishing the baseline configuration updates to your tenant's devices</li><li>Maintaining overall service health</li></ul><p>For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-made-at-feature-activation.md#windows-autopatch-enterprise-applications).</p>|
+| Device updates | Changes to Windows Autopatch policies aren't pushed to your devices. The existing configurations on these devices remain unchanged, and they continue receiving updates. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-policy-health-and-remediation.md
similarity index 57%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-policy-health-and-remediation.md
index 208f3ef552..d30db0518d 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-policy-health-and-remediation.md
@@ -1,9 +1,9 @@
 ---
-title: policy health and remediation
+title: Policy health and remediation
 description: Describes what Autopatch does it detects policies in the tenant are either missing or modified to states that affect the service
-ms.date: 07/25/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -13,17 +13,18 @@ ms.reviewer: rekhanr
 ms.collection:
   - highpri
   - tier1
-  - essentials-manage
 ---
 
 # Policy health and remediation
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 Windows Autopatch uses Microsoft Intune policies to set configurations and deliver the service. Windows Autopatch continuously monitors the policies and maintains all configurations related to the operation of the service.
 
 > [!IMPORTANT]
-> Don't change, edit, add to, or remove any of the Windows Autopatch policies or groups. Doing so can cause unintended configuration changes and impact the Windows Autopatch service. For more information about Windows Autopatch configurations, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
+> Don't change, edit, add to, or remove any of the Windows Autopatch policies or groups. Doing so can cause unintended configuration changes and impact the Windows Autopatch service. For more information about Windows Autopatch configurations, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
 
-When Windows Autopatch detects policies in the tenant are either missing or modified that affects the service, Windows Autopatch will raise alerts and detailed recommended actions to ensure healthy operation of the service.
+When Windows Autopatch detects policies in the tenant are either missing or modified that affects the service, Windows Autopatch raises alerts and detailed recommended actions to ensure healthy operation of the service.
 
 IT admins must respond to the service-generated alerts to ensure that Autopatch services can be delivered, and devices remain eligible for the service.
 
@@ -40,13 +41,16 @@ With this feature, IT admins can:
 
 ## Check policy health
 
-Alerts are raised when deployment rings don't have the required policies and the settings that impact devices within the ring. The remediation actions from the displayed alerts are intended to keep the deployment rings in a healthy state. Devices in each ring may continue to report different states, including errors and conflicts. This occurs due to multiple policies targeted at the same device or other conditions on the device. Policy conflicts and other device errors aren't addressed by these alerts.
+Alerts are raised when deployment rings don't have the required policies and the settings that impact devices within the ring. The remediation actions from the displayed alerts are intended to keep the deployment rings in a healthy state. Devices in each ring might continue to report different states, including errors and conflicts. This occurs due to multiple policies targeted at the same device or other conditions on the device. Policy conflicts and other device errors aren't addressed by these alerts.
 
 ## Built-in roles required for remediation actions
 
-The minimum role required to restore configurations is **Intune Service Administrator**. You can also perform these actions in the Global administrator role.
+The minimum role required to restore configurations is **Intune Service Administrator**.
 
-## Restore device configuration policy
+## Restore Data collection, Office and/or Edge configuration policies
+
+> [!IMPORTANT]
+> For these policies, Windows Autopatch doesn't store the last known policy value, Autopatch restores the base policy values.
 
 **To initiate remediation action for device configuration alerts:**
 
@@ -57,33 +61,32 @@ The minimum role required to restore configurations is **Intune Service Administ
 1. If the **Change modified policy alert** appears, select this alert to launch the workflow.
 1. Select **Submit changes** to restore to service required values.
 
-There will be an alert for each policy that is missing or has deviated from the service defined values.
+There's an alert for each policy that is missing or deviated from the service defined values.
 
-## Restore Windows Update policies
+## Restore missing Windows Update policies
 
-**To initiate remediation actions for Windows quality update policies:**
+> [!IMPORTANT]
+> For Quality and Feature update policies, Autopatch restores the last known value of policy. For Driver update policies, Autopatch restores the base policy.
+
+**To initiate remediation actions for Windows Update policies (Quality, Feature or Driver updates):**
+
+> [!NOTE]
+> By default, the service will auto-select all the policies.
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release schedule** > **Windows quality updates** > **Status**.
-1. Select **Policy Error** to launch the Policy error workflow.
-1. Review the message:
-    1. If this is a missing policy error, select **Restore policy** to complete the workflow.
-    2. If this is a modified policy, select **Submit changes** to restore to service required values.
+1. Navigate to **Tenant administration** > **Windows Autopatch** > **Autopatch groups** > **Policy health**.
+1. Select **Missing policy** to launch the Restore missing policy workflow.
+1. Review the message for the missing policy error. If more than once policy is present, select which policy you'd like to restore.
+1. Select **Restore policies** to complete the workflow.
 
-**To initiate remediation actions for Windows feature update policies:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release schedule** > **Windows feature updates** > **Status**.
-1. Select **Policy Error** to launch the Policy error workflow.
-1. Review the message.
-    1. If this is a missing policy error, select **Restore policy** to complete the workflow.
-    2. If this is a modified policy, select **Submit changes** to restore to service required values.
+> [!NOTE]
+> You can also select on the associated Windows Autopatch group name for any Autopatch group that has a **Missing Policy** under the **Policy health** column. Doing so will lead you to the details page of that specific Autopatch group. Under the **Windows update settings** section, you'll see a banner that states "*There are missing update settings in this Autopatch group. Take action to resolve"*. Selecting this banner will take you to the same experience as mentioned in [Restore missing Windows Update policies](#restore-missing-windows-update-policies).
 
 ## Restore deployment groups
 
-Windows Autopatch will automatically restore any missing groups that are required by the service. When a missing deployment group is restored, and the policies are also missing, the policies be restored to the deployment groups.
+Windows Autopatch automatically restores any missing groups that are required by the service. When a missing deployment group is restored, and the policies are also missing, the policies be restored to the deployment groups.
 
-If policies are misconfigured or unassigned, admins must restore them. In the Release management blade, the service will raise a Policy error workflow that you must complete to repair Windows Update policies. All other policies must be restored from the Tenant administration blade.
+If policies are misconfigured or unassigned, admins must restore them. In the Autopatch groups blade, the service raises a missing policy workflow that you must complete to repair Windows Update policies. All other policies must be restored from the Tenant administration blade.
 
 Due to the asynchronous run of service detectors, it might take up to four (4) hours for this error to be displayed.
 
@@ -97,6 +100,6 @@ You can review audit logs in Intune to review the activities completed on the te
 **To review audit logs in Intune:**
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Tenant administration** > **Audit logs**.
+1. Select **Tenant administration** > **Audit logs**.
 
 The entries with enterprise application name, Modern Workplace Management, are the actions requested by Windows Autopatch.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-reliability-report.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-reliability-report.md
similarity index 97%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-reliability-report.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-reliability-report.md
index e3a3f4b0c5..c483164956 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-reliability-report.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-reliability-report.md
@@ -3,10 +3,10 @@ title: Reliability report
 description: This article describes the reliability score for each Windows quality update cycle based on stop error codes detected on managed devices.
 ms.date: 04/09/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
-author: tiaraquan 
+author: tiaraquan
 ms.author: tiaraquan
 manager: aaroncz
 ms.reviewer: hathind
@@ -17,6 +17,8 @@ ms.collection:
 
 # Reliability report (public preview)
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 > [!IMPORTANT]
 > This feature is in **public preview**. It's being actively developed, and might not be complete.
 
@@ -117,4 +119,4 @@ The following information is available as default columns in the Reliability rep
 
 ## Known limitations
 
-The Reliability report supports tenant and service-level score data going back to September 2023. Data before that date isn't supported. A full 12 months of score data will be available to select from the menu dropdowns in September 2024.
+The Reliability report supports tenant and service-level score data going back to September 2023. Data before that date isn't supported. A full 12 months of score data are available to select from the menu dropdowns in September 2024.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-resolve-policy-conflicts.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-resolve-policy-conflicts.md
similarity index 59%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-resolve-policy-conflicts.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-resolve-policy-conflicts.md
index 3967e6a3f5..6b5547677d 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-resolve-policy-conflicts.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-resolve-policy-conflicts.md
@@ -1,12 +1,12 @@
 ---
 title: Resolve policy conflicts
 description: This article describes how to resolve Windows Autopatch policy conflicts.
-ms.date: 04/09/2024
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
-author: tiaraquan 
+author: tiaraquan
 ms.author: tiaraquan
 manager: aaroncz
 ms.reviewer: hathind
@@ -15,21 +15,20 @@ ms.collection:
   - tier1
 ---
 
-# Resolve policy conflicts (public preview)
+# Resolve policy conflicts
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch deploys Microsoft Intune policies to enrolled tenants, and continuously monitors the Microsoft Intune policies. Conflicts can happen when there are two policies in the tenant, and they update the same setting to different values. For Windows Autopatch to successfully deliver updates to registered devices, it's critical for the devices in the service to have the policy targeted and assigned successfully.
 
 > [!IMPORTANT]
-> This feature is in **public preview**. It's being actively developed, and might not be complete.
+> Don't change, edit, add to, or remove any of the Windows Autopatch policies or groups. Doing so can cause unintended configuration changes and impact the Windows Autopatch service. For more information about Windows Autopatch configurations, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
 
-Windows Autopatch deploys Microsoft Intune policies to enrolled tenants, and continuously monitors the Microsoft Intune policies. Conflicts occur when there are two policies in the tenant, and they update the same setting to different values. For Windows Autopatch to successfully deliver updates to registered devices, it’s critical for the devices in the service to have the policy targeted and assigned successfully.
-
-> [!IMPORTANT]
-> Don't change, edit, add to, or remove any of the Windows Autopatch policies or groups. Doing so can cause unintended configuration changes and impact the Windows Autopatch service. For more information about Windows Autopatch configurations, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
-
-When the Windows Autopatch service detects policies in the tenant that conflict with a setting in another Intune device policy, this conflict is displayed. It’s necessary to review the policies and their settings and manually resolve these conflicts.
+When the Windows Autopatch service detects policies in the tenant that conflict with a setting in another Intune device policy, this conflict is displayed. It's necessary to review the policies and their settings and manually resolve these conflicts.
 
 With this feature, IT admins can view:
 
-- List of all Autopatch policies that conflict with other device policies in the tenant
+- A list of all Autopatch policies that conflict with other device policies in the tenant
 - A summary view of conflicting policies, affected devices, and open alerts
 - A detailed view of affected devices
 - Alerts that include details of conflicting policies, the settings, and the Azure AD groups they're assigned to. Admins must take necessary action so the expected policy is successfully assigned to the device
@@ -38,25 +37,25 @@ With this feature, IT admins can view:
 
 Alerts are raised when devices report policy conflicts. Autopatch policies are assigned to Autopatch groups. Devices that are members of Autopatch groups are expected to receive only Windows Autopatch policies.
 
-Once you resolve the conflict, it takes effect on the device at the next Intune sync. This view is refreshed every 24 hours. It can take up to 72 hours after the conflict is resolved for the view to be updated.  
+Once you resolve the conflict, it can take effect on the device at the next Intune sync. This view is refreshed every 24 hours. It can take up to 72 hours after the conflict is resolved for the view to be updated.  
 
 > [!NOTE]
-> This view only includes policy conflicts between Microsoft Intune policies. This view doesn’t include policy issues caused by other configurations, for example, group policy settings, registry settings that are changed by scripts and prevent Windows Autopatch from deploying updates.<p>When Windows Autopatch detects Intune based policies are missing or modified, this information is displayed with detailed recommended actions, and described in [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md).</p><p>To ensure devices remain healthy and not affected by group policies, see [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md#details-about-the-post-device-registration-readiness-checks).</p>
+> This view only includes policy conflicts between Microsoft Intune policies. This view doesn't include policy issues caused by other configurations, for example, group policy settings, registry settings that are changed by scripts and prevent Windows Autopatch from deploying updates.<p>When Windows Autopatch detects Intune based policies are missing or modified, this information is displayed with detailed recommended actions, and described in [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md).</p><p>To ensure devices remain healthy and not affected by group policies, see [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md#details-about-the-post-device-registration-readiness-checks).</p>
 
 ## Policy conflict view
 
-This view includes the list of Windows Autopatch policies ([Expected policies](#policy-conflict-alert-details)) that are assigned to various Windows Autopatch groups that include devices. When the Expected policy can't be successfully assigned to one or more devices, because of an equivalent setting in another Intune policy targeting the device, the conflict is detected, and reported as a [Conflicting policy](#policy-conflict-alert-details).  
+This view includes the list of Windows Autopatch policies ([Expected policies](#policy-conflict-view-alert-details)) that are assigned to various Windows Autopatch groups that include devices. When the Expected policy can't be successfully assigned to one or more devices, because of an equivalent setting in another Intune policy targeting the device, the conflict is detected, and reported as a [Conflicting policy](#policy-conflict-view-alert-details).  
 
 If the Expected policy conflicts with multiple Intune policies, each conflict is displayed in different lines in the Policy conflict view.  
 
-**To view all policies conflicting with the expected policies:**
+**To view all policies conflicting with the Expected policies:**
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).  
-2. Navigate to **Devices** > **Windows Autopatch** > **Policy health**.
+2. Navigate to **Devices** > **Managed updates** > **Windows Updates** > **Monitor** > **Policy health**.
 3. In the **Policy conflicts** tab, the list of expected policies and conflicting policies is displayed.
 4. Select **View alert** and review the details of the **Recommended action** and alert details.
 
-### Policy conflict alert details
+### Policy conflict view alert details
 
 All alerts displayed in this flyout include the following details. You must review the details and take action to resolve the conflict.
 
@@ -71,9 +70,9 @@ All alerts displayed in this flyout include the following details. You must revi
 
 ## Affected devices view
 
-This view includes the list of devices with policy conflicts with the [Expected policy](#policy-conflict-alert-details). It’s possible for devices to have multiple conflicting policies, due to their membership in various groups.  
+This view includes the list of devices with policy conflicts with the [Expected policy](#policy-conflict-view-alert-details). It's possible for devices to have multiple conflicting policies, due to their membership in various groups.  
 
-You can navigate to this view from the Affected devices column link in the Policy conflicts view, or directly from Policy health blade. This page displays a filtered device list, when navigating from the Policy conflicts view. Affected devices only include devices that have a successful Intune sync status in the last 28 days.
+You can navigate to this view from the Affected devices column link in the [Policy conflicts view](#policy-conflict-view), or directly from Policy health blade. This page displays a filtered device list, when navigating from the Policy conflicts view. Affected devices only include devices that have a successful Intune sync status in the last 28 days.
 
 **To view the alert details and perform the recommended actions:**
 
@@ -81,9 +80,9 @@ You can navigate to this view from the Affected devices column link in the Polic
 2. Navigate to **Windows Autopatch** > **Policy health** > **Affected devices** tab.
 3. Select **View alert** to see the alert details.
 
-### Affected devices alert details
+### Affected devices view alert details
 
-In this flyout, when the device is reporting conflicts due to multiple policies, each policy is displayed as a separate section in this alert. Alerts occur when the device is a member of multiple groups, and each policy conflicts with the [Expected Windows Autopatch policy](#policy-conflict-view).
+In this flyout, when the device is reporting conflicts due to multiple policies, each policy is displayed, as a separate section in this alert. This occurs when the device is a member of multiple groups, and each policy conflicts with the [Expected Windows Autopatch policy](#policy-conflict-view).
 
 ## Options
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-status-report.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-status-report.md
similarity index 91%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-status-report.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-status-report.md
index 35f31b5ee8..4219401d76 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-status-report.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-status-report.md
@@ -1,9 +1,9 @@
 ---
 title: Feature update status report
 description: Provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
-ms.date: 07/25/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,7 +17,9 @@ ms.collection:
 
 # Feature update status report
 
-The Feature update status report provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch. 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+The Feature update status report provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
 
 **To view the Feature update status report:**
 
@@ -50,7 +52,7 @@ The following information is available as optional columns in the Feature update
 | ----- | ----- |
 | Microsoft Entra device ID | The current Microsoft Entra ID recorded device ID for the device |
 | Serial number | The current Intune recorded serial number for the device |
-| Intune last check in time | The last time the device checked in to Intune |
+| Intune last check-in time | The last time the device checked in to Intune |
 | Service State | The Service State provided from Windows Update |
 | Service Substate | The Service Substate provided from Windows Update |
 | Client State | The Client State provided from Windows Update |
@@ -73,8 +75,8 @@ The following options are available:
 
 | Option | Description |
 | ----- | ----- |
-| Search | Use to search by device name, Microsoft Entra device ID or serial number |
+| Search | Use to search by device name, Microsoft Entra device ID, or serial number |
 | Sort | Select the **column headings** to sort the report data in ascending and descending order. |
 | Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
-| Filter | Select either the **Add filters** or at the top of the report to filter the results. |
+| Filter | Select **Add filters** or use the filters at the top of the report to filter the results. |
 | Columns | Select a column to add or remove the column from the report. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-summary-dashboard.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-summary-dashboard.md
similarity index 95%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-summary-dashboard.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-summary-dashboard.md
index 38af149ad8..4e65d5e28b 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-summary-dashboard.md
@@ -1,9 +1,9 @@
 ---
 title: Windows feature update summary dashboard
 description: Provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
-ms.date: 01/22/2024
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,6 +17,8 @@ ms.collection:
 
 # Windows feature update summary dashboard
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 The Summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
 
 The first part of the Summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-trending-report.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-trending-report.md
similarity index 91%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-trending-report.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-trending-report.md
index 9e08f94fd5..7d7c71c4aa 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-trending-report.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-feature-update-trending-report.md
@@ -1,9 +1,9 @@
 ---
 title: Feature update trending report
 description: Provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days.
-ms.date: 07/25/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,6 +17,8 @@ ms.collection:
 
 # Feature update trending report
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 Windows Autopatch provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days.
 
 **To view the Feature update trending report:**
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-and-feature-update-reports-overview.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
similarity index 89%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
index 9d5cd07373..b2b2d8bf42 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
@@ -1,10 +1,10 @@
 ---
 title: Windows quality and feature update reports overview
 description: This article details the types of reports available and info about update device eligibility, device update health, device update trends in Windows Autopatch.
-ms.date: 04/09/2024 
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: overview
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -17,6 +17,8 @@ ms.collection:
 
 # Windows quality and feature update reports overview
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 ## Windows quality update reports
 
 The Windows quality reports provide you with information about:
@@ -53,7 +55,6 @@ The Windows feature update report types are organized into the following focus a
 
 Users with the following permissions can access the reports:
 
-- Global Administrator
 - Intune Service Administrator
 - Global Reader
 - Services Support Administrator
@@ -77,7 +78,7 @@ Each status has its own set of sub statuses to further describe the status.
 Up to date devices are devices that meet all of the following prerequisites:
 
 - [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
-- [Prerequisites for device registration](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration)
+- [Prerequisites for device registration](../deploy/windows-autopatch-device-registration-overview.md#prerequisites-for-device-registration)
 - [Windows quality and feature update device readiness](../deploy/windows-autopatch-post-reg-readiness-checks.md)
 - [Post-device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md)
 - Applied the current monthly cumulative updates
@@ -90,14 +91,14 @@ Up to date devices are devices that meet all of the following prerequisites:
 | Sub status | Description |
 | ----- | ----- |
 | In Progress | Devices are currently installing the latest [quality update](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-schedule) or [feature update](../operate/windows-autopatch-groups-windows-feature-update-overview.md#default-release) deployed through the Windows Autopatch release schedule. |
-| Paused | Devices that are currently paused due to a Windows Autopatch or customer-initiated Release management pause. For more information, see pausing and resuming a [Windows quality update](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) or [Windows feature update](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release). |
+| Paused | Devices that are currently paused due to a Windows Autopatch or customer-initiated pause. For more information, see pausing and resuming a [Windows quality update](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) or [Windows feature update](../operate/windows-autopatch-windows-feature-update-overview.md#pause-and-resume-a-release). |
 
 ### Not up to Date devices
 
 Not Up to Date means a device isn't up to date when the:
 
 - Quality or feature update is out of date, or the device is on the previous update.
-- The assigned update schedule has elapsed and the device still has not applied the current release.
+- The assigned update schedule elapsed and the device still didn't apply the current release.
 - Device has an [alert](../operate/windows-autopatch-device-alerts.md) resulting in an error and action must be taken.
 
 ### Not Ready devices
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-status-report.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-status-report.md
similarity index 90%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-status-report.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-status-report.md
index 2d99ee3d3a..bcd381e6d1 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-status-report.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-status-report.md
@@ -1,9 +1,9 @@
 ---
 title: Quality update status report
-description: Provides a per device view of the current update status for all Windows Autopatch enrolled devices with Autopatch groups.
-ms.date: 07/25/2023
+description: Provides a per device view of the current update status for all Windows Autopatch managed devices.
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,7 +17,9 @@ ms.collection:
 
 # Quality update status report
 
-The Quality update status report provides a per device view of the current update status for all Windows Autopatch enrolled devices.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+The Quality update status report provides a per device view of the current update status for all Windows Autopatch managed devices.
 
 **To view the Quality update status report:**
 
@@ -53,7 +55,7 @@ The following information is available as optional columns in the Quality update
 | ----- | ----- |
 | Microsoft Entra device ID | The current Microsoft Entra ID recorded device ID for the device |
 | Serial number | The current Intune recorded serial number for the device |
-| Intune last check in time | The last time the device checked in to Intune |
+| Intune last check-in time | The last time the device checked in to Intune |
 | Service State | The Service State provided from Windows Update |
 | Service Substate | The Service Substate provided from Windows Update |
 | Client State | The Client State provided from Windows Update |
@@ -75,8 +77,8 @@ The following options are available:
 
 | Option | Description |
 | ----- | ----- |
-| Search | Use to search by device name, Microsoft Entra device ID or serial number |
+| Search | Use to search by device name, Microsoft Entra device ID, or serial number |
 | Sort | Select the **column headings** to sort the report data in ascending and descending order. |
 | Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
-| Filter | Select either the **Add filters** or at the top of the report to filter the results. |
+| Filter | Select **Add filters** or use the filters at the top of the report to filter the results. |
 | Columns | Select a column to add or remove the column from the report. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-summary-dashboard.md
similarity index 92%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-summary-dashboard.md
index 64ed6a7a91..c145b09b4c 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-summary-dashboard.md
@@ -1,9 +1,9 @@
 ---
 title: Windows quality update summary dashboard
-description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch with Autopatch groups
-ms.date: 01/22/2024
+description: Provides a summary view of the current update status for all Windows Autopatch managed devices.
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,7 +17,9 @@ ms.collection:
 
 # Windows quality update summary dashboard
 
-The Summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+The Summary dashboard provides a summary view of the current update status for all Windows Autopatch managed devices.
 
 **To view the current update status for all your enrolled devices:**
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-trending-report.md b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-trending-report.md
similarity index 53%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-trending-report.md
rename to windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-trending-report.md
index ccfb4fd07a..6932c1db07 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-trending-report.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-update-trending-report.md
@@ -1,9 +1,9 @@
 ---
 title: Quality update trending report
-description: Provides a visual representation of the update status trend for all devices over the last 90 days with Autopatch groups.
-ms.date: 09/01/2023
+description: Provides a visual representation of the update status trend for all devices over the last 90 days.
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -17,14 +17,16 @@ ms.collection:
 
 # Quality update trending report
 
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
 The Quality update trending report provides a visual representation of the update status trend for all devices over the last 90 days.
 
 **To view the Quality update trending report:**
 
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
-1. Select the **Reports** tab.
-1. Select **Quality update trending**.
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
+1. Select the **Reports** tab.
+1. Select **Quality update trending**.
 
 > [!NOTE]
 > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
@@ -35,8 +37,8 @@ The following options are available:
 
 | Option | Description |
 | ----- | ----- |
-| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
+| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
 | By percentage | Select **by percentage** to show your trending graphs and indicators by percentage. |
 | By device count | Select **by device count** to show your trending graphs and indicators by numeric value. |
 
-For a description of the displayed device status trends, see [Windows quality update statuses](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-and-feature-update-statuses).
+For a description of the displayed device status trends, see [Windows quality update statuses](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-quality-and-feature-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
deleted file mode 100644
index b8373cff62..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Device alerts
-description: Provide notifications and information about the necessary steps to keep your devices up to date.
-ms.date: 08/01/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: adnich
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Device alerts
-
-Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information helps you understand:
-
-- Microsoft and/or Windows Autopatch performs the action(s) to keep the device properly updated.
-- The actions you must perform so the device can properly be updated.
-
-> [!NOTE]
-> At any given point, one or both of these actions can be present in your tenant.
-
-## Windows Autopatch alerts
-
-Windows Autopatch alerts are alerts specific to the Windows Autopatch service. These alerts include:
-
-- [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md)
-- [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
-
-## Windows quality and feature update alerts
-
-These alerts represent data reported to the Windows Update service related to Windows quality and feature updates. These alerts can help identify actions that must be performed if an update doesn't apply as expected. Alerts are only provided by device that actively reports to the Windows Update service.
-
-## Customer and Microsoft Actions
-
-Windows Autopatch assigns alerts to either Microsoft Action or Customer Action. These assignments give a clear understanding of who has the responsibility to remediate the alert.
-
-| Assignment | Description |
-| ----- | ----- |
-| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. Windows Autopatch performs these actions automatically. |
-| Customer Action | Refers to your responsibility to carry out the appropriate action(s) to resolve the reported alert. |
-
-## Alert resolutions
-
-Alert resolutions are provided through the Windows Update service and provide the reason why an update didn't perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md).
-
-| Alert message | Description | Windows Autopatch recommendation(s) |
-| ----- | ----- | ----- |
-| `CancelledByUser` | User canceled the update | The Windows Update service has reported the update was canceled by the user.<p>It's recommended to work with the end user to allow updates to execute as scheduled.</p> |
-| `DamagedMedia` | The update file or hard drive is damaged | The Windows Update service has indicated the update payload might be damaged or corrupt. <p>It's recommended to run `Chkdsk /F` on the device with administrator privileges, then retry the update. For more information, see [chkdsk](/windows-server/administration/windows-commands/chkdsk?tabs=event-viewer).</p> |
-| `DeploymentConflict` | Device is in more than one deployment of the same update type. Only the first deployment assigned is effective. | The Windows Update service has reported a policy conflict.<p>For more information, see the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DeviceRegistrationInvalidAzureADDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Microsoft Entra Device ID. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DeviceRegistrationInvalidGlobalDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Global Device ID. |The Windows Update service has reported that the MSA Service may be disabled preventing Global Device ID assignment.<p>Check that the MSA Service is running or able to run on device.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DeviceRegistrationIssue` | The device isn't able to register or authenticate properly with Windows Update. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DeviceRegistrationNoTrustType` | The device isn't able to register or authenticate properly with Windows Update because it can't establish Trust. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](https://support.microsoft.com/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65).</p> |
-| `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service has reported an issue with your update server. Validate your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
-| `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service has reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service ([BITS](/windows/win32/bits/about-bits)) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadIssue` | There was an issue downloading the update. | The Windows Update service has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/windows/win32/bits/about-bits).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service has reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
-| `EndOfService` | The device is on a version of Windows that has passed its end of service date. | Windows Update service has reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
-| `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
-| `FailureResponseThreshold` | The failure response threshold setting was met for a deployment to which the device belongs. | The Windows Update service has reported the client has hit the Failure Response Threshold. Consider pausing the deployment and assess for issues. If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md). |
-| `FileNotFound` | The downloaded update files can't be found. The Disk Cleanup utility or a non-Microsoft software cleaning tool might have removed the files during cleanup. | Windows Update has reported that the update files couldn't be found, download the update again, and then retry the installation.<p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `Incompatible` | The system doesn't meet the minimum requirements to install the update. | The Windows Update service has reported the update is incompatible with this device for more details please review the `ScanResult.xml` file in the `C:\WINDOWS\PANTHER folder for "Block Type=Hard`.<p>If this is occurring on a Windows Autopatch managed device, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `IncompatibleArchitecture` | This update is for a different CPU architecture. | The Windows Update service has reported the update architecture doesn't match the destination architecture, make sure the target operating system architecture matches the host operating system architecture.<p>This is **not** typical for Windows Update based environments.</p><p>If this is occurring on a Windows Autopatch managed device, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `IncompatibleServicingChannel` | Device is in a servicing channel that is incompatible with a deployment to which the device belongs. | The Windows Update service has reported the servicing channel on the client isn't compatible with the targeted payload.<p>We recommend configuring the device's servicing channel to the [Semi-Annual Enterprise Channel](/windows-server/get-started/servicing-channels-comparison#semi-annual-channel).</p> |
-| `InstallAccessDenied` | Installer doesn't have permission to access or replace a file. The installer might have tried to replace a file that an antivirus, anti-malware, or a backup program is currently scanning. | The Windows Update service has reported it couldn't access the necessary system locations, ensure no other service has a lock or handle on the windows update client folders and retry the installation.<p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).</p> |
-| `InstalledCancelled` | The installation was canceled. | The Windows Update service has reported the update was canceled by the user.<p>It's recommended to work with the end user to allow updates to execute as scheduled.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `InstallFileLocked` | Installer couldn't access a file that is already in use. The installer might have tried to replace a file that an antivirus, anti-malware, or backup program is currently scanning. | The Windows Update service has reported it couldn't access the necessary system locations.<p>Check the files under the `%SystemDrive%\$Windows.~bt` directory and retry the installation.</p><p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `InstallIssue` | There was an issue installing the update. | The Windows Update service has reported the update installation has failed.<p>If the alert persists, run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p>|
-| `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. |
-| `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
-| `InstallSetupBlock` | There's an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
-| `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `PolicyConflictPause` | Updates are paused on the device, preventing the update from installing. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `PostRestartIssue` | Windows Update couldn't determine the results of installing the update. The error is usually false, and the update probably succeeded. | The Windows Update Service has reported the update you're trying to install isn't available.<p>No action is required.</p><p>If the update is still available, retry the installation.</p> |
-| `RollbackInitiated` | A rollback was started on this device, indicating a catastrophic issue occurred during the Windows Setup install process. | The Windows Update service has reported a failure with the update. Run the Setup Diagnostics Tool on the Device or review the HEX error in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md). **Don't** retry the installation until the impact is understood.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
-| `SafeguardHold` | Update can't install because of a known Safeguard Hold. | The Windows Update Service has reported a [Safeguard Hold](/windows/deployment/update/update-compliance-feature-update-status#safeguard-holds) which applies to this device.<p>For more information about safeguards, see [Windows 10/11 release information for the affected version(s)](/windows/release-health/release-information).</p> |
-| `UnexpectedShutdown` | The installation was stopped because a Windows shutdown or restart was in progress. | The Windows Update service has reported Windows was unexpectedly restarted during the update process.<p>No action is necessary the update should retry when windows is available.</p><p>If the alert persists, ensure the device remains on during Windows installation.</p> |
-| `VersionMismatch` | Device is on a version of Windows that wasn't intended by Windows Update. | The Windows Update service has reported that the version of Windows wasn't intended.<p>Confirm whether the device is on the intended version.</p> |
-| `WindowsRepairRequired` | The current version of Windows needs to be repaired before it can be updated. | The Windows Update service has indicated that the service is in need of repair. Run the Startup Repair Tool on this device.<p>For more information, see [Windows boot issues - troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool).</p> |
-| `WUBusy` | Windows Update can't do this task because it's busy. | The Windows Update service has reported that Windows Update is busy. No action is needed. Restart Windows should and retry the installation. |
-| `WUComponentMissing` | Windows Update might be missing a component, or the update file might be damaged. | The Windows Update service has reported key components for windows update are missing.<p>Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, to repair these components. Then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.</p> |
-| `WUDamaged` | Windows Update or the update file might be damaged. | The Windows Update service has reported key components for windows update are missing.<p>Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges to repair these components. Then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.</p> |
-| `WUDecryptionIssue` | Windows Update couldn't decrypt the encrypted update file because it couldn't find the proper key. | The Windows Update service has reported it couldn't decrypt the update payload.<p>This alert could be a network transit error and may be resolved on its own. If the alert persists, validate any network Riverbeds, Application or http proxies and retry.</p>|
-| `WUDiskError` | Windows Update encountered an error while reading or writing to the system drive. | The Windows Update service has reported an alert reading or writing to the system disk. This alert is often a client issue with the target system. We recommend running the Windows Update Troubleshooter on the device. Retry the installation.<p>For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd).</p> |
-| `WUIssue` | Windows Update couldn't understand the metadata provided by the update service. This error usually indicates a problem with the update. | The Windows Update service has reported an issue with the Update payload. This could be a transient alert.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-
-## Additional resources
-
-- [Troubleshoot problems updating Windows](https://support.microsoft.com/windows/troubleshoot-problems-updating-windows-188c2b0f-10a7-d72f-65b8-32d177eb136c)
-- [How to use the PC Health Check app](https://support.microsoft.com/windows/how-to-use-the-pc-health-check-app-9c8abd9b-03ba-4e67-81ef-36f37caa7844)
-- [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd)
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
deleted file mode 100644
index 66650fb27b..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Microsoft Edge
-description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
-ms.date: 09/15/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Microsoft Edge
-
-Windows Autopatch uses the [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel) of Microsoft Edge.
-
-## Device eligibility
-
-For a device to be eligible for Microsoft Edge updates as a part of Windows Autopatch, they must meet the following criteria:
-
-- The device must be powered on and have an internet connection.
-- There are no policy conflicts between Windows Autopatch policies and customer policies.
-- The device must be able to access the required network endpoints to reach the Microsoft Edge update service.
-- If Microsoft Edge is open, it must restart for the update process to complete.
-
-## Update release schedule
-
-Microsoft Edge will check for updates every 10 hours. Quality updates occur weekly by default. Feature updates occur automatically every four weeks and are rolled out [progressively](/deployedge/microsoft-edge-update-progressive-rollout) by the Microsoft Edge product group to ensure the best experience for customers. All users will see the update within a few days of the initial release.
-
-Browser updates with critical security fixes will have a faster rollout cadence than updates that don't have critical security fixes to ensure prompt protection from vulnerabilities.
-
-Devices in the Test device group receive feature updates from the [Beta Channel](/deployedge/microsoft-edge-channels#beta-channel). This channel is fully supported and automatically updated with new features approximately every four weeks.
-
-## Pausing and resuming updates
-
-Currently, Windows Autopatch can't pause or resume Microsoft Edge updates.
-
-## Incidents and outages
-
-If you're experiencing issues related to Microsoft Edge updates, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md
deleted file mode 100644
index b6e42c0987..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Software update management for Autopatch groups
-description: This article provides an overview of how updates are handled with Autopatch groups
-ms.date: 07/25/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: overview
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: andredm7
-ms.collection:
-  - highpri
-  - tier1
-  - essentials-manage
----
-
-# Software update management
-
-Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf.
-
-## Software update workloads
-
-| Software update workload | Description |
-| ----- | ----- |
-| Windows quality update | Windows Autopatch uses four deployment rings to manage [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) |
-| Windows feature update | Windows Autopatch uses four deployment rings to manage [Windows feature updates](windows-autopatch-groups-windows-feature-update-overview.md) |
-| Anti-virus definition | Updated with each scan. |
-| Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). |
-| Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). |
-| Microsoft Teams | For more information, see [Microsoft Teams](../operate/windows-autopatch-teams.md). |
-
-## Autopatch groups
-
-Autopatch groups help Microsoft Cloud-Managed services meet all organizations where they are at in their update management journey.
-
-Autopatch groups is a logical container that groups several [Microsoft Entra groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as Windows Update rings and feature update policies, together.
-
-For more information on key benefits and how to use Autopatch groups, see [Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md).
-
-## Windows quality updates
-
-Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
-
-To release updates to devices in a gradual manner, Windows Autopatch deploys a set of mobile device management (MDM) policies to each update deployment ring to control the rollout. For more information, see [Windows quality updates overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md).
-
-## Windows feature updates
-
-You're in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version.
-
-The Window feature update release management experience makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
-
-For more information, see [Windows feature updates overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).
-
-## Reports
-
-Using [Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md), you can monitor and remediate Windows Autopatch managed devices that are Not up to Date and resolve any device alerts to bring Windows Autopatch managed devices back into compliance.
-
-## Policy health and remediation
-
-Windows Autopatch deploys Intune policies for Windows quality and feature update management. Windows Update policies must remain healthy for devices to receive Windows updates and stay up to date. We continuously monitor the health of the policies and raise alerts and provide remediation actions. For more information, see [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) and [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
deleted file mode 100644
index 0b6c9d7421..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: Maintain the Windows Autopatch environment
-description: This article details how to maintain the Windows Autopatch environment
-ms.date: 09/15/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: smithcharles
-ms.collection:
-  - highpri
-  - tier1
-  - essentials-manage
----
-
-# Maintain the Windows Autopatch environment
-
-After you've completed enrollment in Windows Autopatch, some management settings might need to be adjusted. Use the following steps:
-
-1. Review the [Microsoft Intune settings](#microsoft-intune-settings) described in the following section.
-1. If any of the items apply to your environment, make the adjustments as described.
-
-> [!NOTE]
-> As your operations continue in the following months, if you make changes after enrollment to policies in Microsoft Intune, Microsoft Entra ID, or Microsoft 365 that affect Windows Autopatch, it's possible that Windows Autopatch could stop operating properly. To avoid problems with the service, check the specific settings described in [Fix issues found by the readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) before you change the policies listed there.
-
-## Microsoft Intune settings
-
-| Setting | Description |
-| ----- | ----- |
-| Deployment rings for Windows 10 or later | For any deployment rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Microsoft Entra group from each policy. For more information, see [Create and assign deployment rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).<p>Windows Autopatch creates some update ring policies. These policies have "**Modern Workplace**" in the name. For example:</p><ul><li>Modern Workplace Update Policy [Broad]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Fast]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [First]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Test]-[Windows Autopatch]</li></ul><p>When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Microsoft Entra group from the policies that Windows Autopatch created.</p><p>**To resolve the Not ready result:**</p><p>After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Microsoft Entra group. For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p><p>**To resolve the Advisory result:**</p><ol><li>Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Microsoft Entra group.</li> <li>If you have assigned Microsoft Entra user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Microsoft Entra group that you add your Windows Autopatch users to (or an equivalent group).</li></ol><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p> |
-
-## Windows Autopatch configurations
-
-Windows Autopatch deploys, manages and maintains all configurations related to the operation of the service, as described in [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). Don't make any changes to any of the Windows Autopatch configurations.
-
-## Windows Autopatch tenant management
-
-### Windows Autopatch tenant actions
-
-The Tenant management blade presents IT admins with any actions that are required to maintain Windows Autopatch service health. The **Tenant management** blade can be found by navigating to **Tenant administration** > **Windows Autopatch** > **Tenant management**.
-
-> [!IMPORTANT]
-> If you have any critical actions in your tenant, you must take action as soon as possible as the Windows Autopatch service might not be able to manage your tenant. When a critical action is active on your tenant, Windows Autopatch will consider your tenant as **[inactive](#inactive-status)**.
-
-The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed.
-
-### Tenant action severity types
-
-| Severity | Description |
-| ----- | ----- |
-| Critical | You must take action as soon as possible to avoid disruption to the Windows Autopatch service.<p>If no action is taken, Windows Autopatch might not be able to manage devices in your tenant, and the Windows Autopatch service may be marked as **inactive**.</p><p>To restore service health and return to an active status, all critical pending actions must be resolved.</p> |
-
-### Critical actions
-
-| Action type | Severity | Description |
-| ----- | ----- | ----- |
-| Maintain tenant access | Critical | Required licenses have expired. The licenses include:<ul><li>Microsoft Intune</li><li>Microsoft Entra ID P1 or P2</li><li>Windows 10/11 Enterprise E3 or higher</li><ul><li>For more information about specific services plans, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li></ul><p>To take action on missing licenses, you can visit the Microsoft 365 admin center or contact your Microsoft account manager. Until you have renewed the required licenses to run the service, Windows Autopatch marks your tenant as **inactive**. For more information, see [Microsoft 365 - What happens after my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires)</p> |
-| Maintain tenant access | Critical | Address tenant access issues. Windows Autopatch currently can't manage your tenant. Until you take action, your tenant is marked as **inactive**, and you have only limited access to the Windows Autopatch portal.<p>Reasons for tenant access issues:<ul><li>You haven't yet migrated to the new [Windows Autopatch enterprise application](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). Windows Autopatch uses this enterprise application to run the service.</li><li>You have blocked or removed the permissions required for the Windows Autopatch enterprise application.</li></ul><p>Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you.</p><p>For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access).</p> |
-
-### Inactive status
-
-> [!NOTE]
-> Only the Windows Autopatch sections of your tenant will be marked as **inactive**.
-
-When Windows Autopatch is **inactive**, you're alerted with banners on all Windows Autopatch blades. You only have access to the Tenant management and Support requests blades. All other blades return an error message and redirect you to Tenant management blade.
-
-To be taken out of the **inactive** status, you must [resolve any critical actions shown in the Tenant management blade](#critical-actions).
-
-> [!NOTE]
-> Once critical actions are resolved, it can take up to two hours for Windows Autopatch to return to an **active** state.
-
-#### Impact to your tenant
-
-| Impact area | Description |
-| ----- | ----- |
-| Management | Windows Autopatch isn't able to manage your tenant and perform non-interactive actions we use to run the service. Non-interactive actions include:<ul><li>Managing the Windows Autopatch service</li><li>Publishing the baseline configuration updates to your tenant's devices</li><li>Maintaining overall service health</li></ul><p>For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications).</p>|
-| Device updates | Changes to Windows Autopatch policies aren't pushed to your devices. The existing configurations on these devices remain unchanged, and they continue receiving updates. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md
deleted file mode 100644
index 9c38e97260..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Manage driver and firmware updates
-description: This article explains how you can manage driver and firmware updates with Windows Autopatch
-ms.date: 08/22/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: andredm7
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Manage driver and firmware updates
-
-You can manage and control your driver and firmware updates with Windows Autopatch. You can choose to receive driver and firmware updates automatically, or self-manage the deployment.
-
-> [!TIP]
-> Windows Autopatch's driver and firmware update management is based on [Intune's driver and firmware update management](/mem/intune/protect/windows-driver-updates-overview). You can use **both** Intune and Windows Autopatch to manage your driver and firmware updates.
-
-## Automatic and Self-managed modes
-
-Switching the toggle between Automatic and Self-managed modes creates driver profiles on a per-ring basis within your tenant.
-
-| Modes | Description |
-| ----- | -----|
-| Automatic | We recommend using **Automatic** mode.<p>Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues have occurred due to Windows Updates. Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout.</p> |
-| Self-managed | When you use **Self-managed** mode, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.<p>Self-managed mode turns off Windows Autopatch's automatic driver deployment. Instead, the Administrator controls the driver deployment.<p>The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.</p><p>The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.</p> |
-
-## Set driver and firmware updates to Automatic or Self-managed mode
-
-**To set driver and firmware updates to Automatic or Self-managed mode:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release settings**.
-1. In the **Windows Driver Updates** section, read and accept the agreement.
-1. Select either **Automatic** or **Self-managed**.
-
-## View driver and firmware policies created by Windows Autopatch
-
-**To view driver and firmware policies created by Windows Autopatch:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Devices** > **Driver updates for Windows 10 and later**.
-1. Windows Autopatch creates four policies. The policy names begin with **Windows Autopatch - Driver Update Policy** and end with the name of the deployment ring to which they're targeted in brackets. For example, **Windows Autopatch - Driver Update Policy [Test]**.
-
-The `CreateDriverUpdatePolicy` is created for the Test, First, Fast, and Broad deployment rings. The policy settings are defined in the following table:
-
-| Policy name | DisplayName | Description | Approval Type | DeploymentDeferralInDays |
-| ----- | ----- | ----- | ----- | ----- |
-| `CreateDriverUpdatePolicy` | Windows Autopatch - Driver Update Policy [**Test**] | Driver Update Policy for device **Test** group | Automatic | `0` |
-| `CreateDriverUpdatePolicy`| Windows Autopatch - Driver Update Policy [**First**] | Driver Update Policy for device **First** group | Automatic | `1` |
-| `CreateDriverUpdatePolicy` |Windows Autopatch - Driver Update Policy [**Fast**] | Driver Update Policy for device **Fast** group | Automatic | `6` |
-| `CreateDriverUpdatePolicy` | Windows Autopatch - Driver Update Policy [**Broad**] | Driver Update Policy for device **Broad** group | Automatic | `9` |
-
-## Feedback and support
-
-If you need support with this feature, and have enrolled your tenant into Windows Autopatch, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-windows-feature-update-releases.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-windows-feature-update-releases.md
deleted file mode 100644
index 159e11b310..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-windows-feature-update-releases.md
+++ /dev/null
@@ -1,218 +0,0 @@
----
-title: Manage Windows feature update releases
-description: This article explains how you can manage Windows feature updates with Autopatch groups
-ms.date: 07/25/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: andredm7
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Manage Windows feature update releases
-
-You can create custom releases for Windows feature update deployments in Windows Autopatch.
-
-## Before you begin
-
-Before you start managing custom Windows feature update releases, consider the following:
-
-- If you're planning on using either the [Default or Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#key-concepts) ensure:
-    - The Default Autopatch group has all deployment rings and deployment cadences you need.
-    - You have created all your Custom Autopatch groups prior to creating custom releases.
-- Review [Windows feature update prerequisites](/mem/intune/protect/windows-10-feature-updates#prerequisites).
-- Review the [Windows feature updates policy limitations](/mem/intune/protect/windows-10-feature-updates#limitations-for-feature-updates-for-windows-10-and-later-policy).
-
-## About the auto-populate automation for release phases
-
-By default, the deployment rings of each Autopatch group will be sequentially assigned to a phase. For example, the first deployment ring of each Autopatch group is assigned to Phase 1, and the second deployment ring of each Autopatch group is assigned to Phase 2, etc.
-
-The following table explains the auto-populating assignment of your deployments rights if you have two Autopatch groups. One Autopatch group is named Finance and the other is named Marketing; each Autopatch group has four (Finance) and five (Marketing) deployment rings respectively.
-
-| Phases | Finance | Marketing
-| ----- | ----- | ----- |
-| Phase 1 | Test | Test |
-| Phase 2 | Ring1 | Ring1 |
-| Phase 3 | Ring2 | Ring2 |
-| Phase 4 | Last | Ring3 |
-
-If the Autopatch groups are edited after a release is created (Active status), the changes to the Autopatch group won't be reflected unless you create a new custom release.
-
-If you wish to change the auto-populating assignment of your deployment rings to release phases, you can do so by adding, removing, or editing the auto-populated phases.
-
-### More information about the completion date of a phase
-
-The goal completion date of a phase is calculated using the following formula:
-
-`<First Deployment Date> + (<Number of gradual rollout groups> - 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days).`
-
-This formula is only applicable for **Deadline-driven** not for Scheduled-driven deployment cadences. For more information, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md).
-
-> [!IMPORTANT]
-> By default, both the **Deadline for feature updates** and the **Grace period** values are set by Windows Autopatch in every [Update rings for Windows 10 and later policy](/mem/intune/protect/windows-10-update-rings) created by Autopatch groups.
-
-### How to use the Windows feature update blade
-
-Use the Windows feature update blade to check in the overall status of the [default release](../operate/windows-autopatch-groups-windows-feature-update-overview.md#default-release) and the custom ones you create.
-
-**To access the Windows feature update blade:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release management** blade, under the **Release schedule** tab, select **Windows feature updates**.
-1. In the **Windows feature updates** blade, you can see all the information about the releases. The columns are described in the following table:
-
-| Status | Description |
-| ----- | ----- |
-| Release name | Name of the release |
-| Version to deploy | Version to deploy for the applicable release or phase |
-| Status | Status of the applicable release or phase:<ul><li>Scheduled</li><li>Active</li><li>Inactive</li><li>Paused</li><li>Canceled</li></ul> |
-| First deployment |<ul><li>The date the deployment for the applicable release or phase will begin.</li><li>Feature update policy for Windows 10 and later is created 24 hours prior to the first deployment date. The service automation runs twice a day at 4:00AM and 4:00PM (UTC).</li><li>Not all devices within a phase will be offered the feature update on the same date when using gradual rollout.</li></ul> |
-| Goal completion date | The date the devices within the release or phases are expected to finish updating. The completion date is calculated using the following formula:<p>`<First deployment date> + (<Number of gradual rollout groups> - 1) * Days in between groups (7) + Deadline for feature updates (5) + Grace Period (2)`</p> |
-
-#### About release and phase statuses
-
-##### Release statuses
-
-A release is made of one or more phases. The release status is based on the calculation and consolidation of each phase status.
-
-The release statuses are described in the following table:
-
-| Release status | Definition | Options |
-| ----- | ----- | ----- |
-| Scheduled | Release is scheduled and not all phases have yet created its Windows feature update policies |<ul><li>Releases with the **Scheduled status** can't be canceled but can have its deployment cadence edited as not all phases have yet created its Windows feature update policies.</li><li>Autopatch groups and its deployment rings that belong to a **Scheduled** release can't be assigned to another release.</li></ul> |
-| Active | All phases in the release are active. This means all phases have reached their first deployment date, which created the Windows feature update policies. |<ul><li>Release can be paused but can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Autopatch groups and their deployment rings can be assigned to another release.</li></ul> |
-| Inactive | All the Autopatch groups within the release have been assigned to a new release. As a result, the Windows feature update policies were unassigned from all phases from within the release. |<ul><li>Release can be viewed as a historical record.</li><li>Releases can't be deleted, edited, or canceled.</li></ul> |
-| Paused | All phases in the release are paused. The release will remain paused until you resume it. | <ul><li>Releases with Paused status can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Release can be resumed.</li></ul> |
-| Canceled | All phases in the release are canceled. | <ul><li>Releases with Canceled status can't be edited or canceled since the Windows feature update policy wasn't created for its phases.</li><li>Canceled release can't be deleted.</li></ul> |
-
-##### Phase statuses
-
-A phase is made of one or more Autopatch group deployment rings. Each phase reports its status to its release.
-
-> [!IMPORTANT]
-> The determining factor that makes a phase status transition from **Scheduled** to **Active** is when the service automatically creates the Windows feature update policy for each Autopatch group deployment ring. Additionally, the phase status transition from **Active** to **Inactive** occurs when Windows feature update policies are unassigned from the Autopatch groups that belong to a phase. This can happen when an Autopatch group and its deployment rings are re-used as part of a new release.
-
-| Phase status | Definition |
-| ----- | ----- |
-| Scheduled | The phase is scheduled but hasn't reached its first deployment date yet. The Windows feature update policy hasn't been created for the respective phase yet. |
-| Active | The first deployment date has been reached. The Windows feature update policy has been created for the respective phase. |
-| Inactive | All Autopatch groups within the phase were re-assigned to a new release. All Windows feature update policies were unassigned from the Autopatch groups. |
-| Paused | Phase is paused. You must resume the phase. |
-| Canceled | Phase is canceled. All Autopatch groups within the phase can be used with a new release. A phase that's canceled can't be deleted. |
-
-#### Details about Windows feature update policies
-
-Windows Autopatch creates one Windows feature update policy per phase using the following naming convention:
-
-`Windows Autopatch - DSS policy - <Release Name> - Phase <Phase Number>`
-
-These policies can be viewed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-The following table is an example of the Windows feature update policies that were created for phases within a release:
-
-| Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy - My feature update release - Phase 1  | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release - Phase 2  | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release - Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release - Phase 4  | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release - Phase 5  | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 |
-
-## Create a custom release
-
-**To create a custom release:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release management** blade, select **Release schedule**, then **Windows feature updates**.
-1. In the **Windows feature updates** blade, select **New release**.
-1. In the **Basics** page:
-    1. Enter a **Name** for the custom release.
-    2. Select the **Version** to deploy.
-    3. Enter a **Description** for the custom release.
-    4. Select **Next**.
-1. In the **Autopatch groups** page, choose one or more existing Autopatch groups you want to include in the custom release, then select Next.
-1. You can't choose Autopatch groups that are already part of an existing custom release. Select **Autopatch groups assigned to other releases** to review existing assignments.
-1. In the Release phases page, review the number of auto-populated phases. You can Edit, Delete and Add phase based on your needs. Once you're ready, select **Next**. **Before you proceed to the next step**, all deployment rings must be assigned to a phase, and all phases must have deployment rings assigned.
-1. In the **Release schedule** page, choose **First deployment date**, and the number of **Gradual rollout groups**, then select **Next**. **You can only select the next day**, not the current day, as the first deployment date. The service creates feature update policy for Windows 10 and later twice a day at 4:00AM and 4:00PM (UTC) and can't guarantee that the release will start at the current day given the UTC variance across the globe.
-    1. The **Goal completion date** only applies to the [Deadline-driven deployment cadence type](../operate/windows-autopatch-groups-windows-update.md#deadline-driven). The Deadline-drive deployment cadence type can be specified when you configure the Windows Updates settings during the Autopatch group creation/editing flow.
-    2. Additionally, the formula for the goal completion date is `<First Deployment Date> + (<Number of gradual rollout groups> - 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days)`.
-1. In the **Review + create** page, review all settings. Once you're ready, select **Create**.
-
-> [!NOTE]
-> Custom releases can't be deleted from the Windows feature updates release management blade. The custom release record serves as a historical record for auditing purposes when needed.
-
-## Edit a release
-
-> [!NOTE]
-> Only custom releases that have the **Scheduled** status can be edited. A release phase can only be edited prior to reaching its first deployment date. Additionally, you can only edit the deployment dates when editing a release.
-
-**To edit a custom release:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release schedule** tab, select **Windows feature updates**.
-1. In the **Windows feature updates** blade, select the **horizontal ellipses (…)** > Edit to customize your gradual rollout of your feature updates release, then select **Save**.
-    1. Only the release schedule can be customized when using the edit function. You can't add or remove Autopatch groups or modify the phase order when editing a release.
-1. Select **Review + Create**.
-1. Select **Apply** to save your changes.
-
-## Pause and resume a release
-
-> [!CAUTION]
-> You should only pause and resume [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) and [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices.
-
-> [!IMPORTANT]
-> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates. For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
-
-**To pause or resume a release:**
-
-> [!NOTE]
-> If you've paused an update, the specified release will have the **Paused** status. The Windows Autopatch service can't overwrite IT admin's pause. You must select **Resume** to resume the update. The **Paused by Service Pause** status **only** applies to Windows quality updates. Windows Autopatch doesn't pause Windows feature updates on your behalf.
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release schedule** tab, select **Windows feature updates**.
-1. In the **Windows feature updates** blade, select the **horizontal ellipses (…)** > **Pause** or **Resume** to pause or resume your feature updates release.
-1. Select a reason from the dropdown menu.
-1. Optional. Enter details about why you're pausing or resuming the selected update.
-1. If you're resuming an update, you can select one or more deployment rings.
-1. Select **Pause deployment** or **Resume deployment** to save your changes.
-
-## Cancel a release
-
-> [!IMPORTANT]
-> You can only cancel a release under the Scheduled status. You cannot cancel a release under the **Active**, **Inactive** or **Paused** statuses.
-
-**To cancel a release:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release schedule** tab, select **Windows feature updates**.
-1. In the **Windows feature updates** blade, select the **horizontal ellipses (…)** > **Cancel** to cancel your feature updates release.
-1. Select a reason for cancellation from the dropdown menu.
-1. Optional. Enter details about why you're pausing or resuming the selected update.
-1. Select **Cancel deployment** to save your changes.
-
-## Roll back a release
-
-> [!CAUTION]
-> Do **not** use Microsoft Intune's end-user flows to rollback Windows feature update deployments for Windows Autopatch managed devices. If you need assistance with rolling back deployments, [submit a support request](../operate/windows-autopatch-support-request.md).
-
-Windows Autopatch **doesn't** support the rollback of Windows feature updates through its end-user experience flows.
-
-## Contact support
-
-If you're experiencing issues related to Windows feature update deployments, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
deleted file mode 100644
index a628585c63..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Unenroll your tenant
-description: This article explains what unenrollment means for your organization and what actions you must take.
-ms.date: 08/08/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Unenroll your tenant
-
-If you're looking to unenroll your tenant from Windows Autopatch, this article details what unenrollment means for your organization and what actions you must take.
-
-> [!IMPORTANT]
-> You must be a Global Administrator to unenroll your tenant.
-
-Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will:
-
-- Remove Windows Autopatch access to your tenant.
-- Exclude your devices from the Windows Autopatch service. Excluding your devices from Windows Autopatch won't remove your devices from Intune, Microsoft Entra ID or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Exclude a device](../operate/windows-autopatch-exclude-device.md).
-- Delete all data that we've stored in the Windows Autopatch data storage.
-
-> [!NOTE]
-> We will **not** delete any of your customer or Intune data.
-
-## Microsoft's responsibilities during unenrollment
-
-| Responsibility | Description |
-| ----- | ----- |
-| Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won't make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). |
-| Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record is deleted. We won't delete Microsoft Intune and/or Microsoft Entra device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). |
-
-## Your responsibilities after unenrolling your tenant
-
-| Responsibility | Description |
-| ----- | ----- |
-| Updates | After the Windows Autopatch service is unenrolled, we'll no longer provide updates to your devices.  You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. |
-| Optional Windows Autopatch configuration | Windows Autopatch won't remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don't wish to use these policies for your devices after unenrollment, you may safely delete them. For more information, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). |
-| Microsoft Intune roles | After unenrollment, you may safely remove the Modern Workplace Intune Admin role. |
-
-## Unenroll from Windows Autopatch
-
-**To unenroll from Windows Autopatch:**
-
-1. [Submit a support request](../operate/windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service.
-1. The Windows Autopatch Service Engineering Team communicates with your IT Administrator to confirm your intent to unenroll from the service.
-    1. You have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team.
-    2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner.
-1. The Windows Autopatch Service Engineering Team proceeds with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment).
-1. The Windows Autopatch Service Engineering Team informs you when unenrollment is complete.
-1. You're responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
deleted file mode 100644
index f0300bdd0c..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
+++ /dev/null
@@ -1,172 +0,0 @@
----
-title: Windows feature updates overview
-description: This article explains how Windows feature updates are managed with Autopatch groups
-ms.date: 07/25/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: andredm7
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Windows feature updates overview
-
-Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organization's IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation.
-
-Windows feature updates consist of:
-
-- Keeping Windows devices protected against behavioral issues.
-- Providing new features to boost end-user productivity.
-
-Windows Autopatch makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
-
-## Service level objective
-
-Windows Autopatch's service level objective for Windows feature updates aims to keep **95%** of eligible devices on the targeted Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) for its default and global releases maintained by the service, and custom releases created and managed by you.
-
-## Device eligibility criteria
-
-Windows Autopatch's device eligibility criteria for Windows feature updates aligns with [Windows Update for Business and Microsoft Intune's device eligibility criteria](/mem/intune/protect/windows-10-feature-updates#prerequisites).
-
-> [!IMPORTANT]
-> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
-
-## Key benefits
-
-- Windows Autopatch makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
-- You're in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version.
-	- Combined with custom releases, Autopatch Groups gives your organization great control and flexibility to help you plan your gradual rollout in a way that works for your organization.
-- Simplified end-user experience with rich controls for gradual rollouts, deployment cadence and speed.
-- No need to manually modify the default Windows feature update policies (default release) to be on the Windows OS version your organization is currently ready for.
-- Allows for scenarios where you can deploy a single release across several Autopatch groups and its deployment rings.
-
-## Key concepts
-
-- A release is made of one or more deployment phases and contains the required OS version to be gradually rolled out throughout its deployment phases.
-- A phase (deployment phase) is made of one or more Autopatch group deployment rings. A phase:
-    - Works as an additional layer of deployment cadence settings that can be defined by IT admins (only for Windows feature updates) on top of Autopatch group deployment rings (Windows update rings policies).
-    - Deploys Windows feature updates across one or more Autopatch groups.
-- There are three types of releases:
-    - Default
-    - Global
-    - Custom
-
-### Default release
-
-Windows Autopatch's default Windows feature update release is a service-driven release that enforces the minimum Windows OS version currently serviced by the Windows servicing channels for the deployment rings in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group).
-
-> [!TIP]
-> Windows Autopatch allows you to [create custom Windows feature update releases](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#create-a-custom-release).
-
-When devices are registered by manually adding them to the Windows Autopatch Device Registration Microsoft Entra ID assigned group, devices are assigned to deployment rings as part of the default Autopatch group. Each deployment ring has its own Windows feature update policy assigned to them. This is intended to minimize unexpected Windows OS upgrades once new devices register with the service.
-
-The policies:
-
-- Contain the minimum Windows 10 version currently serviced by the [Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). The current minimum Windows OS version is **Windows 10 21H2**.
-- Set a bare minimum Windows OS version required by the service once devices are registered with the service.
-
-If the device is registered with Windows Autopatch, and the device is:
-
-- Below the service's currently targeted Windows feature update, that device will be automatically upgraded to the service's target version when the device meets the [device eligibility criteria](#device-eligibility-criteria).
-- On, or above the currently targeted Windows feature update version, there won't be any Windows OS upgrades available to that device.
-
-#### Policy configuration for the default release
-
-If your tenant is enrolled with Windows Autopatch, you can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
-
-| Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023  | N/A | N/A | June 11, 2024 |
-| Windows Autopatch - DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023  | N/A | N/A | June 11, 2024 |
-| Windows Autopatch - DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023  | N/A | N/A | June 11, 2024 |
-| Windows Autopatch - DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023  | N/A | N/A | June 11, 2024 |
-
-> [!NOTE]
-> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
-
-### Global release
-
-Windows Autopatch's global Windows feature update release is a service-driven release. Like the [default release](#default-release), the Global release enforces the [minimum Windows OS version currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).
-
-There are two scenarios that the Global release is used:
-
-| Scenario | Description |
-| ----- | ----- |
-| Scenario #1 | You assign Microsoft Entra groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Microsoft Entra groups to the deployment ring (Last) in the Default Autopatch group.</p> |
-| Scenario #2 | You create new [Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
-
-> [!NOTE]
-> Global releases don't show up in the Windows feature updates release management blade.
-
-#### Policy configuration values
-
-See the following table on how Windows Autopatch configures the values for its global Windows feature update policy. If your tenant is enrolled with Windows Autopatch, you can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
-
-| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A  | N/A | N/A | June 11, 2024 |
-
-> [!NOTE]
-> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
-
-### Differences between the default and global Windows feature update policies
-
-> [!IMPORTANT]
-> Once you create a custom Windows feature update release, both the global and the default Windows feature update policies are unassigned from Autopatch group's deployment rings behind the scenes.
-
-The differences in between the global and the default Windows feature update policy values are:
-
-| Default Windows feature update policy | Global Windows feature update policy |
-| ----- | ----- |
-| <ul><li>Set by default with the Default Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in the Default Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of the Default Autopatch group customization.</li><li>Set by default and assigned to all deployment rings created as part of Custom Autopatch groups.</li></ul>
-
-### Custom release
-
-A custom release is the release that you create to tell Windows Autopatch how you want the service to manage Windows OS upgrades on your behalf.
-
-Custom releases gives you flexibility to do Windows OS upgrades on your pace, but still relying on Windows Autopatch to give you insights of how your OS upgrades are going and additional deployment controls through the Windows feature updates release management experience.
-
-When a custom release is created and assigned to Autopatch groups, either the default or global releases are unassigned to avoid feature update policy for Windows 10 and later conflicts.
-
-For more information on how to create a custom release, see [Manage Windows feature update release](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#create-a-custom-release).
-
-### About Windows Update rings policies
-
-Feature update policies work with Windows Update rings policies. Windows Update rings policies are created for each deployment ring for the [Default or a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#key-concepts) based on the deployment settings you define. The policy name convention is `Windows Autopatch Update Policy - <Autopatch group name> - <Deployment group name>`.
-
-The following table details the default Windows Update rings policy values that affect either the default or custom Windows feature updates releases:
-
-| Policy name | Microsoft Entra group assignment | Quality updates deferral in days | Feature updates deferral in days | Feature updates uninstall window in days | Deadline for quality updates in days | Deadline for feature updates in days | Grace period | Auto restart before deadline |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch Update Policy - default - Test | Windows Autopatch - Test | 0 | 0 | 30 | 0 | 5 | 0 | Yes |
-| Windows Autopatch Update Policy - default - Ring1 | Windows Autopatch - Ring1 | 1 | 0 | 30 | 2 | 5 |2 | Yes |
-| Windows Autopatch Update Policy - default - Ring2 | Windows Autopatch - Ring2 | 6 | 0 | 30 | 2 | 5 | 2 | Yes |
-| Windows Autopatch Update Policy - default - Ring3 | Windows Autopatch - Ring3 | 9 | 0 | 30 | 5 | 5 | 2 | Yes |
-| Windows Autopatch Update Policy - default - Last | Windows Autopatch - Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes |
-
-> [!IMPORTANT]
-> When you create a custom Windows feature update release, new Windows feature update policies are:<ul><li>Created corresponding to the settings you defined while creating the release.</li><li>Assigned to the Autopatch group's deployment rings you select to be included in the release.</li></ul>
-
-## Common ways to manage releases
-
-### Use case #1
-
-| Scenario | Solution |
-| ----- | ----- |
-| You're working as the IT admin at Contoso Ltd., and you need to gradually rollout of Windows 11's latest version to several business units across your organization. | Custom Windows feature update releases deliver OS upgrades horizontally, through phases, to one or more Autopatch groups.<br>Phases:<ul><li>Set your organization's deployment cadence.</li><li>Work like deployment rings on top of Autopatch group's deployment rings. Phases group one or more deployment rings across one or more Autopatch groups.</li></ul><br>See the following visual for a representation of Phases with custom releases. |
-
-:::image type="content" source="../media/autopatch-groups-manage-feature-release-case-1.png" alt-text="Manage Windows feature update release use case one" lightbox="../media/autopatch-groups-manage-feature-release-case-1.png":::
-
-### Use case #2
-
-| Scenario | Solution |
-| ----- | ----- |
-| You're working as the IT admin at Contoso Ltd. and your organization isn't ready to upgrade its devices to either Windows 11 or the newest Windows 10 OS versions due to conflicting project priorities within your organization.<p>However, you want to keep Windows Autopatch managed devices supported and receiving monthly updates that are critical to security and the health of the Windows ecosystem.</p> | Default Windows feature update releases deliver the minimum Windows OS upgrade vertically to each Windows Autopatch group (either [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [Custom](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)). The Default Windows Autopatch group is pre-configured with the [default Windows feature update release](#default-release) and no additional configuration is required from IT admins as Autopatch manages the default release on your behalf.<p>If you decide to edit the default Windows Autopatch group to add additional deployment rings, these rings receive a [global Windows feature update policy](#global-release) set to offer the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to devices. Every custom Autopatch group you create gets a [global Windows feature update policy](#global-release) that enforces the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</p><p>See the following visual for a representation of default releases.</p>|
-
-:::image type="content" source="../media/autopatch-groups-manage-feature-release-case-2.png" alt-text="Manage Windows feature update release use case two" lightbox="../media/autopatch-groups-manage-feature-release-case-2.png":::
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md
deleted file mode 100644
index b0319f299b..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Windows quality update end user experience for Autopatch groups
-description: This article explains the Windows quality update end user experience using the Autopatch groups exp
-ms.date: 07/25/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: adnich
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Windows quality update end user experience
-
-## User notifications
-
-In this section we'll review what an end user would see in the following three scenarios:
-
-1. Typical update experience
-2. Quality update deadline forces an update
-3. Quality update grace period
-
-> [!NOTE]
-> The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.
-
-### Typical update experience
-
-The Windows quality update is published and devices in the Broad ring have a deferral period of nine days. Devices will wait nine days before downloading the latest quality update.
-
-Once the deferral period has passed, the device will download the update and notify the end user that updates are ready to install. The end user can either:
-
-- Restart immediately to install the updates
-- Schedule the installation, or
-- Snooze the device will attempt to install outside of [active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart).
-
-In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.
-
-:::image type="content" source="../media/windows-quality-typical-update-experience.png" alt-text="Typical windows quality update experience" lightbox="../media/windows-quality-typical-update-experience.png":::
-
-### Quality update deadline forces an update
-
-In the following example, the user:
-
-- Ignores the notification and selects snooze.
-- Further notifications are received, which the user ignores.
-- The device is unable to install the updates outside of active hours.
-
-The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the [active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart) and force a restart to complete the update installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.
-
-:::image type="content" source="../media/windows-quality-force-update.png" alt-text="Force Windows quality update" lightbox="../media/windows-quality-force-update.png":::
-
-### Quality update grace period
-
-In the following example, the user is on holiday and the device is offline beyond the quality update deadline. The user then returns to work and the device is turned back on.
-
-Since the deadline has already passed, the device is granted a two-day grace period to install the update and restart. The user will be notified of a pending installation and given options to choose from. Once the two-day grace period has expired, the user is forced to restart with a 15-minute warning notification.
-
-:::image type="content" source="../media/windows-quality-update-grace-period.png" alt-text="Windows quality update grace period" lightbox="../media/windows-quality-update-grace-period.png":::
-
-## Minimize user disruption due to updates
-
-Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. By default, [Active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart) are configured dynamically based on device usage patterns. Device restarts occur outside of active hours until the deadline is reached.
-
-Windows Autopatch understands the importance of not disrupting critical devices but also updating the devices quickly. If you wish to configure a specific installation time or [Active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart), use the [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md), and select the [**ScheduledInstall**](../operate/windows-autopatch-groups-windows-update.md#scheduled-install) option. Using this option removes the deadline enforced for a device restart. Devices with this configuration will also **not** be counted towards the [service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
deleted file mode 100644
index 4831b08a21..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
+++ /dev/null
@@ -1,201 +0,0 @@
----
-title: Windows quality updates overview with Autopatch groups experience
-description: This article explains how Windows quality updates are managed with Autopatch groups
-ms.date: 05/24/2024
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: andredm7
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Windows quality updates
-
-Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
-
-To release updates to devices in a gradual manner, Windows Autopatch deploys a set of mobile device management (MDM) policies to each update deployment ring to control the rollout. There are three primary policies that are used to control Windows quality updates:
-
-| Policy | Description |
-| ----- | ----- |
-| [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | Deferral policies delay the time the update is offered to the device by a specific number of days. The "offer" date for Windows quality updates is equal to the number of days specified in the deferral policy after the second Tuesday of each month. |
-| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)    | Before the deadline, users can schedule restarts or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. |
-| [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online. |
-
-For devices in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch configures these policies differently across deployment rings to gradually release the update. Devices in the Test ring receive changes first and devices in the Last ring receive changes last. For more information about the Test and Last deployment rings, see [About the Test and Last deployment rings in Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-the-test-and-last-deployment-rings). With Windows Autopatch groups, you can also customize the [Default Deployment Group's deployment ring composition](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition) to add and/or remove deployment rings and can customize the update deployment cadences for each deployment ring. To learn more about customizing Windows Quality updates deployment cadence, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md).
-
-> [!IMPORTANT]
-> Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will cause a device to be considered ineligible for management, it will still receive policies from Windows Autopatch that are not in conflict, but may not function as designed.  These devices will be marked as ineligible in our device reporting and will not count towards our [service level objective](#service-level-objective).
-
-## Service level objective
-
-Windows Autopatch aims to keep at least 95% of [Up to Date devices](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. Autopatch uses the previously defined release schedule on a per ring basis with a five-day reporting period to calculate and evaluate the service level objective (SLO). The result of the service level objective is the column "% with the latest quality update" displayed in release management and reporting.
-
-### Service level objective calculation
-
-There are two states a device can be in when calculating the service level objective (SLO):
-
-- Devices that are active during the release
-- Devices that become active after the release
-
-The service level objective for each of these states is calculated as:
-
-| State | Calculation |
-| ----- | ----- |
-| Device that is active during release | This service level objective calculation assumes the device has typical activity during the scheduled release period. Calculated by:<p>`Deferral + Deadline + Reporting Period = service level objective`</p> |
-| Device that becomes active after release | This service level objective calculation refers to offline devices during the scheduled release period but come back online later. Calculated by:<p>`Grace Period + Reporting period = service level objective`</p> |
-
-| Timeframe | Value defined in |
-| ----- | ----- |
-| Deferral | Targeted deployment ring |
-| Deadline | Targeted deployment ring |
-| Grace period | Targeted deployment ring |
-| Reporting period | Five days. Value defined by Windows Autopatch. |
-
-> [!NOTE]
-> Targeted deployment ring refers to the deployment ring value of the device in question. If a device has a five day deferral with a two day deadline, and two day grace period, the SLO for the device would be calculated to `5 + 2 + 5 = 12`-day service level objective from the second Tuesday of the month. The five day reporting period is one established by Windows Autopatch to allow enough time for device check-in reporting and data evaluation within the service.
-
-> [!IMPORTANT]
-> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
-
-## Import Update rings for Windows 10 and later
-
-You can import your organization's existing Intune Update rings for Windows 10 and later into Windows Autopatch. Importing your organization's Update rings provides the benefits of the Windows Autopatch's reporting and device readiness without the need to redeploy, or change your organization's existing update rings.
-
-Imported rings automatically register all targeted devices into Windows Autopatch. For more information about device registration, see the [device registration workflow diagram](../deploy/windows-autopatch-device-registration-overview.md#detailed-device-registration-workflow-diagram).
-
-> [!NOTE]
-> Devices which are registered as part of an imported ring, might take up to 72 hours after the devices have received the latest version of the policy, to be reflected in Windows Autopatch devices blade and reporting. For more information about reporting, see [Windows quality and feature update reports overview](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md).
-
-> [!NOTE]
-> Device registration failures don't affect your existing update schedule or targeting. However, devices that fail to register might affect Windows Autopatch's ability to provide reporting and insights. Any conflicts should be resolved as needed. For additional assistance, [submit a support request](../operate/windows-autopatch-support-request.md).
-
-### To import Update rings for Windows 10 and later
-
-**To import Update rings for Windows 10 and later:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** from the left navigation menu.
-3. Under the **Windows Autopatch** section, select **Release management**.
-4. In the **Release management** blade, go to the **Release schedule** tab and select **Windows quality updates**.
-5. Select **Import Update rings for Windows 10 and later**.
-6. Select the existing rings you would like to import.
-7. Select **Import**.
-
-### Remove an imported Update ring for Windows 10 and later
-
-**To remove an Imported Update rings for Windows 10 and later:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** from the left navigation menu.
-3. Under the **Windows Autopatch** section, select **Release management**.
-4. In the **Release management** blade, go to the **Release schedule** tab and select **Windows quality updates**.
-5. Select the Update rings for Windows 10 and later you would like to remove.
-6. Select the **horizontal ellipses (...)** and select **Remove**.
-
-### Known limitations
-
-The following Windows Autopatch features aren't available with imported Intune Update rings:
-
-- Autopatch groups and features dependent on Autopatch groups
-- Moving devices in between deployment rings in devices
-- Automated deployment ring remediation functions
-- Policy health and remediation
-
-## Release management
-
-> [!NOTE]
-> To access the Release management blade, you must have the correct [role-based access control](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration).
-
-In the Release management blade, you can:
-
-- Track the [Windows quality update schedule](#release-schedule).
-- [Turn off expedited Windows quality updates](#turn-off-service-driven-expedited-quality-update-releases).
-- Review release announcements and knowledge based articles for regular and [Out of Band (OOB) Windows quality updates](#out-of-band-releases).
-
-### Release schedule
-
-For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains:
-
-- The status of the update. Releases appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which are configured on your behalf.
-- The date the update is available.
-- The target completion date of the update.
-- In the **Release schedule** tab, you can either [**Pause** and/or **Resume**](#pause-and-resume-a-release) a Windows quality update release.
-
-### Expedited releases
-
-Threat and vulnerability information about a new revision of Windows becomes available on the second Tuesday of each month. Windows Autopatch assesses that information shortly afterwards. If the service determines that it's critical to security, it might be expedited. The quality update is also evaluated on an ongoing basis throughout the release and Windows Autopatch might choose to expedite at any time during the release.
-
-When expediting a release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update quickly.
-
-| Release type | Group | Deferral | Deadline | Grace period |
-| ----- | ----- | ----- | ----- | ----- |
-| Expedited release | All devices | 0 | 1 | 1 |
-
-#### Turn off service-driven expedited quality update releases
-
-Windows Autopatch provides the option to turn off of service-driven expedited quality updates.
-
-By default, the service expedites quality updates as needed. For those organizations seeking greater control, you can disable expedited quality updates for Windows Autopatch-enrolled devices using Microsoft Intune.
-
-**To turn off service-driven expedited quality updates:**
-
-1. Go to **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
-2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited quality updates** setting.
-
-> [!NOTE]
-> Windows Autopatch doesn't allow customers to request expedited releases.
-
-### Out of Band releases
-
-Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
-
-For the deployment rings that have passed quality updates deferral date, the OOB release schedule is expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs is released as per the set deferral dates.
-
-**To view deployed Out of Band quality updates:**
-
-1. Go to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows Autopatch** > **Release management**.
-2. Under the **Release Announcements** tab, you can view the knowledge base (KB) articles corresponding to deployed OOB and regular Windows quality updates. You can also view the schedules for OOB update releases in the Release Schedule tab.
-
-> [!NOTE]
-> Announcements and OOB update schedules will be **removed** from the Release announcements tab when the next quality update is released. Further, if quality updates are paused for a deployment ring, the OOB updates will also be paused.
-
-### Pause and resume a release
-
-> [!CAUTION]
-> You should only pause and resume [Windows quality](#pause-and-resume-a-release) and [Windows feature updates](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices.
-
-The service-level pause is driven by the various software update deployment-related signals Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.
-
-If Windows Autopatch detects a [significant issue with a release](../operate/windows-autopatch-groups-windows-quality-update-signals.md), we might decide to pause that release.
-
-> [!IMPORTANT]
-> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
-
-**To pause or resume a Windows quality update:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release management** blade, go to the **Release schedule** tab and select **Windows quality updates**.
-1. Select the Autopatch group or deployment ring that you want to pause or resume. Select either: **Pause** or **Resume**. Alternatively, you can select the **horizontal ellipses (...)** of the Autopatch group or deployment ring you want to pause or resume. Select, **Pause** or **Resume** from the dropdown menu.
-1. Optional. Enter the justification(s) about why you're pausing or resuming the selected update.
-1. Optional. Select **This pause is related to Windows Update**. When you select this checkbox, you must provide information about how the pause is related to Windows Update.
-1. If you're resuming an update, you can select one or more Autopatch groups or deployment rings.
-1. Select **Pause or Resume deployment**.
-
-The three following statuses are associated with paused quality updates:
-
-| Status | Description |
-| ----- | ------ |
-| Paused by Service | If the Windows Autopatch service paused an update, the release has the **Paused by Service** status. The **Paused by Service** status only applies to rings that aren't Paused by the Tenant. |
-| Paused by Tenant | If you paused an update, the release has the **Paused by Tenant** status. The Windows Autopatch service can't overwrite a tenant pause. You must select **Resume** to resume the update. |
-
-## Remediating Not ready and/or Not up to Date devices
-
-To ensure your devices receive Windows quality updates, Windows Autopatch provides information on how you can [remediate Windows Autopatch device alerts](../operate/windows-autopatch-device-alerts.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md
deleted file mode 100644
index 7f403c3a2c..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Windows quality update release signals with Autopatch groups
-description: This article explains the Windows quality update release signals with Autopatch groups
-ms.date: 07/25/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Windows quality update signals
-
-Windows Autopatch monitors a specific set of signals and aims to release the monthly security update both quickly and safely. The service doesn't comprehensively monitor every use case in Windows.
-
-If there's a scenario that is critical to your business, which isn't monitored by Windows Autopatch, you're responsible for testing and taking any follow-up actions, like requesting to pause the release.
-
-## Pre-release signals
-
-Before being released to the Test ring in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch reviews several data sources to determine if we need to send any customer advisories or need to pause the update. Situations where Windows Autopatch doesn't release an update to the Test ring are seldom occurrences.
-
-| Pre-release signal | Description |
-| ----- | ----- |
-| Windows Payload Review | The contents of the monthly security update release are reviewed to help focus your update testing on areas that have changed. If any relevant changes are detected, a [customer advisory](../operate/windows-autopatch-groups-windows-quality-update-communications.md#communications-during-release) will be sent out. |
-| Optional non-security preview release review - Internal Signals | Windows Autopatch reviews active incidents associated with the previous optional non-security preview release to understand potential risks in the monthly security update release. |
-| Optional non-security preview release review  - Social Signals | Windows Autopatch monitors social signals to better understand potential risks associated with the monthly security update release. |
-
-## Early signals
-
-The update is released to the Test ring in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) on the second Tuesday of the month. Those test devices will update, allowing you to conduct early testing of critical scenarios in your environment. There are also several Microsoft internal signals that are monitored throughout the release.
-
-| Device reliability signal | Description | Microsoft will |
-| ----- | ----- | ----- |
-| Security Risk Profile | As soon as the update is released, the criticality of the security content is assessed. | <ul><li>Consider expediting the release</li><li>Update customers with a risk profile</li></ul>
-| B-Release - Internal Signals | Windows Autopatch reviews any active incidents associated with the current release. | <ul><li>Determine if a customer advisory is necessary</li><li>Pause the release if there's significant user impact</li></ul> |
-| B-Release - Social Signals | Windows Autopatch monitors social signals to understand risks associated with the release. | Determine if a customer advisory is necessary |
-
-## Device reliability signals
-
-Windows Autopatch monitors devices for a set of core reliability metrics as a part of the service.
-
-The service then uses statistical models to assess if there are significant differences between the two Windows versions. To make a statistically significant assessment, Windows Autopatch requires that at least 500 devices in your tenant have upgraded to the new version.
-
-As more devices update, the confidence of the analysis increases and gives us a clearer picture of release quality. If we determine that the user experience is impaired, Autopatch will either post a customer advisory or pause the release, depending on the criticality of the update.
-
-Autopatch monitors the following reliability signals:
-
-| Device reliability signal | Description |
-| ----- | ----- |
-| Blue screens | These events are highly disruptive to end users. These events are closely monitored. |
-| Overall app reliability | Tracks the total number of app crashes and freezes on a device. A known limitation with this measure is that if one app becomes 10% more reliable and another becomes 10% less reliable then it shows up as a flat line in the measure. |
-| Microsoft Office reliability | Tracks the number of Office crashes and freezes per application per device. |
-| Microsoft Edge reliability | Tracks the number of Microsoft Edge crashes and freezes per device. |
-| Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. |
-
-When the update is released to the First ring in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), the service crosses the 500 device threshold. Therefore, Autopatch can detect regressions that are common to all customers. At this point in the release, we'll decide if we need to expedite the release schedule or pause for all customers.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md
index 82e1181f87..9d2fd72bf2 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md
@@ -1,9 +1,9 @@
 ---
 title: Windows Autopatch deployment guide
 description: This guide explains how to successfully deploy Windows Autopatch in your environment
-ms.date: 08/24/2023
+ms.date: 07/08/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -12,7 +12,6 @@ manager: aaroncz
 ms.reviewer: hathind
 ms.collection:
   - tier2
-  - essentials-get-started
 ---
 
 # Windows Autopatch deployment guide
@@ -66,8 +65,8 @@ The following deployment steps can be used as a guide to help you to create your
 | Step | Description |
 | ----- | ----- |
 | **1A: Set up the service** | <ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations)</li><li>Review and understand [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) completed successfully</li></ul> |
-| **1B: Confirm update service needs and configure your workloads** | <ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md): Expedite preferences and cadence customizations</li><li>[Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md): Servicing version preferences</li><li>[Driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md): Set to either Manual or Automatic</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md): Set to either Monthly Enterprise Channel or opt-out</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md): Required. Beta and Stable Channel</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md): Required. Automatic</li></ul> |
-| **1C: Consider your Autopatch groups distribution** | Organizations have a range of Windows devices including desktop computers, laptops and tablets that might be grouped across multiple logical or physical locations. When planning your Autopatch groups strategy, consider the Autopatch group structure that best fits your organizational needs. It's recommended to utilize the service defaults as much as possible. However, if necessary, you can customize the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) with additional deployment rings and/or [create your own Custom Autopatch group(s)](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group).<br><br><ul><li> Review your device inventory and consider a representative mix of devices across your distribution</li><li>Review your Microsoft Entra groups that you wish to use to register devices into the service</li><li>Review [device registration options](../deploy/windows-autopatch-device-registration-overview.md) and [register your first devices](../deploy/windows-autopatch-register-devices.md)</li></ul> |
+| **1B: Confirm update service needs and configure your workloads** | <ul><li>[Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md): Expedite preferences and cadence customizations</li><li>[Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md): Servicing version preferences</li><li>[Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md): Set to either Manual or Automatic</li><li>[Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md): Set to either Monthly Enterprise Channel or opt-out</li><li>[Microsoft Edge](../manage/windows-autopatch-edge.md): Required. Beta and Stable Channel</li><li>[Microsoft Teams](../manage/windows-autopatch-teams.md): Required. Automatic</li></ul> |
+| **1C: Consider your Autopatch groups distribution** | Organizations have a range of Windows devices including desktop computers, laptops and tablets that might be grouped across multiple logical or physical locations. When planning your Autopatch groups strategy, consider the Autopatch group structure that best fits your organizational needs. It's recommended to utilize the service defaults as much as possible. However, if necessary, you can customize the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md) with additional deployment rings and/or [create your own Custom Autopatch group(s)](../deploy/windows-autopatch-groups-overview.md).<br><br><ul><li> Review your device inventory and consider a representative mix of devices across your distribution</li><li>Review your Microsoft Entra groups that you wish to use to register devices into the service</li><li>Review [device registration options](../deploy/windows-autopatch-device-registration-overview.md) and [register your first devices](../deploy/windows-autopatch-register-devices.md)</li></ul> |
 | **1D: Review network optimization** | It's important to [prepare your network](../prepare/windows-autopatch-configure-network.md) to ensure that your devices have access to updates in the most efficient way, without impacting your infrastructure.<br><br>A recommended approach to manage bandwidth consumption is to utilize [Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization). You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages amongst multiple devices in your deployment. |
 
 ### Step two: Evaluate
@@ -76,9 +75,9 @@ Evaluate Windows Autopatch with around 50 devices to ensure the service meets yo
 
 | Step | Description |
 | ----- | ----- |
-| **2A: Review reporting capabilities** | <ul><li>[Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li><li>[Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report)</li></ul>Windows Autopatch quality and feature update reports provide a progress view on the latest update cycle for your devices. These reports should be reviewed often to ensure you understand the update state of your Windows Autopatch devices.<br><br>There might be times when using Windows Autopatch for update deployment that it's beneficial to review Windows Update for Business (WUfB) reports.<br><br>For example, when preparing to deploy Windows 11, you might find it useful to evaluate your devices using the [Windows feature update device readiness](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report) and [Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-compatibility-risks-report) in Intune.|
+| **2A: Review reporting capabilities** | <ul><li>[Windows quality update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li><li>[Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report)</li></ul>Windows Autopatch quality and feature update reports provide a progress view on the latest update cycle for your devices. These reports should be reviewed often to ensure you understand the update state of your Windows Autopatch devices.<br><br>There might be times when using Windows Autopatch for update deployment that it's beneficial to review Windows Update for Business (WUfB) reports.<br><br>For example, when preparing to deploy Windows 11, you might find it useful to evaluate your devices using the [Windows feature update device readiness](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report) and [Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-compatibility-risks-report) in Intune.|
 | **2B: Review operational changes** | As part of the introduction of Windows Autopatch, you should consider how the service integrates with your existing operational processes.<br><ul><li>Identify service desk and end user computing process changes</li><li>Identify any alignment with third party support agreements</li><li>Review the default Windows Autopatch support process and alignment with your existing Premier and Unified support options</li><li>Identify IT admin process change & service interaction points</li></ul> |
-| **2C: Educate end users and key stakeholders**| Educate your end users by creating guides for the Windows Autopatch end user experience.<ul><li>[Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)</li><li>[Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li>[Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)<li>[Microsoft Edge](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md)</li></ul><br>Include your IT support and help desk in the early stages of the Windows Autopatch deployment and planning process. Early involvement allows your support staff to:<br><ul><li>Gain knowledge and experience in identifying and resolving update issues more effectively</li><li>Prepare them to support production rollouts. Knowledgeable help desk and support teams also help end users adopt to changes</li></ul><br>Your support staff can experience a walkthrough of the Windows Autopatch admin experience through the [Windows Autopatch demo site](https://aka.ms/autopatchdemo). |
+| **2C: Educate end users and key stakeholders**| Educate your end users by creating guides for the Windows Autopatch end user experience.<ul><li>[Windows quality updates](../manage/windows-autopatch-windows-quality-update-end-user-exp.md)</li><li>[Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)</li>[Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md)<li>[Microsoft Edge](../manage/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../manage/windows-autopatch-teams.md)</li></ul><br>Include your IT support and help desk in the early stages of the Windows Autopatch deployment and planning process. Early involvement allows your support staff to:<br><ul><li>Gain knowledge and experience in identifying and resolving update issues more effectively</li><li>Prepare them to support production rollouts. Knowledgeable help desk and support teams also help end users adopt to changes</li></ul><br>Your support staff can experience a walkthrough of the Windows Autopatch admin experience through the [Windows Autopatch demo site](https://aka.ms/autopatchdemo). |
 | **2D: Pilot planning** | Identify target pilot group(s) of up to 500 devices. It's recommended to include a cross-section of your organizational make-up to ensure your pilot results are representative of your organizational environment. |
 
 ### Step three: Pilot
@@ -89,7 +88,7 @@ Plan to pilot the service with around 500 devices to provide sufficient pilot co
 | ----- | ----- |
 | **3A: Register devices** | Register pilot device group(s) |
 | **3B: Monitor update process success** |<ul><li>Quality update: One to two update cycles</li><li>Feature update: Set of pilot devices scheduled across several weeks</li><li>Drivers and firmware: One to two update cycles</li><li>Microsoft 365 Apps for enterprise (if not opted-out): One to two update cycles</li><li>Microsoft Edge: One to two update cycles</li><li>Microsoft Teams: One to two update cycles</li> |
-| **3C: Review reports** |<ul><li>[Quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports): Monitor data in the reports across one to two update cycles</li><li>[Feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports): Monitor data in the reports across the update schedule</li><li>[Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report): Monitor data in the report across one to two update cycles</li></ul> |
+| **3C: Review reports** |<ul><li>[Quality update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports): Monitor data in the reports across one to two update cycles</li><li>[Feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports): Monitor data in the reports across the update schedule</li><li>[Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report): Monitor data in the report across one to two update cycles</li></ul> |
 | **3D: Implement operational changes** |<ul><li>Pilot Service Desk, end user computing and third party (if applicable) process changes with pilot representatives</li><li>IT admins must:<ul><li>Review deployment progress using Windows Autopatch reports</li><li>Respond to identified actions to help improve success rates</li></ul></ul> |
 | **3E: Communicate with stakeholders** | Review and action your stakeholder communication plan. |
 | **3F: Deployment planning** | Prepare target deployment groups for phased deployment of Windows Autopatch. |
@@ -118,7 +117,7 @@ Once migrated, there are several configuration tasks that you no longer need to
 
 | Autopatch benefit | Configuration Manager | Windows Update for Business (WUfB) |
 | ----- | ----- | ----- |
-| Automated setup and on-going configuration of Windows Update policies | Manage and perform recurring tasks such as:<ul><li>Download updates</li><li>Distribute to distribution points</li><li>Target update collections</li></ul> | Manage "static" deployment ring policies |
+| Automated setup and ongoing configuration of Windows Update policies | Manage and perform recurring tasks such as:<ul><li>Download updates</li><li>Distribute to distribution points</li><li>Target update collections</li></ul> | Manage "static" deployment ring policies |
 | Automated management of deployment ring membership | Manually check collection membership and targets | Manage "static" deployment ring membership |
 | Maintain minimum Windows feature version and progressively move between servicing versions | Spend time developing, testing and rolling-out task sequence | Set up and deploy Windows feature update policies |
 | Service provides release management, signal monitoring, testing, and Windows Update deployment | Setup, target and monitor update test collections | Manage Test deployment rings and manually monitor update signals |
@@ -139,7 +138,6 @@ Service management benefits include:
 | Windows automation and Microsoft Insights | First or third-party resources required to support and manage updates internally |
 | Microsoft research and insights determine the 'go/no-go' for your update deployment | Limited signals and insights from your organization to determine the 'go/no-go' for your update deployment |
 | Windows Autopatch might pause or roll back an update. The pause or rollback is dependent on the scope of impact and to prevent end user disruption | Manual intervention required, widening the potential impact of any update issues |
-| By default, Windows Autopatch [expedites quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases) as needed. | Manual intervention required, widening the potential impact of any update issues |
 
 ### Migrating from Windows Update for Business (WUfB) to Windows Autopatch
 
@@ -161,8 +159,8 @@ Once you have assessed your readiness state to ensure you're aligned to Windows
 
 | Step | Example timeline | Task |
 | ----- | ----- | ----- |
-| **[Step one: Prepare > Set up the service](#step-one-prepare)** | Week one | Follow our standard guidance to turn on the Windows Autopatch service<ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations)</li><li>Review and understand the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) have completed successfully</li></ul> |
-| **[Step one: Prepare > Adjust the service configuration based on your migration readiness](#step-one-prepare)** | Week one | <ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md)</li><li>[Driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md)</li><li>Use the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [create a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> |
+| **[Step one: Prepare > Set up the service](#step-one-prepare)** | Week one | Follow our standard guidance to turn on the Windows Autopatch service<ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations)</li><li>Review and understand the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md) have completed successfully</li></ul> |
+| **[Step one: Prepare > Adjust the service configuration based on your migration readiness](#step-one-prepare)** | Week one | <ul><li>[Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)</li><li>[Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md)</li><li>[Microsoft Edge](../manage/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../manage/windows-autopatch-teams.md)</li><li>[Create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group)</li></ul> |
 | **[Step two: Evaluate](#step-two-evaluate)** | Week one to month two | Evaluate with around 50 devices for one update cycle to confirm the correct service configurations are in place |
 | **[Step three: Pilot](#step-three-pilot)** | Month two to three | Pilot with around 500 - 5000 devices for one update cycle to ensure you can further validate with your key stakeholders and Service Desk teams |
 | **[Step four: Deploy](#step-four-deploy)** | Month three to six | Phase deployments as necessary to migrate your estate. You can move as quickly as you feel comfortable |
@@ -180,7 +178,7 @@ When you migrate from Configuration Manager to Windows Autopatch, the fastest pa
 | **1** | Turn on co-management | If you're using co-management across Configuration Manager and your managed devices, you meet the key requirements to use Windows Autopatch.<br><br>If you don't have co-management, see [How to use co-management in Configuration Manager](/mem/configmgr/comanage/how-to-enable) |
 | **2** | Use required co-management workloads | Using Windows Autopatch requires that your managed devices use the following three co-management workloads:<ul><li>Windows Update policies workload</li><li>Device configuration workload</li><li>Office Click-to-Run apps workload</li></ul><br>If you have these workloads configured, you meet the key requirements to use Windows Autopatch. If you don't have these workloads configured, review [How to switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads) |
 | **3** | Prepare your policies | You should consider any existing policy configurations in your Configuration Manager (or on-premises) environment that could impact your deployment of Windows Autopatch. For more information, review [General considerations](#general-considerations) |
-| **4** | Ensure Configuration Manager collections or Microsoft Entra device groups readiness | To move devices to Windows Autopatch, you must register devices with the Windows Autopatch service. To do so, use either Microsoft Entra device groups, or Configuration Manager collections. Ensure you have either Microsoft Entra device groups or Configuration Manager collections that allow you to evaluate, pilot and then migrate to the Windows Autopatch service. For more information, see [Register your devices](../deploy/windows-autopatch-register-devices.md#before-you-begin). |
+| **4** | Ensure Configuration Manager collections or Microsoft Entra device groups readiness | To move devices to Windows Autopatch, you must register devices with the Windows Autopatch service. To do so, use either Microsoft Entra device groups, or Configuration Manager collections. Ensure you have either Microsoft Entra device groups or Configuration Manager collections that allow you to evaluate, pilot and then migrate to the Windows Autopatch service. For more information, see [Register your devices](../deploy/windows-autopatch-register-devices.md). |
 
 ### Optimized deployment path: Configuration Manager to Windows Autopatch
 
@@ -189,7 +187,7 @@ Once you have assessed your readiness state to ensure you're aligned to Windows
 | Step | Example timeline | Task |
 | ----- | ----- | ----- |
 | **[Step one: Prepare > Set up the service](#step-one-prepare)** | Week one | Follow our standard guidance to turn on the Windows Autopatch service<ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations).</li><li>Review and understand the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) have completed successfully.</li></ul> |
-| **[Step one: Prepare > Adjust the service configuration based on your migration readiness](#step-one-prepare)** | Week one | <ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md)</li><li>[Driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md)</li><li>Use the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [create a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> |
+| **[Step one: Prepare > Adjust the service configuration based on your migration readiness](#step-one-prepare)** | Week one | <ul><li>[Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)</li><li>[Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md)</li><li>[Microsoft Edge](../manage/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../manage/windows-autopatch-teams.md)</li><li>[Create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group)</li></ul> |
 | **[Step two: Evaluate](#step-two-evaluate)** | Week one to month two | Evaluate with around 50 devices for one update cycle to confirm the correct service configurations are in place |
 | **[Step three: Pilot](#step-three-pilot)** | Month two to three | Pilot with around 500 - 5000 devices for one update cycle to ensure you can further validate with your key stakeholders and Service Desk teams |
 | **[Step four: Deploy](#step-four-deploy)** | Month three to six | Phase deployments as necessary to migrate your estate. You can move as quickly as you feel comfortable |
@@ -271,9 +269,9 @@ For example, Configuration Manager Software Update Policy settings exclude Autop
 
 #### Servicing profiles for Microsoft 365 Apps for enterprise
 
-You can use automation to deliver monthly updates to Microsoft 365 Apps for enterprise directly from the Office Content Delivery Network (CDN) using [Servicing profiles](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#compatibility-with-servicing-profiles). A servicing profile takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#device-eligibility) regardless of existing management tools in your environment.
+You can use automation to deliver monthly updates to Microsoft 365 Apps for enterprise directly from the Office Content Delivery Network (CDN) using [Servicing profiles](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#compatibility-with-servicing-profiles). A servicing profile takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](../manage/windows-autopatch-microsoft-365-apps-enterprise.md) regardless of existing management tools in your environment.
 
-You can consider retargeting servicing profiles to non-Windows Autopatch devices or if you plan to continue using them, you can [block Windows Autopatch delivered Microsoft 365 App updates](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#allow-or-block-microsoft-365-app-updates) for Windows Autopatch-enrolled devices.
+You can consider retargeting servicing profiles to non-Windows Autopatch devices or if you plan to continue using them, you can [block Windows Autopatch delivered Microsoft 365 App updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) for Windows Autopatch-enrolled devices.
 
 ## Business case
 
@@ -314,10 +312,9 @@ Review your original objectives and business case with your key stakeholders to
 If you need assistance with your Windows Autopatch deployment journey, you have the following support options:
 
 - Microsoft Account Team
-- [Microsoft FastTrack](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request#microsoft-fasttrack)
+- [Microsoft FastTrack](../manage/windows-autopatch-support-request.md#microsoft-fasttrack)
 - Windows Autopatch Service Engineering Team
-    - [Tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md)
-    - [General support request](../operate/windows-autopatch-support-request.md)
+    - [General support request](../manage/windows-autopatch-support-request.md)
 
 First contact your Microsoft Account team who can work with you to establish any guidance or support you might need. If you don't have a Microsoft Account Team contact or wish to explore other routes, Microsoft FastTrack offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. Finally, you can also log a support request with the Windows Autopatch Service Engineering Team.
 
@@ -332,4 +329,3 @@ Once you're underway with your deployment, consider joining the [Windows Commerc
     - Surveys
     - Teams discussions
     - Previews
-
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index f92f2bf122..7aea64cf61 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -4,84 +4,85 @@ metadata:
   description: Answers to frequently asked questions about Windows Autopatch.
   ms.service: windows-client
   ms.topic: faq
-  ms.date: 12/04/2023
+  ms.date: 09/16/2024
   audience: itpro
   ms.localizationpriority: medium
   manager: aaroncz
   author: tiaraquan
   ms.author: tiaraquan
   ms.reviwer: hathind
-  ms.subservice: itpro-updates
+  ms.subservice: autopatch
 title: Frequently Asked Questions about Windows Autopatch
 summary: This article answers frequently asked questions about Windows Autopatch.
 sections:
   - name: General
-    questions:
-      - question: What Windows versions are supported?
-        answer: |
-          Windows Autopatch works with all [supported versions of Windows 10 and Windows 11](/windows/release-health/supported-versions-windows-client) Enterprise and Professional editions.
+    questions: 
       - question: What is the difference between Windows Update for Business and Windows Autopatch?
         answer: |
-          Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/deployment-service-overview) and other service components to update devices. Both are part of Windows Enterprise E3.
+          Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) and other service components to update devices. Both are part of [Windows Enterprise E3+ and F3](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
       - question: Is Windows 365 for Enterprise supported with Windows Autopatch?
         answer: |
           Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.
-      - question: Does Windows Autopatch support Windows Education (A3/A5) or Windows Front Line Worker (F3) licensing?
-        answer: |
-          Autopatch isn't available for 'A'. Windows Autopatch supports some 'F' series licensing. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
       - question: Will Windows Autopatch support local domain join Windows 10?
         answer: |
-          Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Microsoft Entra join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
+          Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Microsoft Hybrid Entra join](/entra/identity/devices/concept-hybrid-join) or [Microsoft Entra join](/entra/identity/devices/concept-directory-join). 
       - question: Will Windows Autopatch be available for state and local government customers?
         answer: |
           Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.
-      - question: What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?
-        answer: |
-          Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There's no additional action you have to take to continue using Windows Autopatch.
   - name: Requirements
     questions:
+      - question: What are the licensing requirements for Windows Autopatch?
+        answer: |
+          Business Premium and A3+ licenses include:
+          - Microsoft 365 Business Premium (for more information on available licenses, see Microsoft 365 licensing)
+          - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
+          - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+          - Windows 10/11 Enterprise E3 or E5 VDA
+          To [activate all Windows Autopatch features](../overview/windows-autopatch-overview.md#features-and-capabilities), you must have Windows 10/11 Enterprise E3+ or F3 (included in Microsoft 365 F3, E3, or E5) licenses. [Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you when you have Windows 10/11 Enterprise E3+ or F3 licenses. For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). The following licenses provide access to the Windows Autopatch features included in Business premium and A3+ licenses and its additional features after you activate Windows Autopatch features:
+          - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+          - Windows 10/11 Enterprise E3 or E5 VDA
       - question: What are the prerequisites for Windows Autopatch?
         answer: |
-          - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client)
-          - [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
-          - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
-          - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
+          - [Microsoft Entra ID](/mem/configmgr/comanage/overview#microsoft-entra-id)(for co-management)
+          - [Microsoft Entra hybrid joined devices](/entra/identity/devices/concept-hybrid-join) or [Microsoft Entra joined devices](/entra/identity/devices/concept-directory-join)
+          - Microsoft Intune (include Configuration Manager 2010 or greater via co-management)
 
           Additional prerequisites for devices managed by Configuration Manager:
 
           - [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements)
           - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions)
           - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.)
-      - question: What are the licensing requirements for Windows Autopatch?
+      - question: What are the Intune permissions needed to operate Windows Autopatch?
         answer: |
-          - Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only) or F3. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
-          - [Azure AD Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) (for co-management)
-          - [Microsoft Intune](/mem/intune/fundamentals/licenses) (includes Configuration Manager 2010 or greater via co-management)
+          You must use the Microsoft Entra Global Administrator role to activate Windows Autopatch features. For registering devices, managing update deployment and reporting tasks, use the Intune Service Administrator role. For more information, see [Built-in roles for device registration](../deploy/windows-autopatch-device-registration-overview.md#built-in-roles-required-for-device-registration).
       - question: Are there hardware requirements for Windows Autopatch?
         answer: |
           No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/whats-new/windows-11-requirements). Windows devices must be supported by your hardware OEM.
   - name: Device registration
-    questions:
-      - question: Can Autopatch customers individually approve or deny devices?
+    questions: 
+      - question: Who can register devices into Windows Autopatch? 
         answer: |
-          No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported.
+          You can only register devices into Windows Autopatch if you have E3+ or F3 licenses and have [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
       - question: Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device?
         answer: |
-          No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
+          No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-azure-virtual-desktop-workloads).
       - question: Do my Cloud PCs appear any differently in the Windows Autopatch admin center?
         answer: |
-          Cloud PC displays the model as the license type you've provisioned. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
+          Cloud PC displays the model as the license type you've provisioned. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-windows-365-enterprise-workloads).
       - question: Can I run Autopatch on my Windows 365 Business Workloads?
         answer: |
-          No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
+          No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-windows-365-enterprise-workloads).
       - question: Can you change the policies and configurations created by Windows Autopatch?
         answer: |
-          No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
+          No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
       - question: How can I represent our organizational structure with our own deployment cadence?
         answer: |
-          [Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).
-  - name: Update management
+          [Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md).
+  - name: Manage updates
     questions:
+      - question: Who can manage updates with activated Windows Autopatch features?
+        answer: | 
+          This only applies if you have E3+ or F3 licenses and have activated Windows Autopatch features. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
       - question: What systems does Windows Autopatch update?
         answer: |
           - Windows 10/11 quality updates: Windows Autopatch manages all aspects of deployment rings.
@@ -91,43 +92,35 @@ sections:
           - Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates.
       - question: What does Windows Autopatch do to ensure updates are done successfully?
         answer: |
-          For Windows quality and feature updates, updates are applied to devices in the Test ring first. The devices are evaluated, and then rolled out to the First, Fast then Broad rings. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.
+          For Windows quality and feature updates, updates are applied to devices in a gradual manner. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.
       - question: What happens if there's an issue with an update?
         answer: |
           Autopatch relies on the following capabilities to help resolve update issues:
-          - Pausing and resuming: For more information about pausing and resuming updates, see [pausing and resuming Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release).
-          - Rollback: For more information about Microsoft 365 Apps for enterprise, see [Update controls for Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls).
+          - Pausing and resuming: For more information about pausing and resuming updates, see [pausing and resuming Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release).
+          - Rollback: For more information about Microsoft 365 Apps for enterprise, see [Update controls for Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls).
       - question: Can I permanently pause a Windows feature update deployment?
         answer: |
-          Yes. Windows Autopatch provides a [permanent pause of a feature update deployment](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release).
+          Yes. Windows Autopatch provides a [permanent pause of a feature update deployment](../manage/windows-autopatch-windows-feature-update-overview.md#pause-and-resume-a-release).
       - question: Will Windows quality updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of updates?
         answer: |
-          For zero-day threats, Autopatch will have an [expedited release cadence](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases). For normal updates Autopatch, uses a [regular release cadence](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) starting with devices in the Test ring and completing with general rollout to the Broad ring.
+          For zero-day threats, Autopatch will have an [Out of Band release](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases). For normal updates Autopatch, uses a [regular release cadence](../manage/windows-autopatch-windows-quality-update-overview.md) starting with devices in the Test ring and completing with general rollout to the Broad ring.
       - question: Can customers configure when to move to the next ring or is it controlled by Windows Autopatch?
         answer: |
           The decision of when to move to the next ring is handled by Windows Autopatch; it isn't customer configurable.
-      - question: Can you customize the scheduling of an update rollout to only install on certain days and times?
-        answer: |
-          No, you can't customize update scheduling. However, you can specify [active hours](../operate/windows-autopatch-windows-quality-update-end-user-exp.md) to prevent users from updating during business hours.
       - question: Does Autopatch support include and exclude groups, or dynamic groups to define deployment ring membership?
         answer: |
-          Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see [Moving devices in between deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings).
+          Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see [Move devices in between deployment rings](../deploy/windows-autopatch-register-devices.md#move-devices-in-between-deployment-rings).
       - question: Does Autopatch have two release cadences per update or are there two release cadences per-ring?
         answer: |
-          The release cadences are defined based on the update type. For example, a [regular cadence](../operate/windows-autopatch-windows-quality-update-overview.md) (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an [expedited release](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) would roll out more rapidly.
+          The release cadences are defined based on the update type. For example, a [regular cadence](../manage/windows-autopatch-windows-quality-update-overview.md) (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an [Out of Band release](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases) would roll out more rapidly.
   - name: Support
     questions:
       - question: What support is available for customers who need help with onboarding to Windows Autopatch?
         answer: |
-          The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see [Microsoft FastTrack for Windows Autopatch](../operate/windows-autopatch-support-request.md#microsoft-fasttrack). When you've onboarded with Windows Autopatch, you can [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team.
+          The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see [Microsoft FastTrack for Windows Autopatch](../manage/windows-autopatch-support-request.md#microsoft-fasttrack). If you have [Windows Enterprise E3+ or E5 licenses](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses) and you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), you can [submit a support request](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team.
       - question: Does Windows Autopatch Support Dual Scan for Windows Update?
         answer: |
           Dual Scan for Windows has been deprecated and replaced with the [scan source policy](/windows/deployment/update/wufb-wsus). Windows Autopatch supports the scan source policy if the Feature updates, and Windows quality updates workloads are configured for Windows update. If Feature and Windows updates are configured for WSUS, it could cause disruptions to the service and your release schedules.
-  - name: Other
-    questions:
-      - question: Are there Autopatch specific APIs or PowerShell scripts available?
-        answer: |
-          Programmatic access to Autopatch isn't currently available.
 additionalContent: |
   ## Additional Content
-  [Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch)
+  [Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
index 6e49a4703c..56b1ee39cf 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
@@ -1,10 +1,10 @@
 ---
 title: What is Windows Autopatch?
 description: Details what the service is and shortcuts to articles.
-ms.date: 08/08/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: overview
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -12,7 +12,6 @@ manager: aaroncz
 ms.collection:
   - highpri
   - tier1
-  - essentials-overview
 ms.reviewer: hathind
 ---
 
@@ -31,43 +30,59 @@ Rather than maintaining complex digital infrastructure, businesses want to focus
 - **Onboard new services**: Windows Autopatch makes it easy to enroll and minimizes the time required from your IT Admins to get started.
 - **Minimize end user disruption**: Windows Autopatch releases updates in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.
 
-Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
+Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge, or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
 
-## Update management
+## Features and capabilities
 
-The goal of Windows Autopatch is to deliver software updates to registered devices; the service frees up IT and minimizes disruptions to your end users. Once a device is registered with the service, Windows Autopatch takes on several areas of management:
+### Business Premium and A3+ licenses
 
-| Management area | Service level objective |
-| ----- | ----- |
-| [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) | Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. |
-| [Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md) | Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates. |
-| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). |
-| [Microsoft Edge](../operate/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
-| [Microsoft Teams](../operate/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
 
-For each management area, there's a set of eligibility requirements that determine if the device receives that specific update. An example of an eligibility criteria is that the device must have access to the required network endpoints for the Windows update. It's your responsibility to ensure that devices are meeting eligibility requirements for each management area.
+The goal of Windows Autopatch is to deliver software updates to registered devices; the service frees up IT and minimizes disruptions to your end users. Once a device is registered with the service, features include:
 
-To determine if we're meeting our service level objectives, all eligible devices are labeled as either "Healthy" or "Unhealthy". Healthy devices are meeting the eligibility requirements for that management area and unhealthy devices aren't. If Windows Autopatch falls below any service level objective for a management area, an incident is raised. Then, we bring the service back into compliance.
+| Features included with Business Premium and A3+ licenses | Description |
+| --- | --- |
+| [Update rings](../manage/windows-autopatch-update-rings.md) | You can manage Update rings for Windows 10 and later devices with Windows Autopatch. For more information, see [Manage Update rings](../manage/windows-autopatch-update-rings.md). |
+| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | With Windows Autopatch, you can manage Windows quality update profiles for Windows 10 and later devices. You can expedite a specific Windows quality update using targeted policies. |
+| [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md) | Windows Autopatch provides tools to assist with the controlled roll out of annual Windows feature updates. |
+| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | You can manage and control your driver and firmware updates with Windows Autopatch.|
+| [Intune reports](/mem/intune/fundamentals/reports) | Use Intune reports to monitor the health and activity of endpoints in your organization.|
 
-Windows Autopatch monitors in-progress updates. Depending on the criticality of the update, the service may decide to expedite the update. If we detect an issue during release, we may pause or roll back the update. Since each management area has a different monitoring and update control capabilities, you review the documentation for each area to familiarize yourself with the service.
+### Windows Enterprise E3+ and F3 licenses
 
-## Messages
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
-To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
+In addition to the features included in [Business Premium and A3+ licenses](#business-premium-and-a3-licenses), if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5), you have access to all of Windows Autopatch features in your tenant when you [activate Windows Autopatch](../prepare/windows-autopatch-feature-activation.md). Windows Autopatch features include:
+
+| Features included in Windows Enterprise E3+ and F3 licenses | Description |
+| --- | --- |
+| [Autopatch groups](../deploy/windows-autopatch-groups-overview.md) | You can manage update deployment based on your audience.<p>An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/entra/fundamentals/groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates policy for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).</p><p>For more information about workloads supported by Autopatch groups, see [Software update workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).</p> |
+| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), Windows Autopatch:<ul><li>Aims to keep at least 95% of [Up to Date devices](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. For more information, see [Windows quality update Service Level Objective](../manage/windows-autopatch-windows-quality-update-overview.md#service-level-objective).</li></ul> |
+| [Multi-phase release policies with feature updates](../manage/windows-autopatch-windows-feature-update-overview.md#multi-phase-feature-update) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), with Windows Autopatch, you can create customizable feature update deployments using multiple phases for your existing Autopatch groups. These phased releases can be tailored to meet your organizational unique needs.|
+| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), with Windows Autopatch, you can:<ul><li>Choose to receive driver and firmware updates automatically, or self-manage the deployment</li><li>Control the flow of all drivers to an Autopatch group or rings within an Autopatch group</li><li>Control the flow of a specific driver or firmware across your entire tenant via approvals</li><li>Approve and deploy [other drivers and firmware](../manage/windows-autopatch-manage-driver-and-firmware-updates.md#other-drivers-and-firmware) that previously couldn’t be centrally managed</li></ul> |
+| [Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). |
+| [Microsoft Edge updates](../manage/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
+| [Microsoft Teams updates](../manage/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
+| [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md) | When Windows Autopatch detects policies in the tenant are either missing or modified that affects the service, Windows Autopatch raises alerts and detailed recommended actions to ensure healthy operation of the service. |
+| Enhanced [Windows quality and feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md) and [device alerts](../monitor/windows-autopatch-device-alerts.md) | Using Windows quality and feature update reports, you can monitor and remediate Windows Autopatch managed devices that are Not up to Date and resolve any device alerts to bring Windows Autopatch managed devices back into compliance. |
+| [Submit support requests](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team | When you activate additional Autopatch features, you can submit, manage, and edit support requests. |
+
+## Communications
+
+### [Business Premium and A3+](#tab/business-premium-a3-communications)
+
+To stay informed of new and changed features and other announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-communications)
+
+To stay informed of upcoming changes, including new and changed features, planned maintenance, release and status communications, or other important announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
+
+---
 
 ## Accessibility
 
 Microsoft remains committed to the security of your data and the [accessibility](https://www.microsoft.com/trust-center/compliance/accessibility) of our services. For more information, see the [Microsoft Trust Center](https://www.microsoft.com/trust-center) and the [Office Accessibility Center](https://support.office.com/article/ecab0fcf-d143-4fe8-a2ff-6cd596bddc6d).
 
-## Need more details?
-
-| Area | Description |
-| ----- | ----- |
-| Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>[Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</ul> |
-| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md)</li></ul> |
-| Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-groups-update-management.md)</li><li>[Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Exclude a device](../operate/windows-autopatch-exclude-device.md)</li></ul>
-| References | This section includes the following articles:<ul><li>[Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md)<li>[Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li></ul> |
-
-### Have feedback or would like to start a discussion?
+## Have feedback or would like to start a discussion?
 
 You can [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch).
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
index 4ef883d665..e0b6c63247 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
@@ -1,10 +1,10 @@
 ---
 title: Privacy
 description: This article provides details about the data platform and privacy compliance for Autopatch
-ms.date: 09/13/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: reference
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -13,107 +13,156 @@ ms.reviewer: hathind
 ms.collection:
   - highpri
   - tier1
-  - essentials-privacy
 ---
 
 # Privacy
 
-Windows Autopatch is a cloud service for enterprise customers designed to keep employees' Windows devices updated. This article provides details about data platform and privacy compliance for Windows Autopatch.
+Windows Autopatch is a cloud service for enterprise customers designed to keep Windows devices updated. This article provides details about data platform and privacy compliance for Windows Autopatch.
 
 ## Windows Autopatch data sources and purpose
 
-Windows Autopatch provides its service to enterprise customers, and properly administers customers' enrolled devices by using data from various sources.
+Autopatch collects and stores data according to the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=521839).
+
+### [Business Premium and A3+](#tab/data-sources-forbusiness-premium-a3-data-sources)
+
+Data provided by the customer or generated by the service during normal operation is stored. For example, when a device is targeted with a policy, information is stored enabling the service to deliver content to targeted devices.
+
+Business Premium and A3+ licenses require the use of Windows Diagnostic data. For more information, see [Diagnostic data in Windows Autopatch](#microsoft-windows-1011-diagnostic-data).
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-sources)
+
+When you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), data from various sources is used to properly administer enrolled devices and monitor that the service is working properly.
 
 The sources include Microsoft Entra ID, Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages.
 
 | Data source | Purpose |
-| ------ | ------ |
+| ---- | ---- |
 | [Microsoft Windows 10/11 Enterprise](/windows/windows-10/) | Management of device setup experience, managing connections to other services, and operational support for IT pros. |
 | [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) | Uses Windows 10/11 Enterprise diagnostic data to provide additional information on Windows 10/11 update. |
-| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | Device management and to keep your data secure. The following endpoint management data sources are used:<br><ul><li>[Microsoft Entra ID](/azure/active-directory/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul>
+| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | Device management and to keep your data secure. The following endpoint management data sources are used:<br><ul><li>[Microsoft Entra ID](/entra/identity/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul> |
 | [Windows Autopatch](https://go.microsoft.com/fwlink/?linkid=2109431) | Data provided by the customer or generated by the service during running of the service. |
 | [Microsoft 365 Apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)| Management of Microsoft 365 Apps. |
 
+---
+
 ## Windows Autopatch data process and storage
 
-Windows Autopatch relies on data from multiple Microsoft products and services to provide its service to enterprise customers.
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
 
+Windows Autopatch relies on data from multiple Microsoft products and services to provide its service to enterprise customers.
 To protect and maintain enrolled devices, we process and copy data from these services to Windows Autopatch. When we process data, we follow the documented directions you provide as referenced in the [Online Services Terms](https://www.microsoft.com/licensing/product-licensing/products) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
 
 Processor duties of Windows Autopatch include ensuring appropriate confidentiality, security, and resilience. Windows Autopatch employs additional privacy and security measures to ensure proper handling of personal identifiable data.
 
 ## Windows Autopatch data storage and staff location
 
-Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
-
-> [!IMPORTANT]
-> <ul><li>As of November 8, 2022, only <b>new</b> Windows Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.</li><li>Existing European Union (EU) Windows Autopatch customers will move from the North American data centers to the European data centers by the end of 2022.</li><li>If you're an existing Windows Autopatch customer, but <b>not</b> part of the European Union, data migration from North America to your respective data residency will occur next year.</li></ul>
-
 Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview).
 
-Windows Autopatch Service Engineering Team is in the United States, India and Romania.
+### [Business Premium and A3+](#tab/business-premium-a3-data-storage)
+
+Data stored in this part of the service is stored only in two regions, either Azure’s north American data centers or its European ones.
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-storage)
+
+Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
+
+The Windows Autopatch Service Engineering Team is in the United States, India, and Romania.
+
+---
 
 ## Microsoft Windows 10/11 diagnostic data
 
-Windows Autopatch uses [Windows 10/11 Enhanced diagnostic data](/windows/privacy/windows-diagnostic-data) to keep Windows secure, up to date, fix problems, and make product improvements.
+Windows Autopatch uses Windows diagnostic data to keep Windows secure, up to date, fix problems, and make product improvements. Learn more about configuring diagnostic data for your organization in Intune.
 
-The enhanced diagnostic data setting includes more detailed information about the devices enrolled in Windows Autopatch and their settings, capabilities, and device health. When enhanced diagnostic data is selected, data, including required diagnostic data, are collected. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection) about the Windows 10/11 diagnostic data setting and data collection.
+### [Business Premium and A3+](#tab/business-premium-a3-diagnostic-data)
 
-The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. The diagnostic level will change to **Optional**, but Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection).
+To take advantage of the unique deployment scheduling controls and protections tailored to your population and to [deploy driver updates](/windows/deployment/update/deployment-service-drivers), devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the *Required* level for these features.
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-diagnostic-data)
+
+When you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), Windows Autopatch creates the “Windows Autopatch – Data Collection Policy” and assigns it to enrolled devices. This policy configures the following settings:
+
+| Setting | Value | Description |
+| --- | --- | --- |
+| Allow telemetry | Optional. This value was previously named “**Full**” for Windows 10 devices. For more information, see [Changes to Windows diagnostic data collection](/previous-versions/windows/it-pro/privacy/changes-to-windows-diagnostic-data-collection). | Allow the device to send diagnostic and usage telemetry data, such as Watson. For more information about diagnostic data, including what is and what isn't collected by Windows, see [diagnostic data settings](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings). |
+| Limit Diagnostic Log Collection | Enabled | This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. |
+| Limit Dump Collection | Enabled | This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data. By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. |
+| Limit Enhanced Diagnostic Data Windows Analytics | Enabled | This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. |
+| Allow Windows Autopatch Processing | Allowed | Allows diagnostic data from this device to be processed by Windows Autopatch. |
 
 Windows Autopatch only processes and stores system-level data from Windows 10/11 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data.
 
-For more information about the diagnostic data collection of Microsoft Windows 10/11, see the [Where we store and process data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement.
+For more information about the diagnostic data collection of Microsoft Windows 10/11, see the [Where we store and process data section](https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule) of the Microsoft Privacy Statement.
 
 For more information about how Windows diagnostic data is used, see:
 
 - [Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration)
 - [Features that require Windows diagnostic data](/mem/intune/protect/data-enable-windows-data)
 
+---
+
 ## Tenant access
 
-For more information about tenant access and changes made to your tenant upon enrolling into Windows Autopatch, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
+### [Business Premium and A3+](#tab/business-premium-a3-tenant-access)
 
-### Service accounts
+[!INCLUDE [windows-autopatch-business-premium-a3-licenses](../includes/windows-autopatch-business-premium-a3-licenses.md)]
 
-> [!IMPORTANT]
-> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [enterprise application](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](windows-autopatch-privacy.md#service-accounts), you must take action. To take action or see if you need to take action, visit the [Tenant management blade](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) in the Windows Autopatch portal.
+### [Windows Enterprise E3+ and F3 licenses](#tab/windows-enterprise-e3-f3-tenant-access)
 
-Windows Autopatch creates and uses guest accounts using just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts.
+For more information about tenant access and changes made to your tenant upon activating Windows Autopatch features, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
 
-| Account name | Usage | Mitigating controls |
-| ----- | ----- | -----|
-| MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.</li><li>This account doesn't have interactive sign-in permissions. The account performs operations only through the service.</li></ul> | Audited sign-ins |
-| MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer's tenant.</li><li>The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li></ul> |
-| MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
+---
 
-## Microsoft Windows Update for Business
+## Microsoft Windows Update for Business Reports
 
-Microsoft Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. Windows Autopatch uses this data and uses it to mitigate, and resolve problems to ensure that all registered devices are up to date based on a predefined update cadence.
+### [Business Premium and A3+](#tab/business-premium-a3-wufb-reports)
 
-<a name='microsoft-azure-active-directory'></a>
+If you have Business Premium and A3+ licenses, when you use [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), using diagnostic data at the following levels allows device names to appear in reporting:
+
+- *Optional* level (previously Full) for Windows 11 devices
+- *Enhanced* level for Windows 10 devices
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-wufb-reports)
+
+Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. When you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), this data is used to deliver reports and confirm that registered devices are up to date.
+
+---
 
 ## Microsoft Entra ID
 
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
 Identifying data used by Windows Autopatch is stored by Microsoft Entra ID in a geographical location. The geographical location is based on the location provided by the organization upon subscribing to Microsoft online services, such as Microsoft Apps for Enterprise and Azure. For more information on where your Microsoft Entra data is located, see [Microsoft Entra ID - Where is your data located?](https://msit.powerbi.com/view?r=eyJrIjoiODdjOWViZDctMWRhZS00ODUzLWI4MmQtNWM5NjBkZTBkNjFlIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9)
 
 ## Microsoft Intune
 
-Microsoft Intune collects, processes, and shares data to Windows Autopatch to support business operations and services. For more information about the data collected in Intune, see [Data collection in Intune](/mem/intune/protect/privacy-data-collect)
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+Microsoft Intune collects, processes, and shares data to Windows Autopatch to support business operations and services. For more information about the data collected in Intune, see [Data collection in Intune](/mem/intune/protect/privacy-data-collect).
 
 For more information on Microsoft Intune data locations, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations). Intune respects the storage location selections made by the administrator for customer data.
 
 ## Microsoft 365 Apps for enterprise
 
-Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatch to ensure those apps are up to date with the latest version. These updates are based on predefined update channels managed by Windows Autopatch. For more information on Microsoft 365 Apps's data collection and storage locations, see [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/security/defender-endpoint/data-storage-privacy#what-data-does-microsoft-defender-atp-collect).
+### [Business Premium and A3+](#tab/business-premium-a3-microsoft-365)
+
+Microsoft 365 Apps for enterprise only collects and shares data with Windows Autopatch when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). Windows Autopatch ensure those apps are up to date with the latest version.
+
+To use Windows Autopatch features, you must have the correct Enterprise license(s) and [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). For more information about Enterprise licenses and the prerequisites, see [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md). For more information about features and capabilities, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-microsoft-365)
+
+Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatch to ensure those apps are up to date with the latest version. These updates are based on predefined update channels managed by Windows Autopatch. For more information on Microsoft 365 Apps's data collection and storage locations, see [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/enterprise/o365-data-locations).
+
+---
 
 ## Major data change notification
 
-Windows Autopatch follows a change control process as outlined in our service communication framework.
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
 
 We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center about security incidents and major changes to the service.
 
-Changes to the types of data gathered and where it's stored are considered a material change. We'll provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
+Changes to the types of data gathered and storage are considered a material change. We provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
 
 ## Data subject requests
 
@@ -129,23 +178,31 @@ These rights include:
 
 For more general information about Data Subject Requests (DSRs), see [Data Subject Requests and the GDPR and CCPA](/compliance/regulatory/gdpr-data-subject-requests).
 
-To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
+### [Business Premium and A3+](#tab/business-premium-a3-data-subjects)
 
-| Data subject requests | Description |
-| ------ | ------ |
-| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request at the [admin center](https://aka.ms/memadmin). <br><br> Provide the following information: <ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or user names.</li></ul> |
-
-For DSRs from other products related to the service, see the following articles:
+For Data Subject Requests from other products related to the service, see the following articles:
 
 - [Windows diagnostic data](/compliance/regulatory/gdpr-dsr-windows)
 - [Microsoft Intune data](/compliance/regulatory/gdpr-dsr-intune)
 - [Microsoft Entra data](/compliance/regulatory/gdpr-dsr-azure)
 
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-subjects)
+
+To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
+
+| Data subject requests | Description |
+| --- | --- |
+| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request in the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Provide the following information:<ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or usernames</li></ul> |
+
+---
+
 ## Legal
 
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
 The following is Microsoft's privacy notice to end users of products provided by organizational customers.
 
 The [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) notifies end users that when they sign into Microsoft products with a work account:
 
 1. Their organization can control and administer their account (including controlling privacy-related settings), and access and process their data.
-2. Microsoft may collect and process the data to provide the service to the organization and end users.
+2. Microsoft might collect and process the data to provide the service to the organization and end users.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
index f2217c4b0c..47ec915cf2 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
@@ -1,10 +1,10 @@
 ---
 title: Roles and responsibilities
 description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do
-ms.date: 08/31/2023
+ms.date: 07/08/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -19,9 +19,9 @@ ms.collection:
 
 This article outlines your responsibilities and Windows Autopatch's responsibilities when:
 
-- [Preparing to enroll into the Windows Autopatch service](#prepare)
+- [Preparing to activate Windows Autopatch features](#prepare)
 - [Deploying the service](#deploy)
-- [Operating with the service](#operate)
+- [Operating with the service](#manage)
 
 ## Prepare
 
@@ -31,12 +31,11 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
 | Review the [FAQ](../overview/windows-autopatch-faq.yml) | :heavy_check_mark: | :x: |
 | [Review the service data platform and privacy compliance details](../overview/windows-autopatch-privacy.md) | :heavy_check_mark: | :x: |
 | Consult the [Deployment guide](../overview/windows-autopatch-deployment-guide.md) | :heavy_check_mark: | :x: |
-| Ensure device [prerequisites](../prepare/windows-autopatch-prerequisites.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
-| Ensure [infrastructure and environment prerequisites](../prepare/windows-autopatch-configure-network.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
+| Ensure device [prerequisites](../prepare/windows-autopatch-prerequisites.md) are met and in place prior to feature activation | :heavy_check_mark: | :x: |
+| Ensure [infrastructure and environment prerequisites](../prepare/windows-autopatch-configure-network.md) are met and in place before feature activation | :heavy_check_mark: | :x: |
 | Prepare to remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
 | [Configure required network endpoints](../prepare/windows-autopatch-configure-network.md#required-microsoft-product-endpoints) | :heavy_check_mark: | :x: |
-| [Enroll tenant into the Windows Autopatch service](../prepare/windows-autopatch-enroll-tenant.md)<ul><li>[Fix issues identified by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>If required, [submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md)</li></ul> | :heavy_check_mark: | :x: |
-| [Manage and respond to tenant enrollment support requests](../prepare/windows-autopatch-enrollment-support-request.md) | :x: | :heavy_check_mark: |
+| [Activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md) | :heavy_check_mark: | :x: |
 | Identify stakeholders for deployment communications | :heavy_check_mark: | :x: |
 
 For more information and assistance with preparing for your Windows Autopatch deployment journey, see [Need additional guidance](../overview/windows-autopatch-deployment-guide.md#need-additional-guidance).
@@ -46,57 +45,54 @@ For more information and assistance with preparing for your Windows Autopatch de
 | Task | Your responsibility | Windows Autopatch |
 | ----- | :-----: | :-----: |
 | [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Intune |  :heavy_check_mark: | :x: |
-| [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: |
-| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Edge end user experience](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
+| [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-made-at-feature-activation.md) | :x: | :heavy_check_mark: |
+| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../manage/windows-autopatch-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../manage/windows-autopatch-manage-windows-feature-update-releases.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Edge end user experience](../manage/windows-autopatch-edge.md)</li><li>[Microsoft Teams end user experience](../manage/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
 | Review network optimization<ul><li>[Prepare your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization) | :heavy_check_mark: | :x: |
 | Review existing configurations<ul><li>Remove your devices from existing unsupported [Windows Update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li><li>Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)</li></ul>|  :heavy_check_mark: | :x: |
-| Confirm your update service needs and configure your workloads<ul><li>[Turn on or off expedited Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases)</li><li>[Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)</li><li>[Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../operate/windows-autopatch-windows-update.md)</li><li>Decide your [Windows feature update versions(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li></ul>| :heavy_check_mark: | :x: |
-| [Consider your Autopatch groups distribution](../deploy/windows-autopatch-groups-overview.md)<ul><li>[Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| Confirm your update service needs and configure your workloads<ul><li>[Allow or block Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)</li><li>[Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../manage/windows-autopatch-customize-windows-update-settings.md)</li><li>Decide your [Windows feature update versions(s)](../manage/windows-autopatch-windows-feature-update-overview.md)</li></ul>| :heavy_check_mark: | :x: |
+| [Consider your Autopatch groups distribution](../deploy/windows-autopatch-groups-overview.md)<ul><li>[Create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group)</li></ul> | :heavy_check_mark: | :x: |
 | [Register devices](../deploy/windows-autopatch-register-devices.md)<ul><li>[Review your device registration options](../deploy/windows-autopatch-device-registration-overview.md)</li><li>[Register your first devices](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: |
-| [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
-| Automatically assign devices to deployment rings at device registration<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul>| :x: | :heavy_check_mark: |
-| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices with conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | :heavy_check_mark: | :x: |
-| Populate the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
-| [Manually override device assignments to deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
-| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| [Review devices report](../deploy/windows-autopatch-register-devices.md#devices-report) | :x: | :heavy_check_mark: |
+| Automatically assign devices to deployment rings at device registration<ul><li>[Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#autopatch-group-deployment-rings)</li></ul>| :x: | :heavy_check_mark: |
+| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#devices-blade-registered-and-not-registered-tabs)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#devices-blade-registered-and-not-registered-tabs)</li><li>[For devices with conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | :heavy_check_mark: | :x: |
+| Populate the Test and Last deployment ring membership<ul><li>[Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#autopatch-group-deployment-rings)</li></ul> | :heavy_check_mark: | :x: |
+| [Manually override device assignments to deployment rings](../deploy/windows-autopatch-register-devices.md#move-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
+| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
 | Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: |
 
-## Operate
+## Manage
 
 | Task | Your responsibility | Windows Autopatch |
 | ----- | :-----: | :-----: |
 | [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
-| [Maintain and manage the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
-| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
-| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
-| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> |  :heavy_check_mark: | :x: |
-| Maintain the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
-| Monitor [Windows update signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md) for safe update release<ul><li>[Pre-release signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#pre-release-signals)</li><li>[Early signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#early-signals)</li><li>[Device reliability signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#device-reliability-signals)</li></ul> | :x: | :heavy_check_mark: |
-| Test specific [business update scenarios](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
-| [Define and implement service default release schedule](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
-| Maintain your workload configuration and custom release schedule<ul><li>[Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md)</li><li>[Decide your Windows feature update version(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li></ul> | :heavy_check_mark: | :x: |
-| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: |
-| Release updates (as scheduled)<ul><li>[Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management)</li><li>[Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
-| [Release updates (expedited)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: |
-| [Release updates (OOB)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#out-of-band-releases) | :x: | :heavy_check_mark: |
-| [Deploy updates to devices](../operate/windows-autopatch-groups-update-management.md) | :x: | :heavy_check_mark: |
-| Monitor [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management) or [feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: |
-| Review [release announcements](../operate/windows-autopatch-groups-windows-quality-update-overview.md#) | :heavy_check_mark: | :x: |
-| Review deployment progress using Windows Autopatch reports<ul><li>[Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li></ul> | :heavy_check_mark: | :x: |
-| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :x: | :heavy_check_mark: |
-| [Pause updates (initiated by you)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: |
-| Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: |
+| [Maintain and manage the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
+| [Maintain customer configuration to align with the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
+| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li></ul> | :x: | :heavy_check_mark: |
+| Resolve remediated device conflict scenarios<ul><li>[Device conflict across different Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li><li>[Device conflict prior to device registration](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-before-device-registration)</li></ul> |  :heavy_check_mark: | :x: |
+| Maintain the Test and Last deployment ring membership<ul><li>[Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#autopatch-group-deployment-rings)</li></ul> | :heavy_check_mark: | :x: |
+| [Define and implement service default release schedule](../manage/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
+| Maintain your workload configuration and custom release schedule<ul><li>[Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../manage/windows-autopatch-customize-windows-update-settings.md)</li><li>[Decide your Windows feature update version(s)](../manage/windows-autopatch-windows-feature-update-overview.md)</li></ul> | :heavy_check_mark: | :x: |
+| Communicate the update [release schedule](../manage/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: |
+| Release updates (as scheduled)<ul><li>[Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)</li><li>[Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../manage/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../manage/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
+| [Release updates](../manage/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
+| [Release updates (OOB)](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases) | :x: | :heavy_check_mark: |
+| Deploy updates to devices | :x: | :heavy_check_mark: |
+| Monitor [Windows quality](../manage/windows-autopatch-windows-quality-update-overview.md) or [feature updates](../manage/windows-autopatch-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: |
+| Review [release announcements](../manage/windows-autopatch-windows-quality-update-overview.md#) | :heavy_check_mark: | :x: |
+| Review deployment progress using Windows Autopatch reports<ul><li>[Windows quality update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li></ul> | :heavy_check_mark: | :x: |
+| [Pause updates (initiated by you)](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: |
+| Run [ongoing post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: |
 | Maintain existing configurations<ul><li>Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li><li>Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)</ul> | :heavy_check_mark: | :x: |
-| Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are<ul><li>[Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)</li><li>[Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)</li><li>have [Device alerts](../operate/windows-autopatch-device-alerts.md)</li><li>have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul>
-| [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: |
-| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: |
-| [Register a device that was previously excluded](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: |
-| [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: |
-| [Remove Windows Autopatch data from the service and exclude devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: |
-| [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: |
-| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
-| Highlight Windows Autopatch management alerts that require customer action<ul><li>[Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :x: | :heavy_check_mark: |
-| Review and respond to Windows Autopatch management alerts<ul><li>[Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :heavy_check_mark: | :x: |
-| [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |
-| [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: |
-| Review the [What's new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
+| Understand the health of [Up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are<ul><li>[Not up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)</li><li>[Not ready](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)</li><li>have [Device alerts](../monitor/windows-autopatch-device-alerts.md)</li><li>have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | | |
+| [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](../manage/windows-autopatch-support-request.md) | :x: | :heavy_check_mark: |
+| [Exclude a device](../manage/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: |
+| [Register a device that was previously excluded](../manage/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: |
+| [Request deactivation from Windows Autopatch](../manage/windows-autopatch-feature-deactivation.md) | :heavy_check_mark: | :x: |
+| [Remove Windows Autopatch data from the service and exclude devices](../manage/windows-autopatch-feature-deactivation.md#microsofts-responsibilities-during-deactivation) | :x: | :heavy_check_mark: |
+| [Maintain update configuration & update devices post deactivation from Windows Autopatch](../manage/windows-autopatch-feature-deactivation.md#your-responsibilities-after-deactivating-windows-autopatch-features) | :heavy_check_mark: | :x: |
+| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../manage/windows-autopatch-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
+| Highlight Windows Autopatch management alerts that require customer action<ul><li>[Tenant management alerts](../monitor/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :x: | :heavy_check_mark: |
+| Review and respond to Windows Autopatch management alerts<ul><li>[Tenant management alerts](../monitor/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :heavy_check_mark: | :x: |
+| [Raise and respond to support requests](../manage/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |
+| [Manage and respond to support requests](../manage/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: |
+| Review the [What's new](../whats-new/windows-autopatch-whats-new-2024.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
index 2633222ae7..77fb2d0c6b 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
@@ -1,9 +1,9 @@
 ---
 title: Configure your network
 description: This article details the network configurations needed for Windows Autopatch
-ms.date: 09/15/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
@@ -18,40 +18,60 @@ ms.collection:
 
 ## Proxy configuration
 
-Windows Autopatch is a cloud service. There's a set of endpoints that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service.
-
-You can optimize their network by sending all trusted Microsoft 365 network requests directly through their firewall or proxy to bypass authentication, and all additional packet-level inspection or processing. This process reduces latency and your perimeter capacity requirements.
-
-## Proxy requirements
+### Proxy requirements
 
 The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.
 
-### Required Windows Autopatch endpoints for proxy and firewall rules
-
-The following URLs must be on the allowed list of your proxy and firewall so that Windows Autopatch devices can communicate with Microsoft services.
-
-The Windows Autopatch URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network.
-
-| Microsoft service | URLs required on allowlist |
-| ----- | ----- |
-| Windows Autopatch | <ul><li>mmdcustomer.microsoft.com</li><li>mmdls.microsoft.com</li><li>logcollection.mmd.microsoft.com</li><li>support.mmd.microsoft.com</li></ul>|
-
 ### Required Microsoft product endpoints
 
 There are URLs from several Microsoft products that must be in the allowed list so that Windows Autopatch devices can communicate with those Microsoft services. Use the links to see the complete list for each product.
 
+#### [Business Premium and A3+](#tab/business-premium-and-a3-licenses-required-microsoft-endpoints)
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+| Microsoft service | URLs required on Allowlist |
+| ----- | ----- |
+| Microsoft Entra ID | [Hybrid identity required ports and protocols](/azure/active-directory/hybrid/reference-connect-ports)<p><p>[Active Directory and Active Directory Domain Services Port Requirements](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10))</p> |
+| Microsoft Intune | [Intune network configuration requirements](/intune/network-bandwidth-use)<p><p>[Network endpoints for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)</p> |
+| Windows Update for Business (WUfB) | [Windows Update for Business firewall and proxy requirements](https://support.microsoft.com/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p) |
+
+#### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-and-f3-licenses-required-microsoft-endpoints)
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+In addition to the Microsoft Entra ID, Intune and Windows Update for Business endpoints listed in the Business Premium and A3+ licenses section, the following endpoints apply to Windows E3+ and F3 licenses that have [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). There are URLs from several Microsoft products that must be in the allowed list so that devices can communicate with Windows Autopatch. Use the links to see the complete list for each product.
+
 | Microsoft service | URLs required on Allowlist |
 | ----- | ----- |
 | Windows 10/11 Enterprise including Windows Update for Business | [Manage connection endpoints for Windows 10 Enterprise, version 1909](/windows/privacy/manage-windows-1909-endpoints)<p><p>[Manage connection endpoints for Windows 10 Enterprise, version 2004](/windows/privacy/manage-windows-2004-endpoints)</p><p>[Connection endpoints for Windows 10 Enterprise, version 20H2](/windows/privacy/manage-windows-20h2-endpoints)</p><p>[Manage connection endpoints for Windows 10 Enterprise, version 21H1](/windows/privacy/manage-windows-21h1-endpoints)</p><p>[Manage connection endpoints for Windows 10 Enterprise, version 21H2](/windows/privacy/manage-windows-21h2-endpoints)</p><p>[Manage connection endpoints for Windows 11 Enterprise](/windows/privacy/manage-windows-11-endpoints)</p>|
 | Microsoft 365 | [Microsoft 365 URL and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide&preserve-view=true) |
-| Microsoft Entra ID | [Hybrid identity required ports and protocols](/azure/active-directory/hybrid/reference-connect-ports)<p><p>[Active Directory and Active Directory Domain Services Port Requirements](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10))</p> |
-| Microsoft Intune | [Intune network configuration requirements](/intune/network-bandwidth-use)<p><p>[Network endpoints for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)</p>
 | Microsoft Edge | [Allowlist for Microsoft Edge Endpoints](/deployedge/microsoft-edge-security-endpoints) |
 | Microsoft Teams | [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) |
-| Windows Update for Business (WUfB) | [Windows Update for Business firewall and proxy requirements](https://support.microsoft.com/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p)
 
-### Delivery Optimization
+---
+
+### Required Windows Autopatch endpoints for proxy and firewall rules
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Windows Autopatch is a cloud service. There's a set of endpoints that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service.
+
+You can optimize your network by sending all trusted Microsoft 365 network requests directly through your firewall or proxy to bypass authentication, and all additional packet-level inspection or processing. This process reduces latency and your perimeter capacity requirements.
+
+The following URLs must be on the allowed list of your proxy and firewall so that Windows Autopatch devices can communicate with Microsoft services. The Windows Autopatch URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network
+
+| Microsoft service | URLs required on allowlist |
+| ----- | ----- |
+| Windows Autopatch | <ul><li>mmdcustomer.microsoft.com</li><li>mmdls.microsoft.com</li><li>logcollection.mmd.microsoft.com</li><li>support.mmd.microsoft.com</li></ul>|
+
+## Delivery Optimization
+
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
 
 Delivery Optimization is a peer-to-peer distribution technology available in Windows 10 and Windows 11 that allows devices to share content, such as updates, that the devices downloaded from Microsoft over the internet. Delivery Optimization can help reduce network bandwidth because the device can get portions of the update from another device on the same local network instead of having to download the update completely from Microsoft.
 
-Windows Autopatch supports and recommends you configure and validate Delivery Optimization when you enroll into the Window Autopatch service. For more information, see [What is Delivery Optimization?](/windows/deployment/do/waas-delivery-optimization)
+For more information, see [What is Delivery Optimization?](/windows/deployment/do/waas-delivery-optimization)
+
+> [!TIP]
+> **It's recommended to configure and validate Delivery Optimization when you [activate Window Autopatch features](../prepare/windows-autopatch-feature-activation.md)**. This only applies if you have Windows Enterprise E3+ and F3 licenses.
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
deleted file mode 100644
index b24d784042..0000000000
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ /dev/null
@@ -1,123 +0,0 @@
----
-title: Enroll your tenant
-description: This article details how to enroll your tenant
-ms.date: 09/15/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Enroll your tenant
-
-Before you enroll in Windows Autopatch, there are settings, and other parameters you must set ahead of time.
-
-> [!IMPORTANT]
-> You must be a Global Administrator to enroll your tenant.
-
-The Readiness assessment tool, accessed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.
-
-## Step 1: Review all prerequisites
-
-To start using the Windows Autopatch service, ensure you meet the [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md).
-
-## Step 2: Run the Readiness assessment tool
-
-> [!IMPORTANT]
-> The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the  tool again.
-
-The Readiness assessment tool checks the settings in [Microsoft Intune](#microsoft-intune-settings) and [Microsoft Entra ID](#azure-active-directory-settings) (Microsoft Entra ID) to ensure the settings work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
-
-**To access and run the Readiness assessment tool:**
-
-> [!IMPORTANT]
-> You must be a Global Administrator to run the Readiness assessment tool.
-
-1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. In the left pane, select Tenant administration and then navigate to Windows Autopatch > **Tenant enrollment**.
-
-> [!IMPORTANT]
-> All Intune customers can see the Windows Autopatch Tenant enrollment blade. However, if you don't meet the prerequisites or have the proper licensing, you won't be able to enroll into the Windows Autopatch service. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md#more-about-licenses).
-
-The Readiness assessment tool checks the following settings:
-
-### Microsoft Intune settings
-
-The following are the Microsoft Intune settings:
-
-| Check | Description |
-| ----- | ----- |
-| Deployment rings for Windows 10 or later | Verifies that Intune's deployment rings for Windows 10 or later policy doesn't target all users or all devices. Policies of this type shouldn't target any Windows Autopatch devices. For more information, see [Configure deployment rings for Windows 10 and later in Intune](/mem/intune/protect/windows-10-update-rings). |
-
-<a name='azure-active-directory-settings'></a>
-
-### Microsoft Entra settings
-
-The following are the Microsoft Entra settings:
-
-| Check | Description |
-| ----- | ----- |
-| Co-management |  This advisory check only applies if co-management is applied to your tenant. This check ensures that the proper workloads are in place for Windows Autopatch. If co-management doesn't apply to your tenant, this check can be safely disregarded, and won't block device deployment. |
-| Licenses | Checks that you've obtained the necessary [licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). |
-
-### Check results
-
-For each check, the tool reports one of four possible results:
-
-| Result | Meaning |
-| ----- | ----- |
-| Ready | No action is required before completing enrollment. |
-| Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
-| Not ready | You must fix these issues before enrollment. You can't enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
-| Error | The Microsoft Entra role you're using doesn't have sufficient permissions to run this check. |
-
-## Step 3: Fix issues with your tenant
-
-If the Readiness assessment tool is displaying issues with your tenant, see [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) for more information on how to remediate.
-
-## Step 4: Enroll your tenant
-
-> [!IMPORTANT]
-> You must be a Global Administrator to enroll your tenant.
-
-Once the Readiness assessment tool provides you with a "Ready" result, you're ready to enroll!
-
-**To enroll your tenant:**
-
-Within the Readiness assessment tool, you can see the **Enroll** button. By selecting **Enroll**, you start the enrollment process of your tenant into the Windows Autopatch service. During the enrollment workflow, you see the following:
-
-- Consent workflow to manage your tenant.
-- Provide Windows Autopatch with IT admin contacts.
-- Setup of the Windows Autopatch service on your tenant. This step is where we create the policies, groups and accounts necessary to run the service.
-
-Once these actions are complete, you've now successfully enrolled your tenant.
-
-> [!NOTE]
-> For more information about changes made to your tenant, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
-
-### Delete data collected from the Readiness assessment tool
-
-You can choose to delete the data we collect directly within the Readiness assessment tool.
-
-Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Microsoft Entra organization (tenant). After 12 months, we retain the data in a deidentified form.
-
-> [!NOTE]
-> Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data.
-
-**To delete the data we collect:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Navigate to Windows Autopatch > **Tenant enrollment**.
-3. Select **Delete all data**.
-
-## Next steps
-
-1. Maintain your [Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md).
-1. Ensure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md) before you [register your devices](../deploy/windows-autopatch-register-devices.md).
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
deleted file mode 100644
index c349ad620f..0000000000
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: Submit a tenant enrollment support request
-description: This article details how to submit a tenant enrollment support request
-ms.date: 09/13/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - tier2
----
-
-# Submit a tenant enrollment support request
-
-If you need more assistance with tenant enrollment, you can submit support requests to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool.
-
-> [!NOTE]
-> After you've successfully enrolled your tenant, this feature will no longer be accessible. You must [submit a support request through the Tenant administration menu](../operate/windows-autopatch-support-request.md).
-
-**To submit a new tenant enrollment support request:**
-
-1. Go to Management settings > View details > select a **readiness check result**. The **Contact Support** button will be available below remediation instructions in the fly-in-pane.
-2. Enter your question(s) and/or a description of the issue.
-3. Enter your primary contact information. Windows Autopatch will work directly with the contact listed to resolve the support request.
-4. Review all the information for accuracy.
-5. Select **Create**.
-
-## Manage an active tenant enrollment support request
-
-The primary contact for the support request will receive email notifications when a case is created, assigned to a service engineer to investigate, and mitigated.
-
-If you have a question about the case, the best way to get in touch is to reply directly to one of the emails. If we have questions about your request or need more details, we'll email the primary contact listed in the support request.
-
-**To view all your active tenant enrollment support requests:**
-
-1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
-1. In the **Windows Autopatch** section, select **Tenant Enrollment**.
-1. Select the **Support history** tab. You can view the list of all support cases, or select an individual case to view the details.
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation.md
new file mode 100644
index 0000000000..53e7ddc90a
--- /dev/null
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation.md
@@ -0,0 +1,52 @@
+---
+title: Start using Windows Autopatch
+description: This article details how to activate Autopatch features
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Start using Windows Autopatch
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+Before you begin the process of deploying updates with Windows Autopatch, ensure you meet the [prerequisites](../prepare/windows-autopatch-prerequisites.md).
+
+Once you're ready to deploy updates to your devices, you can either use Microsoft Intune or Microsoft Graph to manage updates with Windows Autopatch.
+
+## Use Microsoft Intune for Windows Autopatch
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. In the left pane, select **Devices** and then navigate to **Manage updates** > **Windows updates**.
+
+To start using the service, you must create an update policy owned by Windows Autopatch. The update policy can be one of the following:
+
+- [Update rings](../manage/windows-autopatch-update-rings.md)
+- [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md)
+- [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)
+- [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
+
+Once a device or Microsoft Entra device group is associated with a Windows Autopatch policy, your tenant is now using the Autopatch service to manage updates. Devices are registered with the service following the process as described in [Register your devices](../deploy/windows-autopatch-register-devices.md).
+
+## Activate Windows Autopatch features
+
+> [!IMPORTANT]
+> You must be a Global Administrator to consent to the feature activation flow.
+
+If your tenant meets the licensing entitlement for Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5), you can activate Windows Autopatch features by either:
+
+| Method | Description |
+| --- | --- |
+| Banner method | **Select the banner** and follow the consent prompt on the side page that appears. |
+| Intune admin center | Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). In the left pane, select **Tenant Administration** > **Windows Autopatch** > **Activate features**. |
+
+When you activate Windows Autopatch features, Windows Autopatch creates deployment rings. For more information about deployment rings, see [Windows Autopatch deployment rings](../deploy/windows-autopatch-device-registration-overview.md#windows-autopatch-deployment-rings).
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
deleted file mode 100644
index b2371addb0..0000000000
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: Fix issues found by the Readiness assessment tool
-description: This article details how to fix issues found by the Readiness assessment tool.
-ms.date: 09/12/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Fix issues found by the Readiness assessment tool
-
-Seeing issues with your tenant? This article details how to remediate issues found with your tenant.
-
-> [!NOTE]
-> If you need more assistance with tenant enrollment, you can [submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md).
-
-## Check results
-
-For each check, the tool reports one of four possible results:
-
-| Result | Meaning |
-| ----- | ----- |
-| Ready | No action is required before completing enrollment. |
-| Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
-| Not ready | You must fix these issues before enrollment. You can't enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
-| Error | The Microsoft Entra role you're using doesn't have sufficient permission to run this check or your tenant isn't properly licensed for Microsoft Intune. |
-
-> [!NOTE]
-> The results reported by this tool reflect the status of your settings only at the time that you ran it. If you make changes later to policies in Microsoft Intune, Microsoft Entra ID, or Microsoft 365, items that were "Ready" can become "Not ready". To avoid problems with Windows Autopatch operations, review the specific settings described in this article before you change any policies.
-
-## Microsoft Intune settings
-
-You can access Intune settings at the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-### Update rings for Windows 10 or later
-
-Your "Update rings for Windows 10 or later" policy in Intune must not target any Windows Autopatch devices.
-
-| Result | Meaning |
-| ----- | ----- |
-| Advisory |  You have an "update ring" policy that targets all devices, all users, or both. Windows Autopatch creates our own update ring policies during enrollment. To avoid conflicts with Windows Autopatch devices, we exclude our devices group from your existing update ring policies that target all devices, all users, or both. You must consent to this change when you go to enroll your tenant.</p>|
-
-<a name='azure-active-directory-settings'></a>
-
-## Microsoft Entra settings
-
-You can access Microsoft Entra settings in the [Azure portal](https://portal.azure.com/).
-
-### Co-management
-
-Co-management enables you to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune.
-
-| Result | Meaning |
-| ----- | ----- |
-| Advisory | To successfully enroll devices that are co-managed into Windows Autopatch, it's necessary that the following co-managed workloads are set to **Intune**:<ul><li>Device configuration</li><li>Windows update policies</li><li>Office 365 client apps</li></ul><p>If co-management doesn't apply to your tenant, this check can be safely disregarded, and it won't block device deployment.</p> |
-
-### Licenses
-
-Windows Autopatch requires the following licenses:
-
-| Result | Meaning |
-| ----- | ----- |
-| Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Microsoft Entra ID P1 or P2, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). |
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index c5a7d98976..1e49a9fad7 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -1,10 +1,10 @@
 ---
 title: Prerequisites
 description: This article details the prerequisites needed for Windows Autopatch
-ms.date: 01/11/2024
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -17,19 +17,73 @@ ms.collection:
 
 # Prerequisites
 
-Getting started with Windows Autopatch has been designed to be easy. This article outlines the infrastructure requirements you must meet to assure success with Windows Autopatch.
+## Licenses and entitlements
 
-| Area | Prerequisite details |
-| ----- | ----- |
-| Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher), or F3 to be assigned to your users. Additionally, Microsoft Entra ID P1 or P2 and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).<p><p>For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).<p><p>For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
-| Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.<p><p>For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). |
-| Microsoft Entra ID | Microsoft Entra ID must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Microsoft Entra Connect to enable Microsoft Entra hybrid join.<br><ul><li>For more information, see [Microsoft Entra Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Microsoft Entra hybrid join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)</li><li>For more information on supported Microsoft Entra Connect versions, see [Microsoft Entra Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).</li></ul> |
-| Device management | [Devices must be already enrolled with Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) prior to registering with Windows Autopatch. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li><li>Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.</li></ul><p>See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works with Windows Autopatch.<p>For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).</p> |
-| Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../overview/windows-autopatch-privacy.md). |
+### [Business Premium and A3+](#tab/business-premium-a3-entitlements)
+
+Business Premium and A3+ licenses include:
+
+- Microsoft 365 Business Premium (for more information on available licenses, see Microsoft 365 licensing)
+- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
+
+[!INCLUDE [windows-autopatch-business-premium-a3-licenses](../includes/windows-autopatch-business-premium-a3-licenses.md)]
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-entitlements)
+
+The following licenses provide access to the Windows Autopatch features [included in Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses) and its [additional features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses) after you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md):
+
+- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+- Windows 10/11 Enterprise E3 or E5 VDA
+
+For more information about specific service plans, see [Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses].
+
+---
+
+### Feature entitlement
+
+For more information about feature entitlement, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
+
+| Symbol | Meaning |
+| --- | --- |
+| :heavy_check_mark: | All features available |
+| :large_orange_diamond: | Most features available |
+| :x: | Feature not available |
+
+#### Windows 10 and later update policy management
+
+| Feature | Business Premium | A3+ | E3+ | F3 |
+| --- | --- | --- | --- | --- |
+| Releases | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:|
+| Update rings | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:|
+| Quality updates | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:|
+| Feature updates | :large_orange_diamond: | :large_orange_diamond: | :heavy_check_mark: | :heavy_check_mark:|
+| Driver and firmware updates | :large_orange_diamond: | :large_orange_diamond: | :heavy_check_mark: | :heavy_check_mark:|
+
+#### Tenant management
+
+| Feature | Business Premium | A3+ | E3+ | F3 |
+| --- | --- | --- | --- | --- |
+| Autopatch groups | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
+| New feature and change management communications | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:|
+| Release schedule and status communications | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
+| Support requests | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
+| Policy health | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
+
+#### Reporting
+
+| Feature | Business Premium | A3+ | E3+ | F3 |
+| --- | --- | --- | --- | --- |
+| Intune Reports | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:|
+| Quality updates | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
+| Feature updates | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
+| Device readiness | :x: | :x: | :heavy_check_mark: | :heavy_check_mark:|
 
 ## More about licenses
 
-Windows Autopatch is included with Windows 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch:
+### Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses
+
+> [!IMPORTANT]
+> Only Windows 10/11 Enterprise E3+ or F3 (included in Microsoft 365 F3, E3, or E5) licenses have access to all Windows Autopatch features after you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). Microsoft 365 Business Premium and Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) do **not** have access to all Windows Autopatch features. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
 
 | License | ID | GUID number |
 | ----- | ----- | ------|
@@ -58,26 +112,74 @@ Windows Autopatch is included with Windows 10/11 Enterprise E3 or higher (user-b
 | Microsoft 365 F3 (for Department) | Microsoft_365_F3_DEPT |45972061-34c4-44c8-9e83-ad97815acc34 |
 | Microsoft 365 F3 EEA (no Teams) | Microsoft_365_F3_EEA_(no_Teams) | f7ee79a7-7aec-4ca4-9fb9-34d6b930ad87 |
 
-The following Windows 10 editions, build version and architecture are supported to be [registered](../deploy/windows-autopatch-register-devices.md) with Windows Autopatch:
+## General infrastructure requirements
 
-- Windows 10 (1809+)/11 Pro
-- Windows 10 (1809+)/11 Enterprise
-- Windows 10 (1809+)/11 Pro for Workstations
+[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
+
+| Area | Prerequisite details |
+| --- | --- |
+| Licensing terms and conditions for products and services | For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
+| Microsoft Entra ID and Intune | Microsoft Entra ID P1 or P2 and Microsoft Intune are required.<p>Microsoft Entra ID must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Microsoft Entra Connect to enable Microsoft Entra hybrid join.</p><ul><li>For more information, see [Microsoft Entra Connect](/entra/identity/hybrid/connect/whatis-azure-ad-connect) and [Microsoft Entra hybrid join](/entra/identity/devices/how-to-hybrid-join)</li><li>For more information on supported Microsoft Entra Connect versions, see [Microsoft Entra Connect:Version release history](/entra/identity/hybrid/connect/reference-connect-version-history).</li></ul> |
+| Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network. For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). |
+| Device management | [Devices must be already enrolled with Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) before registering with Windows Autopatch. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p>At a minimum, the Windows Update, Device configuration, and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).</p><p>Other device management prerequisites include:</p><ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the last 28 days. Otherwise, the devices aren't registered with Autopatch.</li><li>Devices must be connected to the internet.</li></ul><p>See [Register your devices](../deploy/windows-autopatch-register-devices.md) for more details on device prerequisites and on how the device registration process works with Windows Autopatch.</p><p>For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).</p> |
+| Data and privacy |Deployment scheduling controls are always available. However, to take advantage of the unique deployment protections tailored to your population and to [deploy driver updates](/windows/deployment/update/deployment-service-drivers), devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the Required level (previously called *Basic*) for these features.<p>When you use [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) with the deployment service, using diagnostic data at the following levels allows device names to appear in reporting:</p><ul><li>Optional level (previously Full) for Windows 11 devices</li><li>Enhanced level for Windows 10 devices</li></ul><p>For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../overview/windows-autopatch-privacy.md).</p> |
+
+## Windows editions, build version, and architecture
 
 > [!IMPORTANT]
-> While Windows Autopatch supports registering devices below the [minimum Windows OS version enforced by the service](../operate/windows-autopatch-windows-feature-update-overview.md), once registered, devices are automatically offered with the [minimum windows OS version](../operate/windows-autopatch-windows-feature-update-overview.md). The devices must be on a [minimum Windows OS currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) by the [Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to keep receiving monthly security updates that are critical to security and the health Windows.
+> The following Windows editions, build version, and architecture **applies if you have**:<ul><li>Windows Enterprise E3+ or F3 licenses</li><li>[Activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md)</li><li>[Registered devices with Windows Autopatch](../deploy/windows-autopatch-register-devices.md)</li></ul>
+
+The following Windows 10/11 editions, build version, and architecture are supported when [devices are registered with Windows Autopatch](../deploy/windows-autopatch-register-devices.md):
+
+- Windows 11 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
+- Windows 10 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
+
+Windows Autopatch service supports Windows client devices on the **General Availability Channel**.
 
 > [!NOTE]
 > Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
 
 ## Configuration Manager co-management requirements
 
-Windows Autopatch fully supports co-management. The following co-management requirements apply:
+> [!IMPORTANT]
+> The following Windows editions, build version, and architecture **applies if you have**:<ul><li>Windows Enterprise E3+ or F3 licenses</li><li>[Activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md)</li><li>[Registered devices with Windows Autopatch](../deploy/windows-autopatch-register-devices.md)</li></ul>
 
-- Use a currently supported [Configuration Manager version](/mem/configmgr/core/servers/manage/updates#supported-versions).
-- Configuration Manager must be [cloud-attached with Intune (co-management)](/mem/configmgr/cloud-attach/overview) and must have the following co-management workloads enabled and set to either **Pilot Intune** or **Intune**:
-	- [Windows Update policies workload](/mem/configmgr/comanage/workloads#windows-update-policies)
-	- [Device configuration workload](/mem/configmgr/comanage/workloads#device-configuration)
-	- [Office Click-to-Run apps workload](/mem/configmgr/comanage/workloads#office-click-to-run-apps)
+| Requirement | Description |
+| --- | --- |
+| Supported Configuration Manager version | Use a currently supported [Configuration Manager version](/mem/configmgr/core/servers/manage/updates#supported-versions). |
+| Configuration Manager must be [cloud-attached with Intune (co-management)](/mem/configmgr/cloud-attach/overview) | Must have the following co-management workloads enabled and set to either **Intune** or **Pilot Intune**:<ul><li>Windows Update policies workload</li><li>Device configuration workload</li><li>Office Click-to-Run apps workload</li></ul><p>If you’re using **Pilot Intune**, in the **Staging** tab, the device must be in the collections that correspond to the three workloads that Windows Autopatch requires.<ul><li>If you selected Intune for one workload and Pilot Intune for the other two workloads, your devices only need to be in the two Pilot Intune collections.</li><li>If you have different collection names for each workload, your devices must be in CoMgmtPilot.</li></ul><p>**You or your Configuration Manager administrator are responsible for adding your Autopatch devices to these collections. Windows Autopatch doesn’t change or add to these collections.**</p><p>For more information, see [paths to co-management](/mem/configmgr/comanage/quickstart-paths).</p> |
+| Create a Custom client setting |Create a Custom client setting in Configuration Manager to disable the Software Updates agent for Intune/Pilot Intune co-managed devices.<ol><li>Under **Disable Software Updates > Device Settings > Enable software updates on clients**, select **No**.</li><li>Under **CoMgmtSettingsProd Properties > Staging tab > Office Click-to-Run apps, set to Co-Management – O365 Workload**.</li><li>Under **CoMgmtSettingsProd Properties > Staging tab > Windows Update policies, set to Co-Management – WUfB Workload**.</li><li>Ensure the **Disable Software Updates** setting has a lower priority than your default client settings and target your co-management collection.<ol><li>If the co-management workload is set to Intune, deploy the Client Setting to a collection that includes all co-management devices, for example, Co-management Eligible Devices.</li></ol><li>Configuration Manager **disables** the Software Updates agent in the next policy cycle. However, because the Software Updates Scan Cycle is **removed**, Configuration Manager might not remove the Windows Server Update Service (WSUS) registry keys.</li><ol><li>Remove the registry values under **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate** because Windows Update for Business (WUfB) policies control the process.</li></ol></ol> |
 
-For more information, see [paths to co-management](/mem/configmgr/comanage/quickstart-paths).
+## Required Intune permissions
+
+### [Business Premium and A3+](#tab/business-premium-a3-intune-permissions)
+
+Your account must be assigned an [Intune role-based access control](/mem/intune/fundamentals/role-based-access-control) (RBAC) role that includes the following permissions:
+
+- **Device configurations**:
+    - Assign
+    - Create
+    - Delete
+    - View Reports
+    - Update
+- Read
+
+You can add the *Device configurations* permission with one or more rights to your own custom RBAC roles or use one of the built-in **Policy and Profile manager** roles, which include these rights.
+
+### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-intune-permissions)
+
+After you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md#activate-windows-autopatch-features), use the Intune Service Administrator role to register devices, manage your update deployments, and reporting tasks.
+
+If you want to assign less-privileged user accounts to perform specific tasks in the Windows Autopatch portal, such as register devices with the service, you can add these user accounts into one of the two Microsoft Entra groups created during the [Start using Windows Autopatch](../prepare/windows-autopatch-feature-activation.md) process:
+
+| Microsoft Entra group name | Discover devices | Modify columns | Refresh device list | Export to .CSV | Device actions |
+| --- | --- | --- | --- | --- | --- |
+| Modern Workplace Roles - Service Administrator | Yes | Yes | Yes | Yes | Yes |
+| Modern Workplace Roles - Service Reader | No | Yes | Yes | Yes | Yes |
+
+For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
+
+> [!TIP]
+> For more information, see [assign an owner of member of a group in Microsoft Entra ID](/entra/id-governance/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group).
+
+---
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md
new file mode 100644
index 0000000000..822866ede9
--- /dev/null
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md
@@ -0,0 +1,114 @@
+---
+title: Changes made at feature activation
+description: This reference article details the changes made to your tenant when you activate Windows Autopatch
+ms.date: 09/16/2024
+ms.service: windows-client
+ms.subservice: autopatch
+ms.topic: concept-article
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: aaroncz
+ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Changes made at feature activation
+
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
+
+The following configuration details explain the changes made to your tenant when consenting to Windows Autopatch feature activation with the Windows Autopatch service.
+
+> [!IMPORTANT]
+> The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
+
+## Windows Autopatch enterprise applications
+
+Enterprise applications are applications (software) that a business uses to do its work.
+
+Windows Autopatch creates an enterprise application in your tenant. This enterprise application is used to run the Windows Autopatch service.
+
+| Enterprise application name | Usage | Permissions |
+| ----- | ------ | ----- |
+| Modern Workplace Management | The Modern Workplace Management application:<ul><li>Manages the service</li><li>Publishes baseline configuration updates</li><li>Maintains overall service health</li></ul> | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.ReadWrite.All</li></ul> |
+
+## Microsoft Entra groups
+
+Windows Autopatch creates the required Microsoft Entra groups to operate the service.
+
+The following groups target Windows Autopatch configurations to devices and management of the service by our [first party enterprise applications](#windows-autopatch-enterprise-applications).
+
+| Group name | Description |
+| ----- | ----- |
+| Modern Workplace Devices-Virtual Machine | All Autopatch virtual devices |
+| Windows Autopatch-Devices all | All Autopatch devices |
+| Modern Workplace Devices-Windows Autopatch-Test | Deployment ring for testing update deployments prior production rollout |
+| Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters |
+| Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
+| Modern Workplace Devices-WindowsAutopatch-Broad | Final deployment ring for broad rollout into the organization |
+
+## Device configuration policies
+
+- Windows Autopatch - Data Collection
+
+| Policy name | Policy description | Properties | Value |
+| ----- | ----- | ----- | ----- |
+| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
+
+## Windows feature update policies
+
+- Windows Autopatch - Global DSS Policy
+
+| Policy name | Policy description | Value |
+| ----- | ----- | ----- |
+| Windows Autopatch - Global DSS Policy | Global DSS policy for Test device group with the required minimum OS version | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
+
+## Microsoft Office update policies
+
+> [!IMPORTANT]
+> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates).</p>
+
+- Windows Autopatch - Office Configuration
+- Windows Autopatch - Office Update Configuration [Test]
+- Windows Autopatch - Office Update Configuration [First]
+- Windows Autopatch - Office Update Configuration [Fast]
+- Windows Autopatch - Office Update Configuration [Broad]
+
+| Policy name | Policy description | Properties | Value |
+| ----- | ----- | ----- | ----- |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
+| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
+| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
+| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
+| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 7 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol> |
+
+## Microsoft Edge update policies
+
+> [!IMPORTANT]
+> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-edge.md#allow-or-block-microsoft-edge-updates).</p>
+
+- Windows Autopatch - Edge Update Channel Stable
+- Windows Autopatch - Edge Update Channel Beta
+
+| Policy name | Policy description | Properties | Value |
+| ----- | ----- | ----- | ----- |
+| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Stable</li></ol>|
+| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override</li><li>Target Channel (Device)</li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
+
+## Driver updates for Windows 10 and later
+
+> [!IMPORTANT]
+> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group).</p>
+
+- Windows Autopatch - Driver Update Policy [Test]
+- Windows Autopatch - Driver Update Policy [First]
+- Windows Autopatch - Driver Update Policy [Fast]
+- Windows Autopatch - Driver Update Policy [Broad]
+
+## PowerShell scripts
+
+| Script | Description |
+| ----- | ----- |
+| Modern Workplace - Autopatch Client Setup v1.1 | Installs necessary client components for the Windows Autopatch service |
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
deleted file mode 100644
index 13ccf4e8ec..0000000000
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ /dev/null
@@ -1,125 +0,0 @@
----
-title: Changes made at tenant enrollment
-description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
-ms.date: 12/13/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: reference
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: hathind
-ms.collection:
-  - highpri
-  - tier1
----
-
-# Changes made at tenant enrollment
-
-The following configuration details explain the changes made to your tenant when enrolling into the Windows Autopatch service.
-
-> [!IMPORTANT]
-> The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
-
-## Windows Autopatch enterprise applications
-
-Enterprise applications are applications (software) that a business uses to do its work.
-
-Windows Autopatch creates an enterprise application in your tenant. This enterprise application is used to run the Windows Autopatch service.
-
-| Enterprise application name | Usage | Permissions |
-| ----- | ------ | ----- |
-| Modern Workplace Management | The Modern Workplace Management application:<ul><li>Manages the service</li><li>Publishes baseline configuration updates</li><li>Maintains overall service health</li></ul> | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.ReadWrite.All</li></ul> |
-
-## Microsoft Entra groups
-
-Windows Autopatch will create the required Microsoft Entra groups to operate the service.
-
-The following groups target Windows Autopatch configurations to devices and management of the service by our [first party enterprise applications](#windows-autopatch-enterprise-applications).
-
-| Group name | Description |
-| ----- | ----- |
-| Modern Workplace-All | All Modern Workplace users |
-| Modern Workplace - Windows 11 Pre-Release Test Devices | Device group for Windows 11 Pre-Release testing. |
-| Modern Workplace Devices-All | All Autopatch devices |
-| Modern Workplace Devices-Virtual Machine | All Autopatch virtual devices |
-| Modern Workplace Devices-Windows Autopatch-Test | Deployment ring for testing update deployments prior production rollout |
-| Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters |
-| Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
-| Modern Workplace Devices-Windows Autopatch-Broad | Final deployment ring for broad rollout into the organization |
-| Modern Workplace Roles - Service Administrator | All users granted access to Modern Workplace Service Administrator Role |
-| Modern Workplace Roles - Service Reader | All users granted access to Modern Workplace Service Reader Role |
-| Windows Autopatch Device Registration | Group for automatic device registration for Windows Autopatch |
-
-## Device configuration policies
-
-- Windows Autopatch - Set MDM to Win Over GPO
-- Windows Autopatch - Data Collection
-
-| Policy name | Policy description | Properties | Value |
-| ----- | ----- | ----- | ----- |
-| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | <ul><li>MDM policy is used</li><li>GP policy is blocked</li></ul> |
-| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
-
-## Deployment rings for Windows 10 and later
-
-- Modern Workplace Update Policy [Test]-[Windows Autopatch]
-- Modern Workplace Update Policy [First]-[Windows Autopatch]
-- Modern Workplace Update Policy [Fast]-[Windows Autopatch]
-- Modern Workplace Update Policy [Broad]-[Windows Autopatch]
-
-| Policy name | Policy description | OMA | Value |
-| ----- | ----- | ----- | ----- |
-| Modern Workplace Update Policy [Test]-[Windows Autopatch | Windows Update for Business Configuration for the Test Ring<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>0</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>0</li><li>0</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
-| Modern Workplace Update Policy [First]-[Windows Autopatch] | Windows Update for Business Configuration for the First Ring <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>1</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>2</li><li>2</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
-| Modern Workplace Update Policy [Fast]-[Windows Autopatch] | Windows Update for Business Configuration for the Fast Ring<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>6</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>2</li><li>2</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
-| Modern Workplace Update Policy [Broad]-[Windows Autopatch] | Windows Update for Business Configuration for the Broad Ring<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>9</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>5</li><li>2</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
-
-## Windows feature update policies
-
-- Windows Autopatch - DSS Policy [Test]
-- Windows Autopatch - DSS Policy [First]
-- Windows Autopatch - DSS Policy [Fast]
-- Windows Autopatch - DSS Policy [Broad]
-- Modern Workplace DSS Policy [Windows 11]
-
-| Policy name | Policy description | Value |
-| ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy [Test] | DSS policy for Test device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
-| Windows Autopatch - DSS Policy [First] | DSS policy for First device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li> |
-| Windows Autopatch - DSS Policy [Fast] | DSS policy for Fast device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul> |
-| Windows Autopatch - Policy [Broad] | DSS policy for Broad device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
-| Modern Workplace DSS Policy [Windows 11] | Windows 11 DSS policy | Assigned to:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
-
-## Microsoft Office update policies
-
-- Windows Autopatch - Office Configuration
-- Windows Autopatch - Office Update Configuration [Test]
-- Windows Autopatch - Office Update Configuration [First]
-- Windows Autopatch - Office Update Configuration [Fast]
-- Windows Autopatch - Office Update Configuration [Broad]
-
-| Policy name | Policy description | Properties | Value |
-| ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
-| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
-| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
-| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
-| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 7 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol> |
-
-## Microsoft Edge update policies
-
-- Windows Autopatch - Edge Update Channel Stable
-- Windows Autopatch - Edge Update Channel Beta
-
-| Policy name | Policy description | Properties | Value |
-| ----- | ----- | ----- | ----- |
-| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Stable</li></ol>|
-| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override</li><li>Target Channel (Device)</li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
-
-## PowerShell scripts
-
-| Script | Description |
-| ----- | ----- |
-| Modern Workplace - Autopatch Client Setup v1.1 | Installs necessary client components for the Windows Autopatch service |
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
index 677faf730d..a570c117ed 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
@@ -1,10 +1,10 @@
 ---
 title: Conflicting configurations
 description: This article explains how to remediate conflicting configurations affecting the Windows Autopatch service.
-ms.date: 09/05/2023
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: concept-article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -15,12 +15,11 @@ ms.collection:
   - tier1
 ---
 
-# Conflicting configurations (public preview)
+# Conflicting configurations
 
-> [!IMPORTANT]
-> This feature is in **public preview**. The feature is being actively developed and might not be complete.
+[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
 
-During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state.
+During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issues. You can review any device marked as **Not ready** and remediate them to a **Ready** state.
 
 Windows Autopatch monitors conflicting configurations. You're notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it's possible that other services write back the registry keys. It's recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates.
 
@@ -28,7 +27,6 @@ The most common sources of conflicting configurations include:
 
 - Active Directory Group Policy (GPO)
 - Configuration Manager Device client settings
-- Windows Update for Business (WUfB) policies
 - Manual registry updates
 - Local Group Policy settings applied during imaging (LGPO)
 
@@ -37,14 +35,12 @@ The most common sources of conflicting configurations include:
 ```cmd
 Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations Value=Any
 Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccess Value=Any
-Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer String=Any
-Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer Value=Any
 Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate Value=Any
 ```
 
 ## Resolving conflicts
 
-Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed clients.
+Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed devices.
 
 > [!IMPORTANT]
 > **It's recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren't managed by Windows Autopatch, be sure to target accordingly.
@@ -90,22 +86,18 @@ Copy and paste the following PowerShell script into PowerShell or a PowerShell e
 ```powershell
 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations"
 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DisableWindowsUpdateAccess"
-Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer"
-Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer"
 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate"
 ```
 
 ### Batch file
 
-Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service.
+Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. For more information, see [Using batch files: Scripting: Management services](/previous-versions/windows/it-pro/windows-server-2003/cc758944(v=ws.10)?redirectedfrom=MSDN).
 
 ```cmd
 @echo off
 echo Deleting registry keys...
 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /f
 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableWindowsUpdateAccess" /f
-reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /f
-reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /f
 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /f
 echo Registry keys deleted.
 Pause
@@ -120,15 +112,13 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
 "DoNotConnectToWindowsUpdateInternetLocations"=-
 "DisableWindowsUpdateAccess"=-
-"WUServer"=-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
-"UseWUServer"=-
 "NoAutoUpdate"=-
 ```
 
 ## Common sources of conflicting configurations
 
-The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn't an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly.
+The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn't an exhaustive, and Admins should plan for changes can affect devices not managed by Windows Autopatch.
 
 ### Group Policy management
 
@@ -138,7 +128,7 @@ Group Policy management is the most popular client configuration tool in most or
 1. Navigate to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**
 1. If a Policy **doesn't exist** in Windows Update, then it appears to not be Group Policy.
 1. If a Policy **exists** in Windows Update is present, modify or limit the target of the conflicting policy to resolve the Alert.
-1. If the **Policy name** is labeled **Local Group Policy**, these settings could have been applied during imaging or by Configuration Manager.
+1. If the **Policy name** is labeled **Local Group Policy**, these settings are applied during imaging or by Configuration Manager.
 
 ### Configuration Manager
 
@@ -150,4 +140,4 @@ Configuration Manager is a common enterprise management tool that, among many th
 
 ## Third-party solutions
 
-Third-party solutions can include any other product that may write configurations for the devices in question, such as MDMs (Mobile Device Managers) or Policy Managers.
+Third-party solutions can include any other product that might write configurations for the devices in question, such as MDMs (Mobile Device Managers) or Policy Managers.
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
index 9edb3f3748..d18412ab3c 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
@@ -1,10 +1,10 @@
 ---
 title: Driver and firmware updates for Windows Autopatch Public Preview Addendum
 description:  This article explains how driver and firmware updates are managed in Autopatch
-ms.date: 06/26/2023
+ms.date: 07/08/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.subservice: autopatch
+ms.topic: legal
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
deleted file mode 100644
index df04f475d9..0000000000
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-title: Windows update policies
-description: This article explains Windows update policies in Windows Autopatch
-ms.date: 09/02/2023
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: aaroncz
-ms.reviewer: adnich
-ms.collection:
-  - tier2
----
-
-# Windows update policies
-
-## Deployment rings for Windows 10 and later
-
-The following policies contain settings that apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
-
-**Modern Workplace Update Policy [ring name] - [Windows Autopatch]**
-
-### Windows 10 and later update settings
-
-| Setting name | Test | First | Fast | Broad |
-| ----- | ----- | ----- | ----- | ----- |
-| Microsoft product updates | Allow | Allow | Allow | Allow |
-| Windows drivers | Allow | Allow | Allow | Allow |
-| Windows quality update deferral period | 0 | 1 | 6 | 9 |
-| Windows feature update deferral period | 0 | 0 | 0 | 0 |
-| Upgrade Windows 10 to latest Windows 11 release | No | No | No | No |
-| Set Windows feature update uninstall period | 30 days | 30 days | 30 days | 30 days |
-| Servicing channel | General availability |  General availability |  General availability |  General availability |
-
-### Windows 10 and later user experience settings
-
-| Setting name | Test | First | Fast | Broad |
-| ----- | ----- | ----- | ----- | ----- |
-| Automatic update behavior | Reset to default | Reset to default | Reset to default | Reset to default |
-| Restart checks | Allow | Allow | Allow | Allow |
-| Option to pause updates | Disable | Disable | Disable | Disable |
-| Option to check for Windows updates | Default |  Default | Default | Default |
-| Change notification update level | Default | Default |  Default | Default |
-| Deadline for Windows feature updates | 5 | 5 | 5 | 5 |
-| Deadline for Windows quality updates | 0 | 2 | 2 | 5 |
-| Grace period | 0 | 2 | 2 | 2 |
-| Auto restart before deadline | Yes | Yes | Yes | Yes |
-
-### Windows 10 and later assignments
-
-| Setting name | Test | First | Fast | Broad |
-| ----- | ----- | ----- | ----- | ----- |
-| Included groups | Modern Workplace Devices-Windows Autopatch-Test | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad |
-| Excluded groups | None | None | None | None |
-
-## Windows feature update policies
-
-The service deploys policies using Microsoft Intune to control how Windows feature updates are deployed to devices.
-
-### Windows feature updates for Windows 10 and later
-
-These policies control the minimum target version of Windows that a device is meant to accept. Throughout the rest of the article, these policies are referred to as DSS policies. After onboarding, there will be four of these policies in your tenant with the following naming convention:
-
-**Modern Workplace DSS Policy [ring name]**
-
-#### Windows feature update deployment settings
-
-| Setting name | Test | First | Fast | Broad |
-| ----- | ----- | ----- | ----- | ----- |
-| Name | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows |
-| Rollout options | Immediate start | Immediate start | Immediate start | Immediate start |
-
-#### Windows feature update policy assignments
-
-| Setting name | Test | First | Fast | Broad |
-| ----- | ----- | ----- | ----- | ----- |
-| Included groups | Modern Workplace Devices-Windows Autopatch-Test  | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad |
-| Excluded groups | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices |
-
-## Conflicting and unsupported policies
-
-Deploying any of the following policies to a Windows Autopatch device makes that device ineligible for management since the device prevents us from delivering the service as designed.
-
-### Update policies
-
-Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices are excluded from management.
-
-| Allowed policy | Policy CSP | Description |
-| ----- | ----- | ----- |
-| [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | Update/ActiveHoursStart | This policy controls the end of the protected window where devices won't restart.<p><p>Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
-| [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | Update/ActiveHoursEnd | This policy controls the end of the protected window where devices won't restart.<p><p>Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
-| [Active hours max range](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange) | Update/ActiveHoursMaxRange | Allows the IT admin to specify the max active hours range.<p><p>This value sets the maximum number of active hours from the start time. Supported values are from eight through to 18. |
-
-### Group policy and other policy managers
-
-Group policy and other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
-
-- `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`
-- `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index 7bda20114c..fbf6ff1953 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -3,7 +3,7 @@ title: What's new 2022
 description: This article lists the 2022 feature releases and any corresponding Message center post numbers.
 ms.date: 12/09/2022
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: whats-new
 ms.localizationpriority: medium
 author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
index 79867750b3..5492f63c14 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
@@ -3,7 +3,7 @@ title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
 ms.date: 12/14/2023
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: whats-new
 ms.localizationpriority: medium
 author: tiaraquan
@@ -100,7 +100,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | ----- | ----- |
 | [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md) | Updated article to include Windows Autopatch groups |
 | [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
-| [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
@@ -147,8 +147,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Software update management](../operate/windows-autopatch-groups-update-management.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
 | [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
 | [Windows quality update overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
-| [Windows quality update end user experience](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
-| [Windows quality update signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
+| [Windows quality update end user experience](../manage/windows-autopatch-windows-quality-update-end-user-exp.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
 | [Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
 | [Windows feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
 | [Manage Windows feature update](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
@@ -213,11 +212,11 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Added [Allow or block Microsoft 365 App updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) section |
 | [Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md#) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../operate/windows-autopatch-windows-feature-update-overview.md) |
 | [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../operate/windows-autopatch-windows-quality-update-overview.md) |
-| [Register your devices](../deploy/windows-autopatch-register-devices.md) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration) |
+| [Register your devices](../deploy/windows-autopatch-register-devices.md) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../deploy/windows-autopatch-device-registration-overview.md#prerequisites-for-device-registration) |
 | [Prerequisites](../prepare/windows-autopatch-prerequisites.md) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../prepare/windows-autopatch-prerequisites.md#more-about-licenses) |
 | [Privacy](../overview/windows-autopatch-privacy.md) | Added additional resources to the [Microsoft Windows 10/11 diagnostic data](../overview/windows-autopatch-privacy.md#microsoft-windows-1011-diagnostic-data) section |
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated Feature update policies section with Windows Autopatch - DSS Policy [deployment ring] |
-| [Register your devices](../deploy/windows-autopatch-register-devices.md) |<ul><li>Updated the [Built-in roles required for registration](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration) section</li><li>Added more information about assigning less-privileged user accounts</li></ul> |
+| [Register your devices](../deploy/windows-autopatch-register-devices.md) |<ul><li>Updated the [Built-in roles required for registration](../deploy/windows-autopatch-device-registration-overview.md#built-in-roles-required-for-device-registration) section</li><li>Added more information about assigning less-privileged user accounts</li></ul> |
 
 ### February service releases
 
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
index 011615d29b..8f27de3c27 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
@@ -1,9 +1,9 @@
 ---
 title: What's new 2024
 description: This article lists the 2024 feature releases and any corresponding Message center post numbers.
-ms.date: 04/09/2024
+ms.date: 09/16/2024
 ms.service: windows-client
-ms.subservice: itpro-updates
+ms.subservice: autopatch
 ms.topic: whats-new
 ms.localizationpriority: medium
 author: tiaraquan
@@ -21,6 +21,14 @@ This article lists new and updated feature releases, and service releases, with
 
 Minor corrections such as typos, style, or formatting issues aren't listed.
 
+## September 2024
+
+### September feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| All articles | Windows Update for Business deployment service unified under Windows Autopatch. For more information, see [What is Windows Autopatch?](../overview/windows-autopatch-overview.md)|
+
 ## March 2024
 
 ### March feature releases or updates
@@ -28,7 +36,6 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | Article | Description |
 | ----- | ----- |
 | [Reliability report](../operate/windows-autopatch-reliability-report.md) | Added the [Reliability report](../operate/windows-autopatch-reliability-report.md) feature |
-| [Resolve policy conflicts](../operate/windows-autopatch-resolve-policy-conflicts.md) | Added the [Resolve policy conflicts](../operate/windows-autopatch-resolve-policy-conflicts.md) feature |
 
 ## February 2024
 
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index 89a7b65ab6..4794ab6ddf 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -1,300 +1,272 @@
 ---
-title: Windows 10 deployment scenarios and tools
-description: Learn about the tools you can use to deploy Windows 10 and related applications to your organization. Explore deployment scenarios.
+title: Windows deployment scenarios and tools
+description: Learn about the tools that can be used to deploy Windows and related applications to your organization. Explore deployment scenarios.
 manager: aaroncz
 ms.author: frankroj
 author: frankroj
 ms.service: windows-client
-ms.topic: article
-ms.date: 11/23/2022
+ms.topic: conceptual
+ms.date: 08/30/2024
 ms.subservice: itpro-deploy
 ---
 
-# Windows 10 deployment scenarios and tools
+# Windows deployment scenarios and tools
 
-To successfully deploy the Windows 10 operating system and applications for your organization, understand the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment.
+To successfully deploy the Windows operating system and applications for your organization, it's important to understand the available tools to help with the process. This article covers the most commonly used tools for Windows 10 deployment.
 
-Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). These tools aren't a complete solution on their own. Combine these tools with solutions like [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) to get a complete deployment solution.
+Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). These tools aren't a complete solution on their own. Combine these tools with solutions like [Configuration Manager](/mem/configmgr) to get a complete deployment solution.
 
-In this article, you also learn about different types of reference images that you can build, and why reference images are beneficial for most organizations
+This article also covers the different types of reference images that can be built, and why reference images are beneficial for most organizations.
 
 ## Windows Assessment and Deployment Kit
 
-Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more information, see [Windows ADK for Windows 10](/windows-hardware/get-started/adk-install) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+The Windows Assessment and Deployment Kit (Windows ADK) contains core assessment and deployment tools and technologies, including:
 
-![The Windows 10 ADK feature selection page.](images/win-10-adk-select.png)
+- [Deployment Image Servicing and Management (DISM)](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
+- [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages).
+- [Windows System Image Manager (Windows SIM)](/windows-hardware/customize/desktop/wsim/windows-system-image-manager-technical-reference).
+- [User State Migration Tool (USMT)](/windows/deployment/usmt/usmt-overview).
+- [Volume Activation Management Tool (VAMT)](/windows/deployment/volume-activation/volume-activation-management-tool).
+- [Windows Preinstallation Environment (Windows PE)](/windows-hardware/manufacture/desktop/winpe-intro).
+- [Windows Assessment Toolkit](/windows-hardware/test/assessments/).
+- [Windows Performance Toolkit (WPT)](/windows-hardware/test/wpt/).
 
-The Windows 10 ADK feature selection page.
+For more information, see the following articles:
+
+- [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
+- [Windows ADK for Windows scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+- [Kits and tools overview](/windows-hardware/get-started/kits-and-tools-overview).
 
 ### Deployment Image Servicing and Management (DISM)
 
-DISM is one of the deployment tools included in the Windows ADK and is used for capturing, servicing, and deploying boot images and operating system images.
+DISM is one of the deployment tools included in the Windows ADK. It's used for capturing, servicing, and deploying both boot images and operating system images.
 
-DISM services online and offline images. For example, with DISM you can install the Microsoft .NET Framework 3.5.1 in Windows 10 online, which means that you can start the installation in the running operating system, not that you get the software online. The /LimitAccess switch configures DISM to get the files only from a local source:
+DISM services online and offline images. For example, with DISM you can install the Microsoft .NET Framework while Windows is online, which means that you can start the installation in the running operating system. The `/LimitAccess` switch configures DISM to get the files only from a local source. For example:
 
 ```cmd
 Dism.exe /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\SxS /LimitAccess
 ```
 
-In Windows 10, you can use Windows PowerShell for many of the functions done by DISM.exe. The equivalent command in Windows 10 using PowerShell is:
+Windows PowerShell can be used in Windows for many of the functions done by **DISM.exe**. The equivalent command in Windows using PowerShell is:
 
 ```powershell
-Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All 
+Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All
 -Source D:\Sources\SxS -LimitAccess
 ```
 
-![Using DISM functions in PowerShell.](images/mdt-11-fig05.png)
-
-Using DISM functions in PowerShell.
-
 For more information on DISM, see [DISM technical reference](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
 
 ### User State Migration Tool (USMT)
 
-USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and Configuration Manager use USMT as part of the operating system deployment process.
+USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Configuration Manager uses USMT as part of the operating system deployment process.
 
-USMT includes several command-line tools, the most important of which are ScanState and LoadState:
+USMT includes several command-line tools, the most important of which are **ScanState** and **LoadState**:
 
 - **ScanState.exe**: This tool performs the user-state backup.
 - **LoadState.exe**: This tool performs the user-state restore.
-- **UsmtUtils.exe**: This tool supplements the functionality in ScanState.exe and LoadState.exe.
+- **UsmtUtils.exe**: This tool supplements the functionality in **ScanState.exe** and **LoadState.exe**.
 
 In addition to these tools, there are also XML templates that manage which data is migrated. You can customize the templates, or create new ones, to manage the backup process at a high level of detail. USMT uses the following terms for its templates:
 
 - **Migration templates**: The default templates in USMT.
 - **Custom templates**: Custom templates that you create.
-- **Config template**: An optional template called Config.xml which you can use to exclude or include components in a migration without modifying the other standard XML templates.
+- **Config template**: An optional template called **Config.xml** which you can use to exclude or include components in a migration without modifying the other standard XML templates.
 
-![A sample USMT migration file that will exclude .MP3 files on all local drives and include the folder C:\\Data and all its files, including its subdirectories and their files..](images/mdt-11-fig06.png)
+USMT supports capturing and restoring both data and settings from currently supported versions of Windows. It also supports migrating from a 32-bit operating system to a 64-bit operating system, but not the other way around. For example, you can use USMT to migrate from Windows 10 x86 to Windows 11 x64.
 
-A sample USMT migration file that will exclude .MP3 files on all local drives and include the folder C:\\Data and all its files, including its subdirectories and their files.
+By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows deployments are **MigUser.xml** and **MigApp.xml**. These two default templates migrate the following data and settings:
 
-USMT supports capturing data and settings from Windows Vista and later, and restoring the data and settings to Windows 7 and later (including Windows 10 in both cases). It also supports migrating from a 32-bit operating system to a 64-bit operating system, but not the other way around. For example, you can use USMT to migrate from Windows 7 x86 to Windows 10 x64.
+- Folders from each profile, including those folders from user profiles, and shared and public profiles. For example, the following folders:
 
-By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two default templates migrate the following data and settings:
-
-- Folders from each profile, including those folders from user profiles, and shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated.
+  - Documents.
+  - Video.
+  - Music.
+  - Pictures.
+  - Desktop.
 
 - The following specific file types:
 
     `.accdb`, `.ch3`, `.csv`, `.dif`, `.doc*`, `.dot*`, `.dqy`, `.iqy`, `.mcw`, `.mdb*`, `.mpp`, `.one*`, `.oqy`, `.or6`, `.pot*`, `.ppa`, `.pps*`, `.ppt*`, `.pre`, `.pst`, `.pub`, `.qdf`, `.qel`, `.qph`, `.qsd`, `.rqy`, `.rtf`, `.scd`, `.sh3`, `.slk`, `.txt`, `.vl*`, `.vsd`, `.wk*`, `.wpd`, `.wps`, `.wq1`, `.wri`, `.xl*`, `.xla`, `.xlb`, `.xls*`
+  
+  > [!NOTE]
+  >
+  > - The asterisk (`*`) stands for zero or more characters.
+  >
+  > - The OpenDocument extensions (`*.odt`, `*.odp`, `*.ods`) used by Microsoft Office applications aren't migrated by default.
 
-    > [!NOTE]
-    > The asterisk (`*`) stands for zero or more characters.
+- Operating system component settings.
 
-    > [!NOTE]
-    > The OpenDocument extensions (`*.odt`, `*.odp`, `*.ods`) that Microsoft Office applications can use aren't migrated by default.
+- Application settings.
 
-- Operating system component settings
+These settings are migrated by the default **MigUser.xml** and **MigApp.xml** templates. For more information, see [What does USMT migrate?](./usmt/usmt-what-does-usmt-migrate.md) For more general information on USMT, see [User State Migration Tool (USMT) overview](./usmt/usmt-overview.md).
 
-- Application settings
+### Windows Configuration Designer
 
-These settings are migrated by the default MigUser.xml and MigApp.xml templates. For more information, see [What does USMT migrate?](./usmt/usmt-what-does-usmt-migrate.md) For more general information on USMT, see [USMT technical reference](./usmt/usmt-reference.md).
+Windows Configuration Designer is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device. This tool is useful for setting up new devices without the need for reimaging the device with a custom image.
 
-### Windows Imaging and Configuration Designer
-
-Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This tool is useful for setting up new devices, without the need for reimaging the device with a custom image.
-
-![Windows Imaging and Configuration Designer.](images/windows-icd.png)
-
-Windows Imaging and Configuration Designer.
-
-For more information, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
+For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
 
 ### Windows System Image Manager (Windows SIM)
 
-Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don't need Windows SIM often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall.
+Windows System Image Manager (Windows SIM) is an authoring tool for **Unattend.xml** files. Windows SIM isn't normally needed when using Microsoft Configuration Manager. Microsoft Configuration Manager automatically creates and updates the **Unattend.xml** file based on settings specified in the task sequence, primarily at the **Apply Windows Settings** task. The automation in Microsoft Configuration Manager greatly simplifies the overall process.
 
-![Windows answer file opened in Windows SIM.](images/mdt-11-fig07.png)
-
-Windows answer file opened in Windows SIM.
-
-For more information, see [Windows System Image Manager Technical Reference]( https://go.microsoft.com/fwlink/p/?LinkId=619906).
+For more information, see [Windows System Image Manager Technical Reference](/windows-hardware/customize/desktop/wsim/windows-system-image-manager-technical-reference).
 
 ### Volume Activation Management Tool (VAMT)
 
-If you don't use KMS, manage your MAKs centrally with the Volume Activation Management Tool (VAMT). Use this tool to install and manage product keys throughout the organization. VAMT can also activate on behalf of clients without internet access, acting as a MAK proxy.
+If not using [Key Management Services (KMS)](/windows-server/get-started/kms-client-activation-keys), Multiple Activation Keys (MAKs) can be centrally managed with the Volume Activation Management Tool (VAMT). Use this tool to install and manage product keys throughout the organization. VAMT can also activate on behalf of clients without internet access, acting as a MAK proxy.
 
-![The updated Volume Activation Management Tool.](images/mdt-11-fig08.png)
-
-The updated Volume Activation Management Tool.
-
-VAMT also can be used to create reports, switch from MAK to KMS, manage Active Directory-based activation, and manage Office 2010 and Office 2013 volume activation. VAMT also supports PowerShell (instead of the old command-line tool). For example, if you want to get information from the VAMT database, you can type:
+VAMT can also be used to create reports, switch from MAK to KMS, manage Active Directory-based activation, and manage Office volume activation. VAMT also supports PowerShell. For example, to get information from the VAMT database, enter:
 
 ```powershell
 Get-VamtProduct
 ```
 
-For more information on the VAMT, see [VAMT technical reference](./volume-activation/volume-activation-management-tool.md).
+For more information on the VAMT, see the following articles:
+
+- [Volume Activation Management Tool (VAMT)](/windows/deployment/volume-activation/volume-activation-management-tool).
+- [VAMT technical reference](./volume-activation/volume-activation-management-tool.md).
 
 ### Windows Preinstallation Environment (Windows PE)
 
-Windows PE is a "Lite" version of Windows 10 and was created to act as a deployment platform. Windows PE replaces the DOS or Linux boot disks that ruled the deployment solutions of the last decade.
+Windows PE is a "lite" version of Windows used as a deployment platform.
 
-The key thing to know about Windows PE is that, like the operating system, it needs drivers for at least network and storage devices in each PC. Luckily Windows PE includes the same drivers as the full Windows 10 operating system, which means much of your hardware will work out of the box.
-
-![A machine booted with the Windows ADK default Windows PE boot image.](images/mdt-11-fig09.png)
-
-A machine booted with the Windows ADK default Windows PE boot image.
+Windows PE is like any other operating system and it needs drivers. However, it doesn't need a full set of drivers. It only needs a minimalist set of drivers necessary to deploy Windows. Normally only network and storage drivers are needed. Windows PE already includes a set of drivers out of the box so most devices work without the need to add any additional drivers.
 
 For more information on Windows PE, see [Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro).
 
 ## Windows Recovery Environment
 
-Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you'll see an automatic failover into Windows RE.
-
-![A Windows 10 client booted into Windows RE, showing Advanced options.](images/mdt-11-fig10.png)
-
-A Windows 10 client booted into Windows RE, showing Advanced options.
+Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in currently supported versions of Windows. Windows RE is based on Windows PE. If needed, Windows RE can also be extended with custom tools. If a Windows fails to start and Windows RE is installed, an automatic failover into Windows RE occurs.
 
 For more information on Windows RE, see [Windows Recovery Environment](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference).
 
 ## Windows Deployment Services
 
-Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you'll use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker.
+The main functions of Windows Deployment Services (WDS) are:
 
-![Windows Deployment Services using multicast to deploy three machines.](images/mdt-11-fig11.png)
+- PXE boot support.
+- Multicast.
+- BitLocker Network Unlock.
 
-Windows Deployment Services using multicast to deploy three machines.
+The following considerations should be observed when using WDS for operating system deployment:
 
-In Windows Server 2012 R2, [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11)) can be configured for stand-alone mode or for Active Directory integration. The Active Directory integration mode is the best option, in most scenarios. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you'll use them instead. In WDS, it's possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
+- WDS can be configured for stand-alone mode or for Active Directory integration. Active Directory integration mode is recommended in most scenarios.
 
-### Trivial File Transfer Protocol (TFTP) configuration
+- WDS has the capability to manage drivers. However, driver management through Microsoft Configuration Manager is more suitable for deployment due to its flexibility.
 
-In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—wasn't user friendly. In Windows Server 2012, this modification in settings has become much easier to do as it can be configured as a setting.
+- WDS can pre-stage unknown devices as a known computer in Active Directory. However, Microsoft Configuration Manager also has the capability of staging unknown devices as known devices in it's database. In most scenarios, Microsoft Configuration Manager is a better solution for pre-staging devices since it allows greater control and management.
 
-Also, there are a few new features related to TFTP performance:
+- Trivial File Transfer Protocol (TFTP) block size and windows size settings can be configured with WDS to increase performance and download speeds during PXE booting. However, although an increase in TFTP settings can increase performance and download speeds, it can also decrease reliability and cause failures, including a reduction of download speeds. There are many variables involved when determining TFTP settings, including networking equipment, network configuration, and device compatibility.
 
-- **Scalable buffer management**: Allows buffering an entire file instead of a fixed-size buffer for each client, enabling different sessions to read from the same shared buffer.
-- **Scalable port management**: Provides the capability to service clients with shared UDP port allocation, increasing scalability.
-- **Variable-size transmission window (Variable Windows Extension)**: Improves TFTP performance by allowing the client and server to determine the largest workable window size.
-
-![TFTP changes are now easy to perform.](images/mdt-11-fig12.png)
-
-TFTP changes are now easy to perform.
-
-## Microsoft Deployment Toolkit
-
-MDT is a free deployment solution from Microsoft. It provides end-to-end guidance, best practices, and tools for planning, building, and deploying Windows operating systems. MDT builds on top of the core deployment tools in the Windows ADK by contributing guidance, reducing complexity, and adding critical features for an enterprise-ready deployment solution.
-
-MDT has two main parts: the first is Lite Touch, which is a stand-alone deployment solution; the second is Zero Touch, which is an extension to Configuration Manager.
-
-**Note**  
-Lite Touch and Zero Touch are marketing names for the two solutions that MDT supports, and the naming has nothing to do with automation. You can fully automate the stand-alone MDT solution (Lite Touch), and you can configure the solution integration with Configuration Manager to prompt for information.
-
-![The Deployment Workbench in, showing a task sequence.](images/mdt-11-fig13.png)
-
-The Deployment Workbench in, showing a task sequence.
-
-For more information on MDT, see the [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) resource center.
-
-## Microsoft Security Compliance Manager 2013
-
-[Microsoft SCM](https://www.microsoft.com/download/details.aspx?id=53353) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
-
-![The SCM console showing a baseline configuration for a fictional client's computer security compliance.](images/mdt-11-fig14.png)
-
-The SCM console showing a baseline configuration for a fictional client's computer security compliance.
-
-## Microsoft Desktop Optimization Pack
-
-MDOP is a suite of technologies available to Software Assurance customers through another subscription.
-
-The following components are included in the MDOP suite:
-
-- **Microsoft Application Virtualization (App-V).** App-V 5.0 provides an integrated platform, more flexible virtualization, and powerful management for virtualized applications. With the release of App-V 5.0 SP3, you have support to run virtual applications on Windows 10.
-
-- **Microsoft User Experience Virtualization (UE-V).** UE-V monitors the changes that are made by users to application settings and Windows operating system settings. The user settings are captured and centralized to a settings storage location. These settings can then be applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions.
-
-- **Microsoft Advanced Group Policy Management (AGPM).** AGPM enables advanced management of Group Policy objects by providing change control, offline editing, and role-based delegation.
-- **Microsoft Diagnostics and Recovery Toolset (DaRT).** DaRT provides additional tools that extend Windows RE to help you troubleshoot and repair your machines.
-- **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, and monitor compliance with these policies.
-
-For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](/microsoft-desktop-optimization-pack/).
-
-<!--
-
-REMOVING SECTION SINCE INTERNET EXPLORER IS NO LONGER SUPPORTED
-
-## Internet Explorer Administration Kit 11
-
-There has been a version of IEAK for every version of Internet Explorer since 3.0. It gives you the capability to customize Internet Explorer as you would like. The end result of using IEAK is an Internet Explorer package that can be deployed unattended. The wizard creates one .exe file and one .msi file.
-
-![The User Experience selection screen in IEAK 11.](images/mdt-11-fig15.png)
-
-The User Experience selection screen in IEAK 11.
-
-To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](/internet-explorer/ie11-ieak/ieak-information-and-downloads) page.
-
--->
+    For stand-alone WDS, TFTP settings can be configured in the WDS console under the **TFTP** tab in the properties of the WDS server. For Microsoft Configuration manager, see [Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points](/mem/configmgr/osd/get-started/prepare-site-system-roles-for-operating-system-deployments#customize-the-ramdisk-tftp-block-and-window-sizes-on-pxe-enabled-distribution-points).
 
 ## Windows Server Update Services
 
-WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a local repository of Microsoft updates and then distribute them to machines on your network. WSUS offers approval control and reporting of update status in your environment.
+WSUS is a server role in Windows Server that enables a local repository of Microsoft updates. The Microsoft Update can then be distributed from the WSUS server to devices in the organization's environment without having to go out to the public Microsoft Update site. WSUS offers approval control and reporting of update status in the environment.
 
-![The Windows Server Update Services console.](images/mdt-11-fig16.png)
-
-The Windows Server Update Services console.
-
-For more information on WSUS, see the [Windows Server Update Services Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
+For more information on WSUS, see the [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus).
 
 ## Unified Extensible Firmware Interface
 
-For many years, BIOS has been the industry standard for booting a PC. BIOS has served us well, but it's time to replace it with something better. **UEFI** is the replacement for BIOS, so it's important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment.
+Unified Extensible Firmware Interface (**UEFI**) is used to initialize and boot a device. It's the successor for BIOS, the method used for many years to initialize and boot a device.
+
+This section will go over the advantages of UEFI over BIOS, how the two differ, and now it affects operating system deployment.
 
 ### Introduction to UEFI
 
-BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including:
+Although BIOS was used successfully on devices for many years, it has some limitations. For example:
 
 - 16-bit code
 - 1-MB address space
 - Poor performance on ROM initialization
 - MBR maximum bootable disk size of 2.2 TB
 
-As the replacement to BIOS, UEFI has many features that Windows can and will use.
+As the replacement to BIOS, UEFI has many features BIOS doesn't have. Windows can take advantage of many of these UEFI features. UEFI has the following features not available in BIOS:
 
-With UEFI, you can benefit from:
+- **Support for large disks** - UEFI requires a GUID Partition Table (GPT) based disk. GPT can support disks up to approximately 16.8 million TB in disk size. GPT also supports more than 100 primary disks.
 
-- **Support for large disks.** UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks.
-- **Faster boot time.** UEFI doesn't use INT 13, and that improves boot time, especially when it comes to resuming from hibernate.
-- **Multicast deployment.** UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start.
-- **Compatibility with earlier BIOS.** Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS.
-- **CPU-independent architecture.** Even if BIOS can run both 32-bit and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS.
-- **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That isn't needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment.
-- **Flexible pre-operating system environment.** UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors.
-- **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware can't switch the boot loader.
+- **Faster boot time** - UEFI replaces BIOS interrupt call INT 13h, improving boot time, especially when resuming from hibernate.
 
-### UEFI versions
+- **Multicast deployment** - UEFI firmware can use multicast directly when it boots up. With solutions such as WDS and Microsoft Configuration Manager, multicast support is only available by first booting into Windows PE. With UEFI, multicast can run directly from UEFI.
 
-UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a few machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later.
+- **Compatibility with earlier BIOS** - Older devices with UEFI had a UEFI implementation that included a compatibility support module (CSM) that emulates BIOS. However, due to the current wide support of UEFI, modern devices generally don't have a CSM and therefore aren't backward compatible with BIOS. For example, Windows 11 and newer doesn't support BIOS so therefore only runs on modern devices that have UEFI.
+
+- **CPU-independent architecture** - BIOS can run both 32-bit and 64-bit versions of firmware. However, all firmware device drivers on BIOS systems must be 16-bit. This limitation affects performance and only 64 KB of memory can be addressed. UEFI removes these limitations.
+
+- **CPU-independent drivers** - On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. This limitation isn't needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images. EBC images allow for a processor-independent device driver environment.
+
+- **Flexible pre-operating system environment** - UEFI supports UEFI application that can run before the OS is loaded. UEFI applications allow many additional features such as diagnostics, automatic repairs, and the ability to call home to report errors.
+
+- **Secure boot** - Currently supported versions of Windows use the UEFI firmware validation process, called [secure boot](/windows-hardware/design/device-experiences/oem-secure-boot). When secure boot is used, UEFI ensures that it launches only a verified operating system loader and that malware can't switch the boot loader.
 
 ### Hardware support for UEFI
 
 In regard to UEFI, hardware is divided into four device classes:
 
-- **Class 0 devices.** The device of this class is the UEFI definition for a BIOS, or non-UEFI, device.
-- **Class 1 devices.** The devices of this class behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured.
-- **Class 2 devices.** The devices of this class have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available.
-- **Class 3 devices.** The devices of this class are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 isn't supported on these class 3 devices. Class 3 devices don't have a CSM to emulate BIOS.
+- **Class 0 devices.** Devices in this class are BIOS, or non-UEFI, devices.
+
+- **Class 1 devices.** Devices in this class behave like a standard BIOS device, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS.
+
+- **Class 2 devices.** Devices in this class have the capability to behave as either a BIOS device or as a UEFI device. The boot process or the configuration in the firmware of the device determines the mode. Class 2 devices use a CSM to emulate BIOS.
+
+- **Class 3 devices.** The devices in this class are UEFI-only devices. They don't have backwards compatibility with BIOS. Devices in this class must run an operating system that supports UEFI. All currently supported versions of Windows support UEFI. Class 3 devices don't have a CSM to emulate BIOS.
+
+In general, all modern devices are Class 3 devices. Class 0, Class 1, and Class 2 devices are older devices and are no longer manufactured.
 
 ### Windows support for UEFI
 
-Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers.
+- Windows 10 supports both x86 and x64 versions of UEFI.
 
-With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI doesn't support cross-platform boot. This limitation means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system.
+- Windows 11 and newer only supports x64 versions of UEFI.
 
-### How UEFI is changing operating system deployment
+- UEFI doesn't support cross-platform boot.
+
+  - UEFI x64 devices can only run a 64-bit operating system. Most modern UEFI devices are x64.
+  - UEFI x86 devices can run only a 32-bit operating system. For Windows, only Windows 10 x86 supports UEFI x86. Windows 11 and newer doesn't support UEFI x86. Lack of UEFI x86 support in Windows 11 generally isn't an issue since UEFI x86 devices are rare.
+
+### UEFI considerations for operating system deployment
 
 There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices:
 
-- Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS.
-- When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It's common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa.
-- When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4 GB.
-- UEFI doesn't support cross-platform booting; therefore, you need to have the correct boot media (32-bit or 64-bit).
+- Class 2 devices can switch between BIOS and UEFI via the device's firmware. Make sure the desired mode for the device is selected in the device's firmware. Microsoft recommends using Class 2 devices in UEFI mode due to the added benefits and security that UEFI provides.
+
+    When a Class 2 device is switched from BIOS to UEFI, one of the following two actions needs to take place:
+
+  - The disk needs to be converted from MBR to GPT and then partitioned accordingly to support UEFI. This conversion can be done via a tool such as [diskpart](/windows-server/administration/windows-commands/diskpart). For example, while Windows running on BIOS only requires one partition that can be either FAT32 or NTFS, Windows running on a UEFI device requires the following partitions:
+
+    - FAT32 boot/system partition.
+    - NTFS OS partition.
+    - Microsoft reserved partition (MSR) partition (unique to Windows).
+    - Recovery partition (optional).
+
+    Because the existing disk is wiped as part of this process, the following actions need to take place:
+
+    - Windows need to be reinstalled.
+    - Applications need to be reinstalled.
+    - Data and settings need to be backed up and restored.
+
+    For more information, see [UEFI/GPT-based hard drive partitions](/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions).
+
+  - The [MBR2GPT.EXE](mbr-to-gpt.md) tool can be used to convert the disk from MBR to GPT for use with UEFI in a non-destructive way. **MBR2GPT.EXE** also reconfigures the partitioning on the disk with the correct partitioning for Windows to run on UEFI. The benefit of using the **MBR2GPT.EXE** is that it converts the disk and repartitions it without wiping the disk and without data loss. Since the disk isn't wiped and there's no data loss, the following actions don't need to be performed:
+
+    - Windows doesn't need to be reinstalled.
+    - Applications don't need to be reinstalled.
+    - Data and settings don't need to be backed up and restored.
+
+- When you deploy a Class 2 device, make sure the boot option is set to the proper boot device (hard drive, flash drive, PXE, etc.) The boot options available on Class 2 devices might differ between BIOS and UEFI modes.
+
+- When a UEFI device boots from media, the media has to be FAT32. UEFI only supports booting from FAT32 partitions, which is why the boot/system partition on the disk is FAT32. Additionally, FAT32 has a file-size limitation of 4 GB. OS images larger than 4 GB need to be split with a tool such as [DISM](/windows-hardware/manufacture/desktop/what-is-dism). For more information, see [Split-WindowsImage](/powershell/module/dism/split-windowsimage) or [/Split-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#split-image).
+
+- UEFI doesn't support cross architecture booting. x64 devices require x64 boot media and x86 devices require x86 boot media.
+
+- Most modern UEFI devices are x64. UEFI x86 devices are rare.
 
 For more information on UEFI, see the [UEFI firmware](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)) overview and related resources.
 
-## Related articles
+## Related content
 
-[Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)<br>
-[Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md)
+- [Windows ADK for Windows scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+- [MBR2GPT.EXE](mbr-to-gpt.md).
+- [UEFI/GPT-based hard drive partitions](/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions).
+- [UEFI firmware](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)).
diff --git a/windows/deployment/windows-deployment-scenarios.md b/windows/deployment/windows-deployment-scenarios.md
index 7666f71041..857188ae38 100644
--- a/windows/deployment/windows-deployment-scenarios.md
+++ b/windows/deployment/windows-deployment-scenarios.md
@@ -6,7 +6,7 @@ ms.author: frankroj
 author: frankroj
 ms.service: windows-client
 ms.localizationpriority: medium
-ms.topic: article
+ms.topic: conceptual
 ms.date: 02/13/2024
 ms.subservice: itpro-deploy
 appliesto:
@@ -37,7 +37,7 @@ The following tables summarize various Windows deployment scenarios. The scenari
 |Scenario|Description|More information|
 |--- |--- |--- |
 |[Windows Autopilot](#windows-autopilot)|Customize the out-of-box-experience (OOBE) for an organization, and deploy a new system with apps and settings already configured|[Overview of Windows Autopilot](/autopilot/windows-autopilot)|
-|[In-place upgrade](#in-place-upgrade)|Use Windows Setup to update the Windows version and migrate apps and settings. Rollback data is saved in Windows.old.|[Perform an in-place upgrade to Windows using Configuration Manager](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager)|
+|[In-place upgrade](#in-place-upgrade)|Use Windows Setup to update the Windows version and migrate apps and settings. Rollback data is saved in Windows.old.|[Perform an in-place upgrade to Windows using Configuration Manager](/mem/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version)|
 
 ### Dynamic
 
@@ -51,9 +51,9 @@ The following tables summarize various Windows deployment scenarios. The scenari
 
 |Scenario|Description|More information|
 |--- |--- |--- |
-|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy Windows using PXE and Configuration Manager](/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)|
-|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows client with a currently supported version of Windows using Configuration Manager](/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)|
-|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows client with a currently supported version of Windows using Configuration Manager](/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)|
+|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy Windows using PXE and Configuration Manager](/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)|
+|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows client with a currently supported version of Windows using Configuration Manager](/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)|
+|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows client with a currently supported version of Windows using Configuration Manager](/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)|
 
 > [!IMPORTANT]
 >
@@ -134,7 +134,7 @@ While Windows includes various provisioning settings and deployment mechanisms,
 In the past, organizations typically deployed Windows using an image-based process built on top of tools provided in:
 
 - [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md).
-- [Microsoft Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
+- [Microsoft Configuration Manager](/mem/configmgr).
 - Windows Deployment Services (WDS).
 - Microsoft Deployment Toolkit.
 
@@ -198,8 +198,8 @@ The deployment process for the replace scenario is as follows:
 
 ## Related articles
 
-- [Upgrade to Windows with Microsoft Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md).
-- [Deploy Windows using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md).
+- [Upgrade to Windows with Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version).
+- [Deploy Windows using PXE and Configuration Manager](/previous-versions/windows/it-pro/windows-10/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager).
 - [Windows setup technical reference](/windows-hardware/manufacture/desktop/windows-setup-technical-reference).
 - [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
 - [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi).
diff --git a/windows/deployment/windows-enterprise-e3-overview.md b/windows/deployment/windows-enterprise-e3-overview.md
index d92d11b9fc..f4532464b5 100644
--- a/windows/deployment/windows-enterprise-e3-overview.md
+++ b/windows/deployment/windows-enterprise-e3-overview.md
@@ -2,13 +2,14 @@
 title: Windows Enterprise E3 in CSP
 description: Describes Windows Enterprise E3, an offering that delivers, by subscription, the features of Windows Enterprise edition.
 ms.service: windows-client
+ms.subservice: activation
 ms.localizationpriority: medium
 ms.date: 02/13/2024
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: article
-ms.subservice: itpro-deploy
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
+ms.reviewer: nganguly
+ms.topic: concept-article
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -67,7 +68,7 @@ Windows Enterprise edition has many features that are unavailable in Windows Pro
 |Credential Guard|Credential Guard uses virtualization-based security to help protect security secrets so that only privileged system software can access them. Examples of security secrets that can be protected include NTLM password hashes and Kerberos Ticket Granting Tickets. This protection helps prevent Pass-the-Hash or Pass-the-Ticket attacks.<br><br>Credential Guard has the following features:<li>**Hardware-level security** - Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.<li>**Virtualization-based security** - Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.<li>**Improved protection against persistent threats** - Credential Guard works with other technologies (for example, Device Guard) to help provide further protection against attacks, no matter how persistent.<li>**Improved manageability** -  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.<br><br>For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).<br><br>*Credential Guard requires <ul><li>UEFI 2.3.1 or greater with Trusted Boot</li><li>Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled</li><li>x64 version of Windows</li><li>IOMMU, such as Intel VT-d, AMD-Vi</li><li>BIOS Lockdown</li><li>TPM 2.0 recommended for device health attestation (uses software if TPM 2.0 not present)*</li></ul>|
 |Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, they're much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.<br><br>Device Guard protects in the following ways:<li>Helps protect against malware<li>Helps protect the Windows system core from vulnerability and zero-day exploits<li>Allows only trusted apps to run<br><br>For more information, see [Introduction to Device Guard](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
 |AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.<br><br>For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
-|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users' devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.<br><br>For more information, see [Getting started with App-V for Windows client](/windows/application-management/app-v/appv-getting-started).|
+|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users' devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.<br><br>For more information, see [Getting started with App-V for Windows client](/microsoft-desktop-optimization-pack/app-v/appv-for-windows).|
 |User Experience Virtualization (UE-V)|With this feature, user-customized Windows and application settings can be captured and stored on a centrally managed network file share.<br><br>When users sign in, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they sign into.<br><br>UE-V provides the following features:<li>Specify which application and Windows settings synchronize across user devices<li>Deliver the settings anytime and anywhere users work throughout the enterprise<li>Create custom templates for line-of-business applications<li>Recover settings after hardware replacement or upgrade, or after reimaging a virtual machine to its initial state<br><br>For more information, see [User Experience Virtualization (UE-V) overview](/microsoft-desktop-optimization-pack/ue-v/uev-for-windows).|
 |Managed User Experience|This feature helps customize and lock down a Windows device's user interface to restrict it to a specific task. For example, a device can be configured for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. Access to services such as the Windows Store can also be restricted. For Windows 10, Start layout options can also be managed, such as:<li>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands<li>Removing Log Off (the User tile) from the Start menu<li>Removing frequent programs from the Start menu<li>Removing the All Programs list from the Start menu<li>Preventing users from customizing their Start screen<li>Forcing Start menu to be either full-screen size or menu size<li>Preventing changes to Taskbar and Start menu settings|
 
@@ -146,9 +147,9 @@ App-V requires an App-V server infrastructure to support App-V clients. The prim
 
 For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
 
-- [Getting started with App-V for Windows client](/windows/application-management/app-v/appv-getting-started)
-- [Deploying the App-V server](/windows/application-management/app-v/appv-deploying-the-appv-server)
-- [Deploying the App-V Sequencer and Configuring the Client](/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client)
+- [Getting started with App-V for Windows client](/microsoft-desktop-optimization-pack/app-v/appv-getting-started)
+- [Deploying the App-V server](/microsoft-desktop-optimization-pack/app-v/appv-deploying-the-appv-server)
+- [Deploying the App-V Sequencer and Configuring the Client](/microsoft-desktop-optimization-pack/app-v/appv-deploying-the-appv-sequencer-and-client)
 
 ### UE-V
 
diff --git a/windows/deployment/windows-missing-fonts.md b/windows/deployment/windows-missing-fonts.md
index 6cee49fa4f..eabee6f44f 100644
--- a/windows/deployment/windows-missing-fonts.md
+++ b/windows/deployment/windows-missing-fonts.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.topic: article
+ms.topic: conceptual
 ms.date: 03/28/2024
 ms.subservice: itpro-deploy
 zone_pivot_groups: windows-versions-11-10
diff --git a/windows/deployment/windows-subscription-activation.md b/windows/deployment/windows-subscription-activation.md
index 539f012a42..832396c41d 100644
--- a/windows/deployment/windows-subscription-activation.md
+++ b/windows/deployment/windows-subscription-activation.md
@@ -2,17 +2,15 @@
 title: Windows subscription activation
 description: Learn how to step up from Windows Pro to a Windows Enterprise subscription or from Windows Eduction Pro to a Windows Education subscription.
 ms.service: windows-client
-ms.subservice: itpro-fundamentals
+ms.subservice: activation
 ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.collection:
-  - highpri
-  - tier2
+ms.author: kaushika
+author: kaushika-msft
+manager: cshepard
+ms.reviewer: nganguly
 ms.topic: concept-article
 zone_pivot_groups: windows-versions-11-10
-ms.date: 03/04/2024
+ms.date: 09/03/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -55,6 +53,9 @@ Organizations that use the Subscription Activation feature to enable users to "s
 
 - [Windows Store for Business, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
 
+     > [!NOTE]
+     > The Microsoft Store for Business and Microsoft Store for Education are retired. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring).
+
 Although the app ID is the same in both instances, the name of the cloud app depends on the tenant.
 
 For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
@@ -135,7 +136,7 @@ With Windows Enterprise or Education editions, an organization can benefit from
 
 To compare Windows editions and review pricing, see the following sites:
 
-- [Compare Windows editions](https://www.microsoft.com/en-us/windows/business/windows-10-pro-vs-windows-11-pro) <!-- Leaving in language reference in URL because URL without it doesn't redirect properly>
+- [Compare Windows editions](https://www.microsoft.com/en-us/windows/business/windows-10-pro-vs-windows-11-pro) <!-- Leaving in language reference in URL because URL without it doesn't redirect properly-->
 - [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing)
 
 Benefits of moving to Windows as an online service include:
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 5fddd27458..3f458f6122 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -52,19 +52,20 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Windows for IT Pros",
       "contributors_to_exclude": [
         "dstrome2",
-        "rjagiewich",  
+        "rjagiewich",
         "American-Dipper",
-        "claydetels19", 
+        "claydetels19",
         "jborsecnik",
         "v-stchambers",
         "shdyas",
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "alekyaj"
+        "alekyaj",
+        "padmagit77",
+        "aditisrivastava07"
       ]
     },
     "fileMetadata": {},
@@ -72,4 +73,4 @@
     "dest": "windows-hub",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 4b0d111d73..6fbeb4df3b 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -1,152 +1,135 @@
 ### YamlMime:Hub
 
-title: Windows client documentation for IT Pros
-summary: Learn how to deploy, secure, and manage Windows clients for your organization.
+title: Windows client documentation
+summary: Documentation for IT pros on how to deploy, secure, and manage Windows clients for your organization.
 brand: windows
 
 metadata:
   title: Windows client documentation
-  description: Learn how to deploy, secure, and manage Windows clients for your organization.
+  description: Documentation for IT pros on how to deploy, secure, and manage Windows clients for your organization.
   ms.topic: hub-page
   ms.service: windows-client
   ms.collection:
     - tier1
     - essentials-navigation
-  author: paolomatarazzo
-  ms.author: paoloma
+  author: aczechowski
+  ms.author: aaroncz
   manager: aaroncz
-  ms.date: 04/25/2024
+  ms.date: 08/27/2024
 
 highlightedContent:
+# itemType: architecture | concept | deploy | download | get-started | how-to-guide | training | overview | quickstart | reference | sample | tutorial | video | whats-new
   items:
+
   - title: Get started with Windows 11
     itemType: get-started
     url: /windows/whats-new/windows-11-overview
+
   - title: Windows 11, version 23H2
     itemType: whats-new
     url: /windows/whats-new/whats-new-windows-11-version-23h2
+
   - title: Windows 11, version 23H2 group policy settings reference
     itemType: download
     url: https://www.microsoft.com/download/details.aspx?id=105668
-  - title: Windows release health
-    itemType: whats-new
-    url: /windows/release-health
-  - title: Windows commercial licensing
-    itemType: overview
-    url: /windows/whats-new/windows-licensing
-  - title: Copilot in Windows
-    itemType: how-to-guide
-    url: /windows/client-management/manage-windows-copilot
-  - title: Windows 365 documentation
-    itemType: overview
-    url: /windows-365
-  - title: Explore all Windows trainings and learning paths for IT pros
-    itemType: learn
-    url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
 
-#  - title: Enroll Windows client devices in Microsoft Intune
-#    itemType: how-to-guide
-#    url: /mem/intune/fundamentals/deployment-guide-enrollment-windows
+  - title: Windows administrative tools
+    itemType: concept
+    url: /windows/client-management/client-tools/administrative-tools-in-windows
 
-productDirectory:
-  title: Get started
+
+conceptualContent:
+# itemType: architecture | concept | deploy | download | get-started | how-to-guide | training | overview | quickstart | reference | sample | tutorial | video | whats-new
   items:
-
-    - title: Learn how to deploy Windows
-      imageSrc: /media/common/i_deploy.svg
+    - title: Deploy Windows
       links:
-        - url: /mem/autopilot/
-          text: Windows Autopilot overview
-        - url: /mem/autopilot/tutorial/autopilot-scenarios
-          text: "Tutorial: Windows Autopilot scenarios"
-        - url: /windows/deployment/do/
-          text: Delivery optimization
-        - url: /windows/deployment/update/deployment-service-overview
-          text: Windows Update for Business deployment service
-        - url: /windows/deployment/windows-autopatch
-          text: Windows Autopatch overview
-        - url: /windows/deployment
-          text: Learn more about Windows deployment >
+      - url: /autopilot/
+        itemType: deploy
+        text: Windows Autopilot
+      - url: /windows/deployment/windows-autopatch
+        itemType: overview
+        text: Windows Autopatch
+      - url: /windows/deployment/do/
+        itemType: concept
+        text: Delivery optimization
+      footerLink:
+        url: /windows/deployment
+        text: See more
 
-    - title: Learn how to secure Windows
-      imageSrc: /media/common/i_security-management.svg
+    - title: Secure Windows
       links:
-        - url: /windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines
-          text: Windows security baselines
-        - url: /windows/security/identity-protection/hello-for-business
-          text: Windows Hello for Business
-        - url: /windows/security/identity-protection/web-sign-in
-          text: Web sign-in for Windows
-        - url: /windows/security/threat-protection/windows-defender-application-control
-          text: Windows Defender Application Control (WDAC)
-        - url: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
-          text: Microsoft Defender Application Guard
-        - url: /windows/security
-          text: Learn more about Windows security >
+      - url: /windows/security/introduction
+        itemType: overview
+        text: Introduction to Windows security
+      - url: /windows/security/operating-system-security/data-protection/bitlocker/
+        itemType: concept
+        text: BitLocker
+      - url: /windows/security/identity-protection/hello-for-business
+        itemType: concept
+        text: Windows Hello for Business
+      footerLink:
+        url: /windows/security
+        text: See more
 
-    - title: Learn about privacy in Windows
-      imageSrc: /media/common/i_lock.svg
+    - title: Privacy in Windows
       links:
-        - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
-          text: Windows 11 required diagnostic data
-        - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
-          text: Configure Windows diagnostic data in your organization
-        - url: /windows/privacy/diagnostic-data-viewer-overview
-          text: Diagnostic Data Viewer
-        - url: /windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
-          text: Manage connections to Microsoft services
-        - url: /windows/privacy/windows-10-and-privacy-compliance
-          text: Windows privacy compliance guide
-        - url: /windows/privacy
-          text: Learn more about privacy in Windows >
+      - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
+        itemType: reference
+        text: Windows 11 required diagnostic data
+      - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
+        itemType: how-to-guide
+        text: Configure Windows diagnostic data in your organization
+      - url: /windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
+        itemType: reference
+        text: Manage connections to Microsoft services
+      footerLink:
+        url: /windows/privacy
+        text: See more
 
-    - title: Learn how to manage Windows
-      imageSrc: /media/common/i_management.svg
+    - title: Manage Windows
       links:
-        - url: /windows/client-management/mobile-device-enrollment
-          text: MDM enrollment
-        - url: /windows/client-management/mdm/
-          text: Configuration Service Provider (CSP)
-        - url: /windows/client-management/administrative-tools-in-windows-10
-          text: Windows administrative tools
-        - url: /windows/client-management/manage-windows-copilot
-          text: Manage Copilot in Windows
-        - url: /windows/application-management/index
-          text: Learn more about application management >
-        - url: /windows/client-management
-          text: Learn more about Windows management >
+      - url: /windows/client-management/client-tools/administrative-tools-in-windows
+        itemType: concept
+        text: Windows administrative tools
+      - url: /windows/client-management/client-tools/windows-version-search
+        itemType: how-to-guide
+        text: What version of Windows am I running?
+      - url: /windows/client-management/mdm/
+        itemType: reference
+        text: Configuration Service Provider (CSP) policies
+      footerLink:
+        url: /windows/client-management
+        text: See more
 
-    - title: Learn how to configure Windows
-      imageSrc: /media/common/i_config-tools.svg
+    - title: Configure Windows
       links:
-        - url: /windows/configuration/windows-accessibility-for-itpros
-          text: Accessibility information
-        - url: /windows/configuration/provisioning-packages/provisioning-packages
-          text: Use Provisioning packages to configure new devices
-        - url: /windows/configuration/customize-start-menu-layout-windows-11
-          text: Customize the Start menu layout
-        - url: /windows/configuration/set-up-shared-or-guest-pc
-          text: Set up a shared or guest PC
-        - url: /windows/configuration/assigned-access
-          text: Configure kiosks and restricted user experiences
-        - url: /windows/configuration
-          text: Learn more about Windows configuration >
+      - url: /windows/configuration/accessibility/
+        itemType: overview
+        text: Accessibility information
+      - url: /windows/configuration/start/layout
+        itemType: how-to-guide
+        text: Customize the Start layout
+      - url: /windows/configuration/assigned-access
+        itemType: concept
+        text: Kiosks and restricted user experiences
+      footerLink:
+        url: /windows/configuration
+        text: See more
 
-    - title: Learn about Windows for Education
-      imageSrc: /media/common/i_advanced.svg
+    - title: Windows for Education
       links:
-        - url: /education/windows/tutorial-school-deployment/
-          text: "Tutorial: deploy and manage Windows devices in a school"
-        - url: /education/windows/windows-11-se-overview
-          text: Windows 11 SE Overview
-        - url: /education/windows/federated-sign-in
-          text: Configure federated sign-in for Windows devices
-        - url: /education/windows/get-minecraft-for-education
-          text: Get and deploy Minecraft Education
-        - url: /education/windows/take-tests-in-windows
-          text: Take tests and assessments in Windows
-        - url: /education/Windows
-          text: Learn more about Windows for Education >
+      - url: /education/windows/federated-sign-in
+        itemType: how-to-guide
+        text: Configure federated sign-in for Windows devices
+      - url: /education/windows/get-minecraft-for-education
+        itemType: concept
+        text: Get and deploy Minecraft Education
+      - url: /education/windows/windows-11-se-overview
+        itemType: overview
+        text: Windows 11 SE
+      footerLink:
+        url: /education/windows
+        text: See more
 
 additionalContent:
   sections:
@@ -155,46 +138,36 @@ additionalContent:
 
         - title: Windows hardware
           links:
-            - text: Windows hardware developer documentation
-              url: /windows-hardware/drivers/
-            - text: Get started with building Windows devices
-              url: /windows-hardware/get-started
+            - text: Download and install the Windows ADK
+              url: /windows-hardware/get-started/adk-install
             - text: Download the Windows Driver Kit
               url: /windows-hardware/drivers/download-the-wdk
             - text: Device and driver installation
               url: /windows-hardware/drivers/install/overview-of-device-and-driver-installation
-            - text: Windows Driver Frameworks
-              url: /windows-hardware/drivers/wdf/
-            - text: Kernel-mode driver architecture design guide
-              url: /windows-hardware/drivers/kernel/
 
         - title: Windows Server
           links:
             - text: Windows Server documentation
               url: /windows-server
-            - text: What's new in Windows Server 2022?
-              url: /windows-server/get-started/whats-new-in-windows-server-2022
+            - text: What's new in Windows Server 2025
+              url: /windows-server/get-started/whats-new-windows-server-2025
             - text: Windows Server blog
-              url: https://cloudblogs.microsoft.com/windowsserver/
+              url: https://www.microsoft.com/windows-server/blog/
 
         - title: Windows product site and blogs
           links:
-            - text: Find out how Windows enables your business to do more
-              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows user documentation
+              url: https://support.microsoft.com/windows
             - text: Windows blogs
               url: https://blogs.windows.com/
             - text: Windows IT Pro blog
-              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
-            - text: Microsoft Intune blog
-              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
-            - text: "Windows help & learning: end-user documentation"
-              url: https://support.microsoft.com/windows
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows-ITPro-blog
 
         - title: Participate in the community
           links:
             - text: Windows community
-              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
-            - text: Microsoft Intune community
-              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
-            - text: Microsoft Support community
-              url: https://answers.microsoft.com/windows/forum
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows
+            - text: Windows office hours
+              url: https://aka.ms/Windows/OfficeHours
+            - text: Microsoft support community
+              url: https://answers.microsoft.com/
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
deleted file mode 100644
index 55ed54b6bd..0000000000
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ /dev/null
@@ -1,6416 +0,0 @@
----
-description: Learn more about the Windows 10, version 1703 diagnostic data gathered at the basic level.
-title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10)
-ms.service: windows-client
-ms.subservice: itpro-privacy
-localizationpriority: medium
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 03/27/2017
-ms.topic: reference
----
-
-
-# Windows 10, version 1703 basic level Windows diagnostic events and fields
-
- **Applies to**
-
-- Windows 10, version 1703
-
-
-The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
-
-The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-
-Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
-
-You can learn more about Windows functional and diagnostic data through these articles:
-
-- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
-- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
-- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
-
-
-
-
-## Appraiser events
-
-### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
-
-This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
-- **InventoryLanguagePack**  The total number of objects of this type present on this device.
-- **InventorySystemBios**  The total number of objects of this type present on this device.
-- **PCFP**  The total number of objects of this type present on this device.
-- **SystemProcessorCompareExchange**  The total number of objects of this type present on this device.
-- **SystemProcessorNx**  The total number of objects of this type present on this device.
-- **SystemProcessorPrefetchW**  The total number of objects of this type present on this device.
-- **SystemProcessorSse2**  The total number of objects of this type present on this device.
-- **SystemWim**  The total number of objects of this type present on this device.
-- **SystemWindowsActivationStatus**  The total number of objects of this type present on this device.
-- **SystemWlan**  The total number of objects of this type present on this device.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
-
-This event represents the basic metadata about specific application files installed on the system. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **AvDisplayName**  If the app is an anti-virus app, this is its display name.
-- **CompatModelIndex**  The compatibility prediction for this file.
-- **HasCitData**  Indicates whether the file is present in CIT data.
-- **HasUpgradeExe**  Indicates whether the anti-virus app has an upgrade.exe file.
-- **IsAv**  Is the file an anti-virus reporting EXE?
-- **ResolveAttempted**  This will always be an empty string when sending diagnostic data.
-- **SdbEntries**  An array of fields that indicates the SDB entries that apply to this file.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
-
-This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
-
-This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
-
-This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActiveNetworkConnection**  Indicates whether the device is an active network device.
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **IsBootCritical**  Indicates whether the device boot is critical.
-- **SdbEntries**  An array of fields indicating the SDB entries that apply to this device.
-- **WuDriverCoverage**  Indicates whether there is a driver uplevel for this device, according to Windows Update.
-- **WuDriverUpdateId**  The Windows Update ID of the applicable uplevel driver.
-- **WuDriverUpdateID**  The Update ID of the applicable uplevel driver from Windows Update.
-- **WuPopulatedFromId**  The expected uplevel driver matching ID based on driver coverage from Windows Update.
-- **WuPopulatedFromID**  The expected uplevel driver matching ID based on driver coverage from Windows Update.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
-
-This event indicates that the DatasourceDevicePnp object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
-
-This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
-
-This event sends compatibility database data about driver packages to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
-
-This event indicates that the DatasourceDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
-
-This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
-
-This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
-
-This event indicates that the DataSourceMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
-
-This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events has completed being sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
-
-This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
-
-This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
-
-This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
-
-This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
-
-This event sends compatibility database information about the BIOS to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **SdbEntries**  An array of fields indicating the SDB entries that apply to this BIOS.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
-
-This event indicates that the DatasourceSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
-
-This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
-
-This event sends compatibility decision data about a file to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **BlockAlreadyInbox**  The uplevel runtime block on the file already existed on the current OS.
-- **BlockingApplication**  Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
-- **DisplayGenericMessage**  Will be a generic message be shown for this file?
-- **HardBlock**  This file is blocked in the SDB.
-- **HasUxBlockOverride**  Does the file have a block that is overridden by a tag in the SDB?
-- **MigApplication**  Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
-- **MigRemoval**  Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
-- **NeedsDismissAction**  Will the file cause an action that can be dimissed?
-- **NeedsInstallPostUpgradeData**  After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
-- **NeedsNotifyPostUpgradeData**  Does the file have a notification that should be shown after upgrade?
-- **NeedsReinstallPostUpgradeData**  After upgrade, this file will have a post-upgrade notification to reinstall the app.
-- **NeedsUninstallAction**  The file must be uninstalled to complete the upgrade.
-- **SdbBlockUpgrade**  The file is tagged as blocking upgrade in the SDB,
-- **SdbBlockUpgradeCanReinstall**  The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
-- **SdbBlockUpgradeUntilUpdate**  The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
-- **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
-- **SoftBlock**  The file is softblocked in the SDB and has a warning.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-
-This event indicates that the DecisionApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
-
-This event indicates that a new set of DecisionApplicationFileAdd events will be sent. This event is used to make compatibility decisions about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
-
-This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **AssociatedDriverIsBlocked**  Is the driver associated with this PNP device blocked?
-- **BlockAssociatedDriver**  Should the driver associated with this PNP device be blocked?
-- **BlockingDevice**  Is this PNP device blocking upgrade?
-- **BlockUpgradeIfDriverBlocked**  Is the PNP device both boot critical and does not have a driver included with the OS?
-- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork**  Is this PNP device the only active network device?
-- **DisplayGenericMessage**  Will a generic message be shown during Setup for this PNP device?
-- **DriverAvailableInbox**  Is a driver included with the operating system for this PNP device?
-- **DriverAvailableOnline**  Is there a driver for this PNP device on Windows Update?
-- **DriverAvailableUplevel**  Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden**  Is there is a driver block on the device that has been overridden?
-- **NeedsDismissAction**  Will the user would need to dismiss a warning during Setup for this device?
-- **NotRegressed**  Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
-- **SdbDeviceBlockUpgrade**  Is there an SDB block on the PNP device that blocks upgrade?
-- **SdbDriverBlockOverridden**  Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
-
-This event Indicates that the DecisionDevicePnp object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
-
-This event indicates that a new set of DecisionDevicePnpAdd events will be sent. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
-
-This event sends decision data about driver package compatibility to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **DriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-- **DriverIsDeviceBlocked**  Was the driver package was blocked because of a device block?
-- **DriverIsDriverBlocked**  Is the driver package blocked because of a driver block?
-- **DriverShouldNotMigrate**  Should the driver package be migrated during upgrade?
-- **SdbDriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
-
-This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
-
-The DecisionDriverPackageStartSync event indicates that a new set of DecisionDriverPackageAdd events will be sent. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
-
-This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **BlockingApplication**  Are there are any application issues that interfere with upgrade due to matching info blocks?
-- **DisplayGenericMessage**  Will a generic message be shown for this block?
-- **NeedsUninstallAction**  Does the user need to take an action in setup due to a matching info block?
-- **SdbBlockUpgrade**  Is a matching info block blocking upgrade?
-- **SdbBlockUpgradeCanReinstall**  Is a matching info block blocking upgrade, but has the can reinstall tag?
-- **SdbBlockUpgradeUntilUpdate**  Is a matching info block blocking upgrade but has the until update tag?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove
-
-This event indicates that the DecisionMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
-
-This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
-
-This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Are there any application issues that interfere with upgrade due to matching info blocks?
-- **MigApplication**  Is there a matching info block with a mig for the current mode of upgrade?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove
-
-This event Indicates that the DecisionMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
-
-This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **NeedsInstallPostUpgradeData**  Will the file have a notification after upgrade to install a replacement for the app?
-- **NeedsNotifyPostUpgradeData**  Should a notification be shown for this file after upgrade?
-- **NeedsReinstallPostUpgradeData**  Will the file have a notification after upgrade to reinstall the app?
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
-
-This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
-
-This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **BlockingApplication**  Is there any application issues that interfere with upgrade due to Windows Media Center?
-- **MediaCenterActivelyUsed**  If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
-- **MediaCenterIndicators**  Do any indicators imply that Windows Media Center is in active use?
-- **MediaCenterInUse**  Is Windows Media Center actively being used?
-- **MediaCenterPaidOrActivelyUsed**  Is Windows Media Center actively being used or is it running on a supported edition?
-- **NeedsDismissAction**  Are there any actions that can be dismissed coming from Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
-
-This event indicates that the DecisionMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
-
-This event indicates that a new set of DecisionMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
-
-This event sends compatibility decision data about the BIOS to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device blocked from upgrade due to a BIOS block?
-- **HasBiosBlock**  Does the device have a BIOS block?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
-
-This event indicates that the DecisionSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
-
-This event indicates that a new set of DecisionSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.EnterpriseScenarioWithDiagTrackServiceRunning
-
-This event indicates that Appraiser has been triggered to run an enterprise scenario while the DiagTrack service is installed. This event can only be sent if a special flag is used to trigger the enterprise scenario. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.GatedRegChange
-
-This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
-
-The following fields are available:
-
-- **NewData**  The data in the registry value after the scan completed.
-- **OldData**  The previous data in the registry value before the scan ran.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **RegKey**  The registry key name for which a result is being sent.
-- **RegValue**  The registry value for which a result is being sent.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
-
-This event represents the basic metadata about a file on the system.  The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
-- **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
-- **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
-- **BoeProgramId**  If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
-- **CompanyName**  The company name of the vendor who developed this file.
-- **FileId**  A hash that uniquely identifies a file.
-- **FileVersion**  The File version field from the file metadata under Properties -> Details.
-- **LinkDate**  The date and time that this file was linked on.
-- **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
-- **Name**  The name of the file that was inventoried.
-- **ProductName**  The Product name field from the file metadata under Properties -> Details.
-- **ProductVersion**  The Product version field from the file metadata under Properties -> Details.
-- **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
-- **Size**  The size of the file (in hexadecimal bytes).
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
-
-This event indicates that the InventoryApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
-
-This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **HasLanguagePack**  Indicates whether this device has 2 or more language packs.
-- **LanguagePackCount**  The number of language packs are installed.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
-
-This event indicates that the InventoryLanguagePack object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
-
-This event indicates that a new set of InventoryLanguagePackAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
-
-This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **EverLaunched**  Has Windows Media Center ever been launched?
-- **HasConfiguredTv**  Has the user configured a TV tuner through Windows Media Center?
-- **HasExtendedUserAccounts**  Are any Windows Media Center Extender user accounts configured?
-- **HasWatchedFolders**  Are any folders configured for Windows  Media Center to watch?
-- **IsDefaultLauncher**  Is Windows Media Center the default app for opening music or video files?
-- **IsPaid**  Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
-- **IsSupported**  Does the running OS support Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
-
-This event indicates that the InventoryMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
-
-This event indicates that a new set of InventoryMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
-
-This event sends basic metadata about the BIOS to determine whether it has a compatibility block. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BiosDate**  The release date of the BIOS in UTC format.
-- **BiosName**  The name field from Win32_BIOS.
-- **Manufacturer**  The manufacturer field from Win32_ComputerSystem.
-- **Model**  The model field from Win32_ComputerSystem.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
-
-This event indicates that the InventorySystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
-
-This event indicates that a new set of InventorySystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
-
-This event runs only during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. It is critical in understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BootCritical**  Is the driver package marked as boot critical?
-- **Build**  The build value from the driver package.
-- **CatalogFile**  The name of the catalog file within the driver package.
-- **Class**  The device class from the driver package.
-- **ClassGuid**  The device class unique ID from the driver package.
-- **Date**  The date from the driver package.
-- **Inbox**  Is the driver package of a driver that is included with Windows?
-- **OriginalName**  The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
-- **Provider**  The provider of the driver package.
-- **PublishedName**  The name of the INF file after it was renamed.
-- **Revision**  The revision of the driver package.
-- **SignatureStatus**  Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
-- **VersionMajor**  The major version of the driver package.
-- **VersionMinor**  The minor version of the driver package.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
-
-This event indicates that the InventoryUplevelDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
-
-This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.RunContext
-
-This event is sent at the beginning of an appraiser run, the RunContext indicates what should be expected in the following data payload. This event is used with the other Appraiser events to make compatibility decisions to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the currently running version of Appraiser was built.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Context**  Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
-
-This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device from upgrade due to memory restrictions?
-- **MemoryRequirementViolated**  Was a memory requirement violated?
-- **pageFile**  The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
-- **ram**  The amount of memory on the device.
-- **ramKB**  The amount of memory (in KB).
-- **virtual**  The size of the user-mode portion of the virtual address space of the calling process (in bytes).
-- **virtualKB**  The amount of virtual memory (in KB).
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
-
-This event that the SystemMemory object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
-
-This event indicates that a new set of SystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
-
-This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **CompareExchange128Support**  Does the CPU support CompareExchange128?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
-
-This event indicates that the SystemProcessorCompareExchange object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
-
-This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
-
-This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **LahfSahfSupport**  Does the CPU support LAHF/SAHF?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
-
-This event indicates that the SystemProcessorLahfSahf object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
-
-This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
-
-This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **NXDriverResult**  The result of the driver used to do a non-deterministic check for NX support.
-- **NXProcessorSupport**  Does the processor support NX?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
-
-This event indicates that the SystemProcessorNx object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
-
-This event  indicates that a new set of SystemProcessorNxAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
-
-This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **PrefetchWSupport**  Does the processor support PrefetchW?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
-
-This event indicates that the SystemProcessorPrefetchW object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
-
-This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
-
-This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **SSE2ProcessorSupport**  Does the processor support SSE2?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
-
-This event indicates that the SystemProcessorSse2 object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
-
-This event indicates that a new set of SystemProcessorSse2Add events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchAdd
-
-This event sends data indicating whether the system supports touch, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IntegratedTouchDigitizerPresent**  Is there an integrated touch digitizer?
-- **MaximumTouches**  The maximum number of touch points supported by the device hardware.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchRemove
-
-This event indicates that the SystemTouch object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
-
-This event indicates that a new set of SystemTouchAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimAdd
-
-This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IsWimBoot**  Is the current operating system running from a compressed WIM file?
-- **RegistryWimBootValue**  The raw value from the registry that is used to indicate if the device is running from a WIM.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimRemove
-
-This event indicates that the SystemWim object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimStartSync
-
-This event indicates that a new set of SystemWimAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
-
-This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **WindowsIsLicensedApiValue**  The result from the API that's used to indicate if operating system is activated.
-- **WindowsNotActivatedDecision**  Is the current operating system activated?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
-
-This event indicates that the SystemWindowsActivationStatus object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
-
-This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanAdd
-
-This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked because of an emulated WLAN driver?
-- **HasWlanBlock**  Does the emulated WLAN driver have an upgrade block?
-- **WlanEmulatedDriver**  Does the device have an emulated WLAN driver?
-- **WlanExists**  Does the device support WLAN at all?
-- **WlanModulePresent**  Are any WLAN modules present?
-- **WlanNativeDriver**  Does the device have a non-emulated WLAN driver?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanRemove
-
-This event indicates that the SystemWlan object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
-
-This event indicates that a new set of SystemWlanAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
-
-This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the version of Appraiser that is running was built.
-- **AppraiserDataVersion**  The version of the data files being used by the Appraiser diagnostic data run.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
-- **AuxFinal**  Obsolete, always set to false.
-- **AuxInitial**  Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
-- **DeadlineDate**  A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
-- **EnterpriseRun**  Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
-- **FullSync**  Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
-- **InventoryFullSync**  Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **PerfBackoff**  Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
-- **PerfBackoffInsurance**  Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
-- **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
-- **RunDate**  The date that the diagnostic data run was stated, expressed as a filetime.
-- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
-- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and therefore is making decisions using up-to-date driver coverage information.
-- **RunResult**  The hresult of the Appraiser diagnostic data run.
-- **SendingUtc**  Indicates whether the Appraiser client is sending events during the current diagnostic data run.
-- **StoreHandleIsNotNull**  Obsolete, always set to false
-- **TelementrySent**  Indicates whether diagnostic data was successfully sent.
-- **ThrottlingUtc**  Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
-- **Time**  The client time of the event.
-- **VerboseMode**  Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
-- **WhyFullSyncWithoutTablePrefix**  Indicates the reason or reasons that a full sync was generated.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmAdd
-
-This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Same as NeedsDismissAction.
-- **NeedsDismissAction**  Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
-- **WmdrmApiResult**  Raw value of the API used to gather DRM state.
-- **WmdrmCdRipped**  Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
-- **WmdrmIndicators**  WmdrmCdRipped OR WmdrmPurchased.
-- **WmdrmInUse**  WmdrmIndicators AND dismissible block in setup was not dismissed.
-- **WmdrmNonPermanent**  Indicates if the system has any files with non-permanent licenses.
-- **WmdrmPurchased**  Indicates if the system has any files with permanent licenses.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmRemove
-
-This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmStartSync
-
-The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-## Census events
-
-### Census.App
-
-This event sends version data about the Apps running on this device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CensusVersion**  The version of Census that generated the current data for this device.
-- **IEVersion**  The version of Internet Explorer that is running on the device.
-
-
-### Census.Battery
-
-This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalBatteryCapablities**  Represents information about what the battery is capable of doing.
-- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
-- **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
-- **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
-- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected. Boolean value.
-
-
-### Census.Enterprise
-
-This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
-- **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
-- **CDJType**  Represents the type of cloud domain joined for the machine.
-- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
-- **ContainerType**  The type of container, such as process or virtual machine hosted.
-- **HashedDomain**  The hashed representation of the user domain used for login.
-- **IsCloudDomainJoined**  Is this device joined to an Azure Active Directory (Azure AD) tenant? true/false
-- **IsDERequirementMet**  Represents if the device can do device encryption.
-- **IsDeviceProtected**  Represents if Device protected by BitLocker/Device Encryption
-- **IsDomainJoined**  Indicates whether a machine is joined to a domain.
-- **IsEDPEnabled**  Represents if Enterprise data protected on the device.
-- **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
-- **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
-- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
-- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier.
-
-
-### Census.Firmware
-
-This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FirmwareManufacturer**  Represents the manufacturer of the device's firmware (BIOS).
-- **FirmwareReleaseDate**  Represents the date the current firmware was released.
-- **FirmwareType**  Represents the firmware type. The various types can be unknown, BIOS, UEFI.
-- **FirmwareVersion**  Represents the version of the current firmware.
-
-
-### Census.Flighting
-
-This event sends Windows Insider data from customers participating in improvement testing and feedback programs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceSampleRate**  The telemetry sample rate assigned to the device.
-- **EnablePreviewBuilds**  Used to enable Windows Insider builds on a device.
-- **FlightIds**  A list of the different Windows Insider builds on this device.
-- **FlightingBranchName**  The name of the Windows Insider branch currently used by the device.
-- **IsFlightsDisabled**  Represents if the device is participating in the Windows Insider program.
-- **MSA_Accounts**  Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
-- **SSRK**  Retrieves the mobile targeting settings.
-
-
-### Census.Hardware
-
-This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActiveMicCount**  The number of active microphones attached to the device.
-- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
-- **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
-- **DeviceColor**  Indicates a color of the device.
-- **DeviceForm**  Indicates the form as per the device classification.
-- **DeviceName**  The device name that is set by the user.
-- **DigitizerSupport**  Is a digitizer supported?
-- **DUID**  The device unique ID.
-- **InventoryId**  The device ID used for compatibility testing.
-- **OEMDigitalMarkerFileName**  The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
-- **OEMManufacturerName**  The device manufacturer name.  The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
-- **OEMModelBaseBoard**  The baseboard model used by the OEM.
-- **OEMModelBaseBoardVersion**  Differentiates between developer and retail devices.
-- **OEMModelName**  The device model name.
-- **OEMModelNumber**  The device model number.
-- **OEMModelSKU**  The device edition that is defined by the manufacturer.
-- **OEMModelSystemFamily**  The system family set on the device by an OEM.
-- **OEMModelSystemVersion**  The system model version set on the device by the OEM.
-- **OEMOptionalIdentifier**  A Microsoft assigned value that represents a specific OEM subsidiary.
-- **OEMSerialNumber**  The serial number of the device that is set by the manufacturer.
-- **PhoneManufacturer**  The friendly name of the phone manufacturer.
-- **PowerPlatformRole**  The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
-- **SoCName**  The firmware manufacturer of the device.
-- **StudyID**  Used to identify retail and non-retail device.
-- **TelemetryLevel**  The telemetry level the user has opted into, such as Basic or Enhanced.
-- **TelemetrySettingAuthority**  Determines who set the telemetry level, such as GP, MDM, or the user.
-- **TPMVersion**  The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
-- **VoiceSupported**  Does the device have a cellular radio capable of making voice calls?
-
-
-### Census.Memory
-
-This event sends data about the memory on the device, including ROM and RAM. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **TotalPhysicalRAM**  Represents the physical memory (in MB).
-- **TotalVisibleMemory**  Represents the memory that is not reserved by the system.
-
-
-### Census.Network
-
-This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors). The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **IMEI0**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **IMEI1**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **MCC0**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MCC1**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MEID**  Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
-- **MNC0**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MNC1**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MobileOperatorBilling**  Represents the telephone company that provides services for mobile phone users.
-- **MobileOperatorCommercialized**  Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
-- **MobileOperatorNetwork0**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **MobileOperatorNetwork1**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **NetworkAdapterGUID**  The GUID of the primary network adapter.
-- **NetworkCost**  Represents the network cost associated with a connection.
-- **SPN0**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-- **SPN1**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-
-
-### Census.OS
-
-This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActivationChannel**  Retrieves the retail license key or Volume license key for a machine.
-- **CompactOS**  Indicates if the Compact OS feature from Win10 is enabled.
-- **DeveloperUnlockStatus**  Represents if a device has been developer unlocked by the user or Group Policy.
-- **DeviceTimeZone**  The time zone that is set on the device. Example: Pacific Standard Time
-- **GenuineState**  Retrieves the ID Value specifying the OS Genuine check.
-- **InstallationType**  Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
-- **InstallLanguage**  The first language installed on the user machine.
-- **IsDeviceRetailDemo**  Retrieves if the device is running in demo mode.
-- **IsEduData**  Returns Boolean if the education data policy is enabled.
-- **IsPortableOperatingSystem**  Retrieves whether OS is running Windows-To-Go
-- **IsSecureBootEnabled**  Retrieves whether Boot chain is signed under UEFI.
-- **LanguagePacks**  The list of language packages installed on the device.
-- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
-- **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
-- **OSEdition**  Retrieves the version of the current OS.
-- **OSInstallDateTime**  Retrieves the date the OS was installed using ISO 8601 (Date part) == yyyy-mm-dd
-- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc.
-- **OSOOBEDateTime**  Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
-- **OSSKU**  Retrieves the Friendly Name of OS Edition.
-- **OSSubscriptionStatus**  Represents the existing status for enterprise subscription feature for PRO machines.
-- **OSSubscriptionTypeId**  Returns boolean for enterprise subscription feature for selected PRO machines.
-- **OSTimeZoneBiasInMins**  Retrieves the time zone set on machine.
-- **OSUILocale**  Retrieves the locale of the UI that is currently used by the OS.
-- **ProductActivationResult**  Returns Boolean if the OS Activation was successful.
-- **ProductActivationTime**  Returns the OS Activation time for tracking piracy issues.
-- **ProductKeyID2**  Retrieves the License key if the machine is updated with a new license key.
-- **RACw7Id**  Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
-- **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
-- **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
-- **ServiceProductKeyID**  Retrieves the License key of the KMS
-- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
-- **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
-- **SLICStatus**  Whether a SLIC table exists on the device.
-- **SLICVersion**  Returns OS type/version from SLIC table.
-
-
-### Census.Processor
-
-This event sends data about the processor. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system.
-- **ProcessorClockSpeed**  Retrieves the clock speed of the processor in MHz.
-- **ProcessorCores**  Retrieves the number of cores in the processor.
-- **ProcessorIdentifier**  The processor identifier of a manufacturer.
-- **ProcessorManufacturer**  Retrieves the name of the processor's manufacturer.
-- **ProcessorModel**  Retrieves the name of the processor model.
-- **ProcessorPhysicalCores**  Number of physical cores in the processor.
-- **SocketCount**  Number of physical CPU sockets of the machine.
-
-
-### Census.Security
-
-This event provides information about security settings. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Census.Speech
-
-This event is used to gather basic speech settings on the device. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AboveLockEnabled**  Cortana setting that represents if Cortana can be invoked when the device is locked.
-- **GPAllowInputPersonalization**  Indicates if a Group Policy setting has enabled speech functionalities.
-- **HolographicSpeechInputDisabled**  Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
-- **HolographicSpeechInputDisabledRemote**  Indicates if a remote policy has disabled speech functionalities for the HMD devices.
-- **KWSEnabled**  Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
-- **MDMAllowInputPersonalization**  Indicates if an MDM policy has enabled speech functionalities.
-- **RemotelyManaged**  Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
-- **SpeakerIdEnabled**  Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
-- **SpeechServicesEnabled**  Windows setting that represents whether a user is opted-in for speech services on the device.
-
-
-### Census.Storage
-
-This event sends data about the total capacity of the system volume and primary disk. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PrimaryDiskTotalCapacity**  Retrieves the amount of disk space on the primary disk of the device in MB.
-- **PrimaryDiskType**  Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
-- **SystemVolumeTotalCapacity**  Retrieves the size of the partition that the System volume is installed on in MB.
-
-
-### Census.Userdefault
-
-This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultApp**  The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
-- **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
-
-
-### Census.UserDisplay
-
-This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalPrimaryDisplayLogicalDPIX**  Retrieves the logical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayLogicalDPIY**  Retrieves the logical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIX**  Retrieves the physical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIY**  Retrieves the physical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayResolutionHorizontal**  Retrieves the number of pixels in the horizontal direction of the internal display.
-- **InternalPrimaryDisplayResolutionVertical**  Retrieves the number of pixels in the vertical direction of the internal display.
-- **InternalPrimaryDisplaySizePhysicalH**  Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
-- **InternalPrimaryDisplaySizePhysicalY**  Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
-- **InternalPrimaryDisplayType**  Represents the type of technology used in the monitor, such as Plasma, LED, LCOS, etc.
-- **NumberofExternalDisplays**  Retrieves the number of external displays connected to the machine
-- **NumberofInternalDisplays**  Retrieves the number of internal displays in a machine.
-- **VRAMDedicated**  Retrieves the video RAM in MB.
-- **VRAMDedicatedSystem**  Retrieves the amount of memory on the dedicated video card.
-- **VRAMSharedSystem**  Retrieves the amount of RAM memory that the video card can use.
-
-
-### Census.UserNLS
-
-This event sends data about the default app language, input, and display language preferences set by the user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultAppLanguage**  The current user Default App Language.
-- **DisplayLanguage**  The current user preferred Windows Display Language.
-- **HomeLocation**  The current user location, which is populated using GetUserGeoId() function.
-- **KeyboardInputLanguages**  The Keyboard input languages installed on the device.
-- **SpeechInputLanguages**  The Speech Input languages installed on the device.
-
-
-### Census.VM
-
-This event sends data indicating whether virtualization is enabled on the device, and its various characteristics. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **HyperVisor**  Retrieves whether the current OS is running on top of a Hypervisor.
-- **IOMMUPresent**  Represents if an input/output memory management unit (IOMMU) is present.
-- **IsVirtualDevice**  Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
-- **SLATSupported**  Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
-- **VirtualizationFirmwareEnabled**  Represents whether virtualization is enabled in the firmware.
-
-
-### Census.WU
-
-This event sends data about the Windows update server and other App store policies. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserGatedStatus**  Indicates whether a device has been gated for upgrading.
-- **AppStoreAutoUpdate**  Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
-- **AppStoreAutoUpdateMDM**  Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
-- **AppStoreAutoUpdatePolicy**  Retrieves the Microsoft Store App Auto Update group policy setting
-- **DelayUpgrade**  Retrieves the Windows upgrade flag for delaying upgrades.
-- **OSRollbackCount**  The number of times feature updates have rolled back on the device.
-- **OSRolledBack**  A flag that represents when a feature update has rolled back during setup.
-- **OSUninstalled**  A flag that represents when a feature update is uninstalled on a device .
-- **OSWUAutoUpdateOptions**  Retrieves the auto update settings on the device.
-- **UninstallActive**  A flag that represents when a device has uninstalled a previous upgrade recently.
-- **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
-- **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
-- **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
-- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
-- **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
-- **WUPauseState**  Retrieves Windows Update setting to determine if updates are paused.
-- **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
-
-
-### Census.Xbox
-
-This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date.
-
-The following fields are available:
-
-- **XboxConsolePreferredLanguage**  Retrieves the preferred language selected by the user on Xbox console.
-- **XboxConsoleSerialNumber**  Retrieves the serial number of the Xbox console.
-- **XboxLiveDeviceId**  Retrieves the unique device ID of the console.
-- **XboxLiveSandboxId**  Retrieves the developer sandbox ID if the device is internal to Microsoft.
-
-
-## Common data extensions
-
-### Common Data Extensions.app
-
-Describes the properties of the running application. This extension could be populated by a client app or a web app.
-
-The following fields are available:
-
-- **asId**  An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
-- **env**  The environment from which the event was logged.
-- **expId**  Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
-- **id**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
-- **userId**  The userID as known by the application.
-- **ver**  Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
-
-
-### Common Data Extensions.container
-
-Describes the properties of the container for events logged within a container.
-
-The following fields are available:
-
-- **localId**  The device ID as known by the client.
-- **osVer**  The operating system version.
-- **type**  The container type. Examples: Process or VMHost
-
-
-### Common Data Extensions.cs
-
-Describes properties related to the schema of the event.
-
-The following fields are available:
-
-- **sig**  A common schema signature that identifies new and modified event schemas.
-
-
-### Common Data Extensions.device
-
-Describes the device-related fields.
-
-The following fields are available:
-
-- **deviceClass**  Represents the classification of the device, the device “family”.  For example, Desktop, Server, or Mobile.
-- **localId**  Represents a locally defined unique ID for the device, not the human readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
-
-
-### Common Data Extensions.Envelope
-
-Represents an envelope that contains all of the common data extensions.
-
-The following fields are available:
-
-- **appId**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
-- **appVer**  Represents the version number of the application. Used to understand errors by version and usage by version across an app.
-- **cV**  Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
-- **data**  Represents the optional unique diagnostic data for a particular event schema.
-- **epoch**  ID used to help distinguish events in the sequence by indicating the current boot session.
-- **ext_app**  Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
-- **ext_container**  Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
-- **ext_cs**  Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
-- **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
-- **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
-- **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
-- **ext_xbl**  Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
-- **flags**  Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
-- **iKey**  Represents an ID for applications or other logical groupings of events.
-- **name**  Represents the uniquely qualified name for the event.
-- **os**  The operating system name.
-- **osVer**  The operating system version.
-- **popSample**  Represents the effective sample rate for this event at the time it was generated by a client.
-- **seqNum**  Used to track the absolute order of uploaded events.
-- **tags**  A header for semi-managed extensions.
-- **time**  Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
-- **ver**  Represents the major and minor version of the extension.
-
-
-### Common Data Extensions.os
-
-Describes some properties of the operating system.
-
-The following fields are available:
-
-- **bootId**  An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
-- **expId**  Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
-- **locale**  Represents the locale of the operating system.
-
-
-### Common Data Extensions.user
-
-Describes the fields related to a user.
-
-The following fields are available:
-
-- **authId**  This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
-- **localId**  Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
-
-
-### Common Data Extensions.utc
-
-Describes the properties that could be populated by a logging library on Windows.
-
-The following fields are available:
-
-- **aId**  Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
-- **bSeq**  Upload buffer sequence number in the format: buffer identifier:sequence number
-- **cat**  Represents a bitmask of the ETW Keywords associated with the event.
-- **cpId**  The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
-- **flags**  Represents the bitmap that captures various Windows specific flags.
-- **mon**  Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
-- **op**  Represents the ETW Op Code.
-- **raId**  Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
-- **sqmId**  The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
-- **stId**  Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
-- **tickets**  An array of strings that refer back to a key in the X-Tickets http header that the client uploaded along with a batch of events.
-
-
-### Common Data Extensions.xbl
-
-Describes the fields that are related to XBOX Live.
-
-The following fields are available:
-
-- **claims**  Any additional claims whose short claim name hasn't been added to this structure.
-- **did**  XBOX device ID
-- **dty**  XBOX device type
-- **dvr**  The version of the operating system on the device.
-- **eid**  A unique ID that represents the developer entity.
-- **exp**  Expiration time
-- **ip**  The IP address of the client device.
-- **nbf**  Not before time
-- **pid**  A comma separated list of PUIDs listed as base10 numbers.
-- **sbx**  XBOX sandbox identifier
-- **sid**  The service instance ID.
-- **sty**  The service type.
-- **tid**  The XBOX Live title ID.
-- **tvr**  The XBOX Live title version.
-- **uts**  A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
-- **xid**  A list of base10-encoded XBOX User IDs.
-
-
-## Common data fields
-
-### Ms.Device.DeviceInventoryChange
-
-Describes the installation state for all hardware and software components available on a particular device.
-
-The following fields are available:
-
-- **action**  The change that was invoked on a device inventory object.
-- **inventoryId**  Device ID used for Compatibility testing
-- **objectInstanceId**  Object identity which is unique within the device scope.
-- **objectType**  Indicates the object type that the event applies to.
-- **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
-
-
-## Component-based Servicing events
-
-### CbsServicingProvider.CbsCapabilitySessionFinalize
-
-This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### CbsServicingProvider.CbsCapabilitySessionPended
-
-This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
-
-
-
-### CbsServicingProvider.CbsQualityUpdateInstall
-
-This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
-
-
-
-### CbsServicingProvider.CbsSelectableUpdateChangeV2
-
-This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
-
-The following fields are available:
-
-- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
-- **buildVersion**  The build version of the package being installed.
-- **clientId**  The name of the application requesting the optional content change.
-- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
-- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
-- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
-- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
-- **hrDownloadResult**  The return code of the download operation.
-- **hrStatusUpdate**  The return code of the servicing operation.
-- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
-- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
-- **majorVersion**  The major version of the package being installed.
-- **minorVersion**  The minor version of the package being installed.
-- **packageArchitecture**  The architecture of the package being installed.
-- **packageLanguage**  The language of the package being installed.
-- **packageName**  The name of the package being installed.
-- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
-- **revisionVersion**  The revision number of the package being installed.
-- **stackBuild**  The build number of the servicing stack binary performing the installation.
-- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
-- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
-- **stackRevision**  The revision number of the servicing stack binary performing the installation.
-- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
-- **updateStartState**  A value indicating the state of the optional content before the operation started.
-- **updateTargetState**  A value indicating the desired state of the optional content.
-
-
-## Content Delivery Manager events
-
-### Microsoft.Windows.ContentDeliveryManager.ProcessCreativeEvent
-
-This event sends tracking data about the reliability of interactions with Windows spotlight content, to help keep Windows up to date.
-
-The following fields are available:
-
-- **creativeId**  A serialized string containing the ID of the offer being rendered, the ID of the current rotation period, the ID of the surface/ring/market combination, the offer index in the current branch, the ID of the batch, the rotation period length, and the expiration timestamp.
-- **eventToken**  In there are multiple item offers, such as Start tiles, this indicates which tile the event corresponds to.
-- **eventType**  A code that indicates the type of creative event, such a impression, click, positive feedback, negative feedback, etc.
-- **placementId**  Name of surface, such as LockScreen or Start.
-
-
-### Microsoft.Windows.ContentDeliveryManager.ReportPlacementHealth
-
-This event sends aggregated client health data, summarizing information about the state of offers on a device, to help keep Windows up to date.
-
-The following fields are available:
-
-- **dataVersion**  Schema version of the event that is used to determine what serialized content is available for placementReportedInfo and trackingInfo fields.
-- **healthResult**  A code that identifies user account health status as Unknown, Healthy, Unhealthy.
-- **healthStateFlags**  A code that represents a set of flags used to group devices in a health/unhealthy way. For example, Unhealthy, Healthy, RefreshNotScheduled, EmptyResponse, RenderedDefault, RenderFailure, RenderDelayed, and CacheEmpty.
-- **placementHealthId**  A code that represents which surface's health is being reported. For example, Default, LockScreen, LockScreenOverlay, StartMenu, SoftLanding, DefaultStartLayout1, DefaultStartLayout2, OemPreInstalledApps, FeatureManagement, SilentInstalledApps, NotificationChannel, SuggestedPenAppsSubscribedContent, TestAppSubscribedContent, OneDriveSyncNamespaceSubscribedContent, OneDriveLocalNamespaceSubscribedContent, OneDriveSyncNamespaceInternalSubscribedContent, and OneDriveLocalNamespaceInternalSubscribedContent.
-- **placementReportedInfo**  Serialized information that contains domain-specific health information written by each surface, such as lastUpportunityTime, lastOpportunityReportedTime, expectedExpirationTime, and rotationPeriod.
-- **trackingInfo**  Serialized information that contains domain-specific health information written by the content delivery manager, such as lastRefreshTime, nextRefreshTime, nextUpdateTime,renderPriorToLastOpportunityTime, lastRenderTime, lastImpressionTime, lastRulesRegistrationTime, registrationTime, lastRefreshBatchCount, lastEligibleCreativeCount, availableAppSlotCount, placeholderAppSlotCount, lastRenderSuccess, lastRenderDefault, isEnabled.
-
-
-### Microsoft.Windows.ContentDeliveryManager.ReportPlacementState
-
-This event sends data about the opt-out state of a device or user that uses Windows spotlight, to help keep Windows up to date.
-
-The following fields are available:
-
-- **isEnabled**  Indicates if the surface is enable to receive offers.
-- **lastImpressionTime**  The time when the last offer was seen.
-- **lastRenderedCreativeId**  ID of the last offer rendered by the surface.
-- **lastRenderedTime**  The time that the last offer was rendered.
-- **nextRotationTime**  The time in which the next offer will be rendered.
-- **placementName**  Name of surface, such as LockScreen or Start.
-- **placementStateReportFlags**  Flags that represent if the surface is capable of receiving offers, such as off by edition, off by Group Policy, off by user choice.
-- **selectedPlacementId**  ID of the surface/ring/markey combination, such as Lock-Internal-en-US.
-
-
-## Diagnostic data events
-
-### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
-
-This event is fired by UTC at state transitions to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
-- **CanCollectAnyTelemetry**  True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
-- **CanCollectCoreTelemetry**  True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
-- **CanCollectHeartbeats**  True if UTC is allowed to collect heartbeats.
-- **CanCollectOsTelemetry**  True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
-- **CanPerformDiagnosticEscalations**  True if UTC is allowed to perform all scenario escalations.
-- **CanPerformTraceEscalations**  True if UTC is allowed to perform scenario escalations with tracing actions.
-- **CanReportScenarios**  True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
-- **PreviousPermissions**  Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed.
-- **TransitionFromEverythingOff**  True if this transition is moving from not allowing core telemetry to allowing core telemetry.
-
-
-### TelClientSynthetic.AuthorizationInfo_Startup
-
-This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
-- **CanCollectAnyTelemetry**  True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
-- **CanCollectCoreTelemetry**  True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
-- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
-- **CanCollectOsTelemetry**  True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
-- **CanPerformDiagnosticEscalations**  True if UTC is allowed to perform all scenario escalations.
-- **CanPerformTraceEscalations**  True if UTC is allowed to perform scenario escalations with tracing actions.
-- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
-- **PreviousPermissions**  Bitmask representing the previously configured permissions since the telemetry client was last started.
-- **TransitionFromEverythingOff**  True if this transition is moving from not allowing core telemetry to allowing core telemetry.
-
-
-### TelClientSynthetic.ConnectivityHeartBeat_0
-
-This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network. This event is fired by UTC during periods of no network as a heartbeat signal, to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CensusExitCode**  Returns last execution codes from census client run.
-- **CensusStartTime**  Returns timestamp corresponding to last successful census run.
-- **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
-- **LastConnectivityLossTime**  Retrieves the last time the device lost free network.
-- **NetworkState**  Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
-- **NoNetworkTime**  Retrieves the time spent with no network (since the last time) in seconds.
-- **RestrictedNetworkTime**  The total number of seconds with restricted network during this heartbeat period.
-
-
-### TelClientSynthetic.HeartBeat_5
-
-This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
-
-The following fields are available:
-
-- **AgentConnectionErrorsCount**  The number of non-timeout errors associated with the host/agent channel.
-- **CensusExitCode**  The last exit code of the Census task.
-- **CensusStartTime**  The time of the last Census run.
-- **CensusTaskEnabled**  Indicates whether Census is enabled.
-- **ConsumerDroppedCount**  The number of events dropped by the consumer layer of the telemetry client.
-- **CriticalDataDbDroppedCount**  The number of critical data sampled events that were dropped at the database layer.
-- **CriticalDataThrottleDroppedCount**  The number of critical data sampled events that were dropped because of throttling.
-- **CriticalOverflowEntersCounter**  The number of times a critical overflow mode was entered into the event database.
-- **DbCriticalDroppedCount**  The total number of dropped critical events in the event database.
-- **DbDroppedCount**  The number of events that were dropped because the database was full.
-- **DecodingDroppedCount**  The number of events dropped because of decoding failures.
-- **EnteringCriticalOverflowDroppedCounter**  The number of events that was dropped because a critical overflow mode was initiated.
-- **EtwDroppedBufferCount**  The number of buffers dropped in the CUET ETW session.
-- **EtwDroppedCount**  The number of events dropped by the ETW layer of the telemetry client.
-- **EventSubStoreResetCounter**  The number of times the event database was reset.
-- **EventSubStoreResetSizeSum**  The total size of the event database across all resets reports in this instance.
-- **EventsUploaded**  The number of events that have been uploaded.
-- **Flags**  Flags that indicate device state, such as network, battery, and opt-in state.
-- **FullTriggerBufferDroppedCount**  The number of events that were dropped because the trigger buffer was full.
-- **HeartBeatSequenceNumber**  A monotonically increasing heartbeat counter.
-- **InvalidHttpCodeCount**  The number of invalid HTTP codes received from Vortex.
-- **LastAgentConnectionError**  The last non-timeout error that happened in the host/agent channel.
-- **LastEventSizeOffender**  The name of the last event that exceeded the maximum event size.
-- **LastInvalidHttpCode**  The last invalid HTTP code received from Vortex.
-- **MaxActiveAgentConnectionCount**  The maximum number of active agents during this heartbeat timeframe.
-- **MaxInUseScenarioCounter**  The soft maximum number of scenarios loaded by the Connected User Experience and Telemetry component.
-- **PreviousHeartBeatTime**  The time of last heartbeat event. This allows chaining of events.
-- **SettingsHttpAttempts**  The number of attempts to contact the OneSettings service.
-- **SettingsHttpFailures**  The number of failures from contacting the OneSettings service.
-- **ThrottledDroppedCount**  The number of events dropped due to throttling of noisy providers.
-- **UploaderDroppedCount**  The number of events dropped by the uploader layer of the telemetry client.
-- **VortexFailuresTimeout**  The number of timeout failures received from Vortex.
-- **VortexHttpAttempts**  The number of attempts to contact the Vortex service.
-- **VortexHttpFailures4xx**  The number of 400-499 error codes received from Vortex.
-- **VortexHttpFailures5xx**  The number of 500-599 error codes received from Vortex.
-
-
-### TelClientSynthetic.HeartBeat_Aria_5
-
-This event is the telemetry client ARIA heartbeat.
-
-
-
-### TelClientSynthetic.HeartBeat_Seville_5
-
-This event is sent by the universal telemetry client (UTC) as a heartbeat signal for Sense.
-
-
-
-### TelClientSynthetic.TailoredExperiencesWithDiagnosticDataUpdate
-
-This event is triggered when UTC determines it needs to send information about personalization settings of the user.
-
-
-
-## DxgKernelTelemetry events
-
-### DxgKrnlTelemetry.GPUAdapterInventoryV2
-
-This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
-
-The following fields are available:
-
-- **aiSeqId**  The event sequence ID.
-- **bootId**  The system boot ID.
-- **ComputePreemptionLevel**  The maximum preemption level supported by GPU for compute payload.
-- **DedicatedSystemMemoryB**  The amount of system memory dedicated for GPU use (in bytes).
-- **DedicatedVideoMemoryB**  The amount of dedicated VRAM of the GPU (in bytes).
-- **DisplayAdapterLuid**  The display adapter LUID.
-- **DriverDate**  The date of the display driver.
-- **DriverRank**  The rank of the display driver.
-- **DriverVersion**  The display driver version.
-- **GPUDeviceID**  The GPU device ID.
-- **GPUPreemptionLevel**  The maximum preemption level supported by GPU for graphics payload.
-- **GPURevisionID**  The GPU revision ID.
-- **GPUVendorID**  The GPU vendor ID.
-- **InterfaceId**  The GPU interface ID.
-- **IsDisplayDevice**  Does the GPU have displaying capabilities?
-- **IsHybridDiscrete**  Does the GPU have discrete GPU capabilities in a hybrid device?
-- **IsHybridIntegrated**  Does the GPU have integrated GPU capabilities in a hybrid device?
-- **IsLDA**  Is the GPU comprised of Linked Display Adapters?
-- **IsMiracastSupported**  Does the GPU support Miracast?
-- **IsMismatchLDA**  Is at least one device in the Linked Display Adapters chain from a different vendor?
-- **IsMPOSupported**  Does the GPU support Multi-Plane Overlays?
-- **IsMsMiracastSupported**  Are the GPU Miracast capabilities driven by a Microsoft solution?
-- **IsPostAdapter**  Is this GPU the POST GPU in the device?
-- **IsRenderDevice**  Does the GPU have rendering capabilities?
-- **IsSoftwareDevice**  Is this a software implementation of the GPU?
-- **MeasureEnabled**  Is the device listening to MICROSOFT_KEYWORD_MEASURES?
-- **NumVidPnSources**  The number of supported display output sources.
-- **NumVidPnTargets**  The number of supported display output targets.
-- **SharedSystemMemoryB**  The amount of system memory shared by GPU and CPU (in bytes).
-- **SubSystemID**  The subsystem ID.
-- **SubVendorID**  The GPU sub vendor ID.
-- **TelemetryEnabled**  Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
-- **TelInvEvntTrigger**  What triggered this event to be logged?  Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
-- **version**  The event version.
-- **WDDMVersion**  The Windows Display Driver Model version.
-
-
-## Failover Clustering events
-
-### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
-
-This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
-
-The following fields are available:
-
-- **autoAssignSite**  The cluster parameter: auto site.
-- **autoBalancerLevel**  The cluster parameter: auto balancer level.
-- **autoBalancerMode**  The cluster parameter: auto balancer mode.
-- **blockCacheSize**  The configured size of the block cache.
-- **ClusterAdConfiguration**  The ad configuration of the cluster.
-- **clusterAdType**  The cluster parameter: mgmt_point_type.
-- **clusterDumpPolicy**  The cluster configured dump policy.
-- **clusterFunctionalLevel**  The current cluster functional level.
-- **clusterGuid**  The unique identifier for the cluster.
-- **clusterWitnessType**  The witness type the cluster is configured for.
-- **countNodesInSite**  The number of nodes in the cluster.
-- **crossSiteDelay**  The cluster parameter: CrossSiteDelay.
-- **crossSiteThreshold**  The cluster parameter: CrossSiteThreshold.
-- **crossSubnetDelay**  The cluster parameter: CrossSubnetDelay.
-- **crossSubnetThreshold**  The cluster parameter: CrossSubnetThreshold.
-- **csvCompatibleFilters**  The cluster parameter: ClusterCsvCompatibleFilters.
-- **csvIncompatibleFilters**  The cluster parameter: ClusterCsvIncompatibleFilters.
-- **csvResourceCount**  The number of resources in the cluster.
-- **currentNodeSite**  The name configured for the current site for the cluster.
-- **dasModeBusType**  The direct storage bus type of the storage spaces.
-- **downLevelNodeCount**  The number of nodes in the cluster that are running down-level.
-- **drainOnShutdown**  Specifies whether a node should be drained when it is shut down.
-- **dynamicQuorumEnabled**  Specifies whether dynamic Quorum has been enabled.
-- **enforcedAntiAffinity**  The cluster parameter: enforced anti affinity.
-- **genAppNames**  The win32 service name of a clustered service.
-- **genSvcNames**  The command line of a clustered genapp.
-- **hangRecoveryAction**  The cluster parameter: hang recovery action.
-- **hangTimeOut**  Specifies the “hang time out” parameter for the cluster.
-- **isCalabria**  Specifies whether storage spaces direct is enabled.
-- **isMixedMode**  Identifies if the cluster is running with different version of OS for nodes.
-- **isRunningDownLevel**  Identifies if the current node is running down-level.
-- **logLevel**  Specifies the granularity that is logged in the cluster log.
-- **logSize**  Specifies the size of the cluster log.
-- **lowerQuorumPriorityNodeId**  The cluster parameter: lower quorum priority node ID.
-- **minNeverPreempt**  The cluster parameter: minimum never preempt.
-- **minPreemptor**  The cluster parameter: minimum preemptor priority.
-- **netftIpsecEnabled**  The parameter: netftIpsecEnabled.
-- **NodeCount**  The number of nodes in the cluster.
-- **nodeId**  The current node number in the cluster.
-- **nodeResourceCounts**  Specifies the number of node resources.
-- **nodeResourceOnlineCounts**  Specifies the number of node resources that are online.
-- **numberOfSites**  The number of different sites.
-- **numNodesInNoSite**  The number of nodes not belonging to a site.
-- **plumbAllCrossSubnetRoutes**  The cluster parameter: plumb all cross subnet routes.
-- **preferredSite**  The preferred site location.
-- **privateCloudWitness**  Specifies whether a private cloud witness exists for this cluster.
-- **quarantineDuration**  The quarantine duration.
-- **quarantineThreshold**  The quarantine threshold.
-- **quorumArbitrationTimeout**  In the event of an arbitration event, this specifies the quorum timeout period.
-- **resiliencyLevel**  Specifies the level of resiliency.
-- **resourceCounts**  Specifies the number of resources.
-- **resourceTypeCounts**  Specifies the number of resource types in the cluster.
-- **resourceTypes**  Data representative of each resource type.
-- **resourceTypesPath**  Data representative of the DLL path for each resource type.
-- **sameSubnetDelay**  The cluster parameter: same subnet delay.
-- **sameSubnetThreshold**  The cluster parameter: same subnet threshold.
-- **secondsInMixedMode**  The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
-- **securityLevel**  The cluster parameter: security level.
-- **sharedVolumeBlockCacheSize**  Specifies the block cache size for shared for shared volumes.
-- **shutdownTimeoutMinutes**  Specifies the amount of time it takes to time out when shutting down.
-- **upNodeCount**  Specifies the number of nodes that are up (online).
-- **useClientAccessNetworksForCsv**  The cluster parameter: use client access networks for CSV.
-- **vmIsolationTime**  The cluster parameter: VM isolation time.
-- **witnessDatabaseWriteTimeout**  Specifies the timeout period for writing to the quorum witness database.
-
-
-## Fault Reporting events
-
-### Microsoft.Windows.FaultReporting.AppCrashEvent
-
-This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has crashed.
-- **AppSessionGuid**  GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
-- **AppTimeStamp**  The date/time stamp of the app.
-- **AppVersion**  The version of the app that has crashed.
-- **ExceptionCode**  The exception code returned by the process that has crashed.
-- **ExceptionOffset**  The address where the exception had occurred.
-- **Flags**  Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
-- **ModName**  Exception module name (e.g. bar.dll).
-- **ModTimeStamp**  The date/time stamp of the module.
-- **ModVersion**  The version of the module that has crashed.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has crashed.
-- **ProcessId**  The ID of the process that has crashed.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported
-- **TargetAsId**  The sequence number for the hanging process.
-
-
-## Feature update events
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked
-
-This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems.
-
-
-
-## Hang Reporting events
-
-### Microsoft.Windows.HangReporting.AppHangEvent
-
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has hung.
-- **AppSessionGuid**  GUID made up of process ID used as a correlation vector for process instances in the telemetry backend.
-- **AppVersion**  The version of the app that has hung.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has hung.
-- **ProcessId**  The ID of the process that has hung.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported.
-- **TargetAsId**  The sequence number for the hanging process.
-- **TypeCode**  Bitmap describing the hang type.
-- **WaitingOnAppName**  If this is a cross process hang waiting for an application, this has the name of the application.
-- **WaitingOnAppVersion**  If this is a cross process hang, this has the version of the application for which it is waiting.
-- **WaitingOnPackageFullName**  If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
-- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application ID of the package.
-
-
-## Inventory events
-
-### ChecksumDictionary
-
-This event provides the list of values sent by each object type. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Key**  The object type being described.
-- **Value**  The number of objects of this type that were sent.
-
-
-### COMPID
-
-This event provides a device's internal application compatible ID, a vendor-defined identification that Windows uses to match a device to an INF file. A device can have a list of compatible IDs associated with it. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Order**  The index of the array of compatible IDs for the device.
-- **Value**  The array of compatible IDs for the device.
-
-
-### HWID
-
-This event provides a device's internal hardware ID, a vendor-defined identification that Windows uses to match a device to an INF file. In most cases, a device has associated with it a list of hardware IDs. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Order**  The index of the array of internal hardware IDs for the device.
-- **Value**  The array of internal hardware IDs for the device.
-
-
-### InstallDateArpLastModified
-
-This event indicates the date the add/remove program (ARP) entry was last modified by an update. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Order**  The index of the ordered array.
-- **Value**  The value contained in the ordered array.
-
-
-### InstallDateFromLinkFile
-
-This event provides the application installation date from the linked file. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Order**  The index of the ordered array.
-- **Value**  The value contained in the ordered array.
-
-
-### InstallDateMsi
-
-This event provides the install date from the Microsoft installer (MSI) database. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Order**  The index of the ordered array.
-- **Value**  The value contained in the ordered array.
-
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
-
-This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Device**  A count of device objects in cache.
-- **DeviceCensus**  A count of devicecensus objects in cache.
-- **DriverPackageExtended**  A count of driverpackageextended objects in cache.
-- **File**  A count of file objects in cache.
-- **FileSigningInfo**  A count of file signing objects in cache.
-- **Generic**  A count of generic objects in cache.
-- **HwItem**  A count of hwitem objects in cache.
-- **InventoryApplication**  A count of application objects in cache.
-- **InventoryApplicationFile**  A count of application file objects in cache.
-- **InventoryDeviceContainer**  A count of device container objects in cache.
-- **InventoryDeviceInterface**  A count of Plug and Play device interface objects in cache.
-- **InventoryDeviceMediaClass**  A count of device media objects in cache.
-- **InventoryDevicePnp**  A count of device Plug and Play objects in cache.
-- **InventoryDriverBinary**  A count of driver binary objects in cache.
-- **InventoryDriverPackage**  A count of device objects in cache.
-- **Metadata**  A count of metadata objects in cache.
-- **Orphan**  A count of orphan file objects in cache.
-- **Programs**  A count of program objects in cache.
-
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
-
-This event sends inventory component versions for the Device Inventory data. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **aeinv**  The version of the App inventory component.
-- **aeinv.dll**  The version of the App inventory component.
-- **devinv**  The file version of the Device inventory component.
-- **devinv.dll**  The file version of the Device inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.FileSigningInfoAdd
-
-This event enumerates the signatures of files, either driver packages or application executables. For driver packages, this data is collected on demand via Telecommand to limit it only to unrecognized driver packages, saving time for the client and space on the server. For applications, this data is collected for up to 10 random executables on a system. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **CatalogSigners**  Signers from catalog. Each signer starts with Chain.
-- **DriverPackageStrongName**  Optional. Available only if FileSigningInfo is collected on a driver package.
-- **EmbeddedSigners**  Embedded signers. Each signer starts with Chain.
-- **FileName**  The file name of the file whose signatures are listed.
-- **FileType**  Either exe or sys, depending on if a driver package or application executable.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Thumbprint**  Comma separated hash of the leaf node of each signer. Semicolon is used to separate CatalogSigners from EmbeddedSigners. There will always be a trailing comma.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
-
-This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **HiddenArp**  Indicates whether a program hides itself from showing up in ARP.
-- **InstallDate**  The date the application was installed (a best guess based on folder creation date heuristics).
-- **InstallDateArpLastModified**  The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015  00:00:00 See [InstallDateArpLastModified](#installdatearplastmodified).
-- **InstallDateFromLinkFile**  The estimated date of install based on the links to the files.  Passed as an array. See [InstallDateFromLinkFile](#installdatefromlinkfile).
-- **InstallDateMsi**  The install date if the application was installed via Microsoft Installer (MSI). Passed as an array. See [InstallDateMsi](#installdatemsi).
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Language**  The language code of the program.
-- **MsiPackageCode**  A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
-- **MsiProductCode**  A GUID that describe the MSI Product.
-- **Name**  The name of the application.
-- **OSVersionAtInstallTime**  The four octets from the OS version at the time of the application's install.
-- **PackageFullName**  The package full name for a Store application.
-- **ProgramInstanceId**  A hash of the file IDs in an app.
-- **Publisher**  The Publisher of the application. Location pulled from depends on the 'Source' field.
-- **RootDirPath**  The path to the root directory where the program was installed.
-- **Source**  How the program was installed (for example, ARP, MSI, Appx).
-- **StoreAppType**  A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
-- **Type**  One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
-- **Version**  The version number of the program.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
-
-This event represents what drivers an application installs. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
-
-The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
-
-This event provides the basic metadata about the frameworks an application may depend on. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
-
-This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
-
-This event indicates that a new set of InventoryApplicationAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
-
-This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device). The data collected with this event is used to help keep Windows up to date and to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Categories**  A comma separated list of functional categories in which the container belongs.
-- **DiscoveryMethod**  The discovery method for the device container.
-- **FriendlyName**  The name of the device container.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **IsActive**  Is the device connected, or has it been seen in the last 14 days?
-- **IsConnected**  For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
-- **IsMachineContainer**  Is the container the root device itself?
-- **IsNetworked**  Is this a networked device?
-- **IsPaired**  Does the device container require pairing?
-- **Manufacturer**  The manufacturer name for the device container.
-- **ModelId**  A unique model ID.
-- **ModelName**  The model name.
-- **ModelNumber**  The model number for the device container.
-- **PrimaryCategory**  The primary category for the device container.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
-
-This event indicates that the InventoryDeviceContainer object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
-
-This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
-
-This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Accelerometer3D**  Indicates if an Accelerator3D sensor is found.
-- **ActivityDetection**  Indicates if an Activity Detection sensor is found.
-- **AmbientLight**  Indicates if an Ambient Light sensor is found.
-- **Barometer**  Indicates if a Barometer sensor is found.
-- **Custom**  Indicates if a Custom sensor is found.
-- **FloorElevation**  Indicates if a Floor Elevation sensor is found.
-- **GeomagneticOrientation**  Indicates if a Geo Magnetic Orientation sensor is found.
-- **GravityVector**  Indicates if a Gravity Detector sensor is found.
-- **Gyrometer3D**  Indicates if a Gyrometer3D sensor is found.
-- **Humidity**  Indicates if a Humidity sensor is found.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **LinearAccelerometer**  Indicates if a Linear Accelerometer sensor is found.
-- **Magnetometer3D**  Indicates if a Magnetometer3D sensor is found.
-- **Orientation**  Indicates if an Orientation sensor is found.
-- **Pedometer**  Indicates if a Pedometer sensor is found.
-- **Proximity**  Indicates if a Proximity sensor is found.
-- **RelativeOrientation**  Indicates if a Relative Orientation sensor is found.
-- **SimpleDeviceOrientation**  Indicates if a Simple Device Orientation sensor is found.
-- **Temperature**  Indicates if a Temperature sensor is found.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
-
-This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
-
-This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Audio_CaptureDriver**  The Audio device capture driver endpoint.
-- **Audio_RenderDriver**  The Audio device render driver endpoint.
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
-
-This event indicates that the InventoryDeviceMediaClass object represented by the objectInstanceId is no longer present. This event is used to understand a PNP device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
-
-This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
-
-This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Class**  The device setup class of the driver loaded for the device.
-- **ClassGuid**  The device class unique identifier of the driver package loaded on the device.
-- **COMPID**  The list of “Compatible IDs” for this device. See [COMPID](#compid).
-- **ContainerId**  The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to.
-- **Description**  The description of the device.
-- **DeviceState**  Identifies the current state of the parent (main) device.
-- **DriverId**  The unique identifier for the installed driver.
-- **DriverName**  The name of the driver image file.
-- **DriverPackageStrongName**  The immediate parent directory name in the Directory field of InventoryDriverPackage.
-- **DriverVerDate**  The date of the driver loaded for the device
-- **DriverVerVersion**  The version of the driver loaded for the device
-- **Enumerator**  Identifies the bus that enumerated the device.
-- **HWID**  A list of hardware IDs for the device. See [HWID](#hwid).
-- **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
-- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
-- **InventoryVersion**  The version number of the inventory process generating the events.
-- **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
-- **LowerFilters**  The identifiers of the Lower filters installed for the device.
-- **Manufacturer**  The manufacturer of the device.
-- **MatchingID**  The Hardware ID or Compatible ID that Windows uses to install a device instance.
-- **Model**  Identifies the model of the device.
-- **objectInstanceId**  Deprecated. The Device Instance ID of the device (uniquely identifies a device in the system). Example: pci\ven_8086&dev_0085&subsys_13118086&rev_34\4&2dded11c&0&00e1
-- **ParentId**  The Device Instance ID of the parent of the device.
-- **ProblemCode**  The error code currently returned by the device, if applicable.
-- **Provider**  Identifies the device provider.
-- **Service**  The name of the device service.
-- **STACKID**  The list of hardware IDs for the stack. See [STACKID](#stackid).
-- **UpperClassFilters**  The identifiers of the Upper Class filters installed for the device.
-- **UpperFilters**  The identifiers of the Upper filters installed for the device.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
-
-This event indicates that the InventoryDevicePnpRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
-
-This event sends basic metadata about the USB hubs on the device. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
-
-This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
-
-This event sends basic metadata about driver binaries running on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **DriverCheckSum**  The checksum of the driver file.
-- **DriverCompany**  The company name that developed the driver.
-- **DriverInBox**  Is the driver included with the operating system?
-- **DriverIsKernelMode**  Is it a kernel mode driver?
-- **DriverName**  The file name of the driver.
-- **DriverPackageStrongName**  The strong name of the driver package
-- **DriverSigned**  Is the driver signed?
-- **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
-- **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
-- **DriverVersion**  The version of the driver file.
-- **ImageSize**  The size of the driver file.
-- **Inf**  The name of the INF file.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Product**  The product name that is included in the driver file.
-- **ProductVersion**  The product version that is included in the driver file.
-- **Service**  The name of the service that is installed for the device.
-- **WdfVersion**  The Windows Driver Framework version.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
-
-This event indicates that the InventoryDriverBinary object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
-
-This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
-
-This event sends basic metadata about drive packages installed on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Class**  The class name for the device driver.
-- **ClassGuid**  The class GUID for the device driver.
-- **Date**  The driver package date.
-- **Directory**  The path to the driver package.
-- **Inf**  The INF name of the driver package.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Provider**  The provider for the driver package.
-- **SubmissionId**  The HLK submission ID for the driver package.
-- **Version**  The version of the driver package.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
-
-This event indicates that the InventoryDriverPackageRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
-
-This event indicates that a new set of InventoryDriverPackageAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.General. InventoryMiscellaneousMemorySlotArrayInfoRemove
-
-This event indicates that this particular data object represented by the ObjectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
-
-This event sends details collected for a specific application on the source device. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AhaVersion**  The binary version of the App Health Analyzer tool.
-- **ApplicationErrors**  The count of application errors from the event log.
-- **Bitness**  The architecture type of the application (16 Bit or 32 bit or 64 bit).
-- **device_level**  Various JRE/JAVA versions installed on a particular device.
-- **ExtendedProperties**  Attribute used for aggregating all other attributes under this event type.
-- **Jar**  Flag to determine if an app has a Java JAR file dependency.
-- **Jre**  Flag to determine if an app has JRE framework dependency.
-- **Jre_version**  JRE versions an app has declared framework dependency for.
-- **Name**  Name of the application.
-- **NonDPIAware**  Flag to determine if an app is non-DPI aware
-- **NumBinaries**  Count of all binaries (.sys,.dll,.ini) from application install location.
-- **RequiresAdmin**  Flag to determine if an app requests admin privileges for execution.
-- **RequiresAdminv2**  Additional flag to determine if an app requests admin privileges for execution.
-- **RequiresUIAccess**  Flag to determine if an app is based on UI features for accessibility.
-- **VB6**  Flag to determine if an app is based on VB6 framework.
-- **VB6v2**  Additional flag to determine if an app is based on VB6 framework.
-- **Version**  Version of the application.
-- **VersionCheck**  Flag to determine if an app has a static dependency on OS version.
-- **VersionCheckv2**  Additional flag to determine if an app has a static dependency on OS version.
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
-
-This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AllowTelemetry**  Indicates the presence of the 'allowtelemetry' command line argument.
-- **CommandLineArgs**  Command line arguments passed when launching the App Health Analyzer executable.
-- **Enhanced**  Indicates the presence of the 'enhanced' command line argument.
-- **StartTime**  UTC date and time at which this event was sent.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
-
-This event provides basic information about active memory slots on the device.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Capacity**  Memory size in bytes
-- **Manufacturer**  Name of the DRAM manufacturer
-- **Model**  Model and sub-model of the memory
-- **Slot**  Slot to which the DRAM is plugged into the motherboard.
-- **Speed**  The configured memory slot speed in MHz.
-- **Type**  Reports DDR as an enumeration value as per the DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails**  Reports Non-volatile as a bit flag enumeration as per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
-
-This diagnostic event indicates a new sync is being generated for this object type.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
-
-This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
-
-This is a diagnostic event that indicates a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.Indicators.Checksum
-
-This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **ChecksumDictionary**  A count of each operating system indicator. See [ChecksumDictionary](#checksumdictionary).
-- **PCFP**  Equivalent to the InventoryId field that is found in other core events.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
-
-This event represents the basic metadata about the OS indicators installed on the system. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **IndicatorValue**  The indicator value.
-- **Value**  Describes an operating system indicator that may be relevant for the device upgrade.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorEndSync
-
-This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events has been sent. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### STACKID
-
-This event provides the internal compatible ID for the stack. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Order**  The index of the ordered array.
-- **Value**  The value contained in the ordered array.
-
-
-## Kernel events
-
-### IO
-
-This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
-
-The following fields are available:
-
-- **BytesRead**  The total number of bytes read from or read by the OS upon system startup.
-- **BytesWritten**  The total number of bytes written to or written by the OS upon system startup.
-
-
-### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
-
-This event includes basic data about the Operating System, collected during Boot and used to evaluate the success of the upgrade process. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BootApplicationId**  This field tells us what the OS Loader Application Identifier is.
-- **BootAttemptCount**  The number of consecutive times the boot manager has attempted to boot into this operating system.
-- **BootSequence**  The current Boot ID, used to correlate events related to a particular boot session.
-- **BootStatusPolicy**  Identifies the applicable Boot Status Policy.
-- **BootType**  Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
-- **EventTimestamp**  Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
-- **FirmwareResetReasonEmbeddedController**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonEmbeddedControllerAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonPch**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonPchAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonSupplied**  Flag indicating that a reason for system reset was provided by firmware.
-- **IO**  Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
-- **LastBootSucceeded**  Flag indicating whether the last boot was successful.
-- **LastShutdownSucceeded**  Flag indicating whether the last shutdown was successful.
-- **MenuPolicy**  Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
-- **RecoveryEnabled**  Indicates whether recovery is enabled.
-- **UserInputTime**  The amount of time the loader application spent waiting for user input.
-
-
-### Microsoft.Windows.Kernel.Power.OSStateChange
-
-This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Windows Analytics, organizations can use this to help monitor reliability and performance of managed devices. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AcPowerOnline**  If "TRUE," the device is using AC power. If "FALSE," the device is using battery power.
-- **ActualTransitions**  This will give the actual transitions number
-- **BatteryCapacity**  Maximum battery capacity in mWh
-- **BatteryCharge**  Current battery charge as a percentage of total capacity
-- **BatteryDischarging**  Flag indicating whether the battery is discharging or charging
-- **BootId**  Monotonically increasing boot ID, reset on upgrades.
-- **BootTimeUTC**  Boot time in UTC file time.
-- **EventSequence**  Monotonically increasing event number for OsStateChange events logged during this boot.
-- **LastStateTransition**  The previous state transition on the device.
-- **LastStateTransitionSub**  The previous state subtransition on the device.
-- **StateDurationMS**  Milliseconds spent in the state being departed
-- **StateTransition**  Transition type PowerOn=1, Shutdown, Suspend, Resume, Heartbeat.
-- **StateTransitionSub**  Subtransition type Normal=1, Reboot, Hiberboot, Standby, Hibernate, ConnectedStandby, Reserved, HybridSleep.
-- **TotalDurationMS**  Total time device has been up in milliseconds in wall clock time.
-- **TotalUptimeMS**  Total time device has been on (not in a suspended state) in milliseconds.
-- **TransitionsToOn**  TransitionsToOn increments each time the system successfully completes a system sleep event, and is sent as part of the PowerTransitionEnd ETW event.
-- **UptimeDeltaMS**  Duration in last state in milliseconds.
-
-
-## Migration events
-
-### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
-
-This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-## OneDrive events
-
-### Microsoft.OneDrive.Sync.Setup.APIOperation
-
-This event includes basic data about install and uninstall OneDrive API operations. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **Duration**  How long the operation took.
-- **IsSuccess**  Was the operation successful?
-- **ResultCode**  The result code.
-- **ScenarioName**  The name of the scenario.
-
-
-### Microsoft.OneDrive.Sync.Setup.EndExperience
-
-This event includes a success or failure summary of the installation. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **HResult**  Indicates the result code of the event
-- **IsSuccess**  Was the operation successful?
-- **ScenarioName**  The name of the scenario.
-
-
-### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
-
-This event is related to the OS version when the OS is upgraded with OneDrive installed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CurrentOneDriveVersion**  The current version of OneDrive.
-- **CurrentOSBuildBranch**  The current branch of the operating system.
-- **CurrentOSBuildNumber**  The current build number of the operating system.
-- **CurrentOSVersion**  The current version of the operating system.
-- **HResult**  The HResult of the operation.
-- **SourceOSBuildBranch**  The source branch of the operating system.
-- **SourceOSBuildNumber**  The source build number of the operating system.
-- **SourceOSVersion**  The source version of the operating system.
-
-
-### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation
-
-This event is related to registering or unregistering the OneDrive update task. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **IsSuccess**  Was the operation successful?
-- **RegisterNewTaskResult**  The HResult of the RegisterNewTask operation.
-- **ScenarioName**  The name of the scenario.
-- **UnregisterOldTaskResult**  The HResult of the UnregisterOldTask operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
-
-This event includes basic data about the installation state of dependent OneDrive components. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ComponentName**  The name of the dependent component.
-- **isInstalled**  Is the dependent component installed?
-
-
-### Microsoft.OneDrive.Sync.Updater.OfficeRegistration
-
-This event indicates the status of the OneDrive integration with Microsoft Office. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **isValid**  Is the Microsoft Office registration valid?
-
-
-### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus
-
-This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **32bit**  The status of the OneDrive overlay icon on a 32-bit operating system.
-- **64bit**  The status of the OneDrive overlay icon on a 64-bit operating system.
-
-
-### Microsoft.OneDrive.Sync.Updater.RepairResult
-
-The event determines the result of the installation repair. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.SetupBinaryDownloadHResult
-
-This event indicates the status when downloading the OneDrive setup file. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
-
-This event sends information describing the result of the update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-- **IsLoggingEnabled**  Indicates whether logging is enabled for the updater.
-- **UpdaterVersion**  The version of the updater.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateTierReg
-
-This event determines status of the update tier registry values. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **regReadEnterpriseHr**  The HResult of the enterprise reg read value.
-- **regReadTeamHr**  The HResult of the team reg read value.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult
-
-This event determines the status when downloading the OneDrive update configuration file. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus
-
-This event determines the error code that was returned when verifying Internet connectivity. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **winInetError**  The HResult of the operation.
-
-
-## Privacy logging notification events
-
-### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
-
-This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cleanupTask**  Indicates whether the task that launched the dialog should be cleaned up.
-- **cleanupTaskResult**  The return code of the attempt to clean up the task used to show the dialog.
-- **deviceEvaluated**  Indicates whether the device was eligible for evaluation of a known issue.
-- **deviceImpacted**  Indicates whether the device was impacted by a known issue.
-- **modalAction**  The action the user took on the dialog that was presented to them.
-- **modalResult**  The return code of the attempt to show a dialog to the user explaining the issue.
-- **resetSettingsResult**  The return code of the action to correct the known issue.
-
-
-## Quality Update Assistant events
-
-### Microsoft.Windows.QualityUpdateAssistant.Applicability
-
-This event sends basic info on whether the device should be updated to the latest cumulative update. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Applicability check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck
-
-This event sends basic info on whether the device is ready to download the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Device readiness check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Download
-
-This event sends basic info when download of the latest cumulative update begins. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Download of latest cumulative update payload.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Install
-
-This event sends basic info on the result of the installation of the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Install of latest cumulative update payload.
-
-
-## Remediation events
-
-### Microsoft.Windows.Remediation.Applicable
-
-This event indicates whether Windows Update sediment remediations need to be applied to the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **ActionName**  The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
-- **AppraiserDetectCondition**  Indicates whether the plug-in passed the appraiser's check.
-- **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
-- **AppraiserTaskDisabled**  Indicates the appraiser task is disabled.
-- **AppraiserTaskValidFailed**  Indicates the Appraiser task did not function and requires intervention.
-- **CV**  Correlation vector
-- **DateTimeDifference**  The difference between local and reference clock times.
-- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
-- **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
-- **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
-- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
-- **EvalAndReportAppraiserBinariesFailed**  Indicates the EvalAndReportAppraiserBinaries event failed.
-- **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **EvalAndReportAppraiserRegEntriesFailed**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by the remediation system.
-- **HResult**  The HRESULT for detection or perform action phases of the plugin.
-- **IsAppraiserLatestResult**  The HRESULT from the appraiser task.
-- **IsConfigurationCorrected**  Indicates whether the configuration of SIH task was successfully corrected.
-- **LastHresult**  The HRESULT for detection or perform action phases of the plugin.
-- **LastRun**  The date of the most recent SIH run.
-- **NextRun**  Date of the next scheduled SIH run.
-- **PackageVersion**  The version of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Reload**  True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
-- **RemediationNoisyHammerAutoStartCount**  The number of times Auto UA auto-started.
-- **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
-- **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
-- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the Auto UA ran.
-- **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
-- **RemediationNoisyHammerIsInstalled**  TRUE if the Auto UA is installed.
-- **RemediationNoisyHammerLastTaskRunResult**  The result from the last Auto UA task run.
-- **RemediationNoisyHammerMeteredNetwork**  TRUE if the machine is on a metered network.
-- **RemediationNoisyHammerTaskEnabled**  TRUE if the Auto UA task is enabled.
-- **RemediationNoisyHammerTaskExists**  TRUE if the Auto UA task exists.
-- **RemediationNoisyHammerTaskTriggerEnabledCount**  Indicates whether the task has the count trigger enabled.
-- **RemediationNoisyHammerUAExitCode**  The exit code of the Update Assistant.
-- **RemediationNoisyHammerUAExitState**  The exit code of the Update Assistant.
-- **RemediationNoisyHammerUserLoggedIn**  TRUE if there is a user logged in.
-- **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
-- **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
-- **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
-- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
-- **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
-- **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
-- **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
-- **RemediationTaskHealthChkdskProactiveScan**  True/False based on the health of the Check Disk task.
-- **RemediationTaskHealthDiskCleanup_SilentCleanup**  True/False based on the health of the Disk Cleanup task.
-- **RemediationTaskHealthMaintenance_WinSAT**  True/False based on the health of the Health Maintenance task.
-- **RemediationTaskHealthServicing_ComponentCleanupTask**  True/False based on the health of the Health Servicing Component task.
-- **RemediationTaskHealthUSO_ScheduleScanTask**  True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
-- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask**  True/False based on the health of the Windows Update Scheduled Start task.
-- **RemediationTaskHealthWindowsUpdate_SihbootTask**  True/False based on the health of the Sihboot task.
-- **RemediationUHServiceBitsServiceEnabled**  Indicates whether BITS service is enabled.
-- **RemediationUHServiceDeviceInstallEnabled**  Indicates whether Device Install service is enabled.
-- **RemediationUHServiceDoSvcServiceEnabled**  Indicates whether DO service is enabled.
-- **RemediationUHServiceDsmsvcEnabled**  Indicates whether DSMSVC service is enabled.
-- **RemediationUHServiceLicensemanagerEnabled**  Indicates whether License Manager service is enabled.
-- **RemediationUHServiceMpssvcEnabled**  Indicates whether MPSSVC service is enabled.
-- **RemediationUHServiceTokenBrokerEnabled**  Indicates whether Token Broker service is enabled.
-- **RemediationUHServiceTrustedInstallerServiceEnabled**  Indicates whether Trusted Installer service is enabled.
-- **RemediationUHServiceUsoServiceEnabled**  Indicates whether USO (Update Session Orchestrator) service is enabled.
-- **RemediationUHServicew32timeServiceEnabled**  Indicates whether W32 Time service is enabled.
-- **RemediationUHServiceWecsvcEnabled**  Indicates whether WECSVC service is enabled.
-- **RemediationUHServiceWinmgmtEnabled**  Indicates whether WMI service is enabled.
-- **RemediationUHServiceWpnServiceEnabled**  Indicates whether WPN service is enabled.
-- **RemediationUHServiceWuauservServiceEnabled**  Indicates whether WUAUSERV service is enabled.
-- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
-- **RunAppraiserFailed**  Indicates RunAppraiser failed to run correctly.
-- **RunTask**  TRUE if SIH task should be run by the plug-in.
-- **TimeServiceNTPServer**  The URL for the NTP time server used by device.
-- **TimeServiceStartType**  The startup type for the NTP time service.
-- **TimeServiceSyncDomainJoined**  True if device domain joined and hence uses DC for clock.
-- **TimeServiceSyncType**  Type of sync behavior for Date & Time service on device.
-
-
-### Microsoft.Windows.Remediation.Completed
-
-This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **ActionName**  Name of the action to be completed by the plug-in.
-- **AppraiserTaskCreationFailed**  TRUE if the appraiser task creation failed to complete successfully.
-- **AppraiserTaskDeleteFailed**  TRUE if deletion of appraiser task failed to complete successfully.
-- **AppraiserTaskExistFailed**  TRUE if detection of the appraiser task failed to complete successfully.
-- **AppraiserTaskLoadXmlFailed**  TRUE if the Appraiser XML Loader failed to complete successfully.
-- **AppraiserTaskMissing**  TRUE if the Appraiser task is missing.
-- **AppraiserTaskTimeTriggerUpdateFailedId**  TRUE if the Appraiser Task Time Trigger failed to update successfully.
-- **AppraiserTaskValidateTaskXmlFailed**  TRUE if the Appraiser Task XML failed to complete successfully.
-- **CrossedDiskSpaceThreshold**  Indicates if cleanup resulted in hard drive usage threshold required for feature update to be exceeded.
-- **CV**  The Correlation Vector.
-- **DateTimeDifference**  The difference between the local and reference clocks.
-- **DaysSinceOsInstallation**  The number of days since the installation of the Operating System.
-- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in megabytes.
-- **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
-- **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
-- **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
-- **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
-- **HResult**  The result of the event execution.
-- **LatestState**  The final state of the plug-in component.
-- **PackageVersion**  The package version for the current Remediation.
-- **PageFileCount**  The number of Windows Page files.
-- **PageFileCurrentSize**  The size of the Windows Page file, measured in Megabytes.
-- **PageFileLocation**  The storage location (directory path) of the Windows Page file.
-- **PageFilePeakSize**  The maximum amount of hard disk space used by the Windows Page file, measured in Megabytes.
-- **PluginName**  The name of the plug-in specified for each generic plug-in event.
-- **RanCleanup**  TRUE if the plug-in ran disk cleanup.
-- **RemediationConfigurationTroubleshooterExecuted**  True/False based on whether the Remediation Configuration Troubleshooter executed successfully.
-- **RemediationConfigurationTroubleshooterIpconfigFix**  TRUE if IPConfig Fix completed successfully.
-- **RemediationConfigurationTroubleshooterNetShFix**  TRUE if network card cache reset ran successfully.
-- **RemediationDiskCleanSizeBtWindowsFolderInMegabytes**  The size of the Windows BT folder (used to store Windows upgrade files), measured in Megabytes.
-- **RemediationDiskCleanupBTFolderEsdSizeInMB**  The size of the Windows BT folder (used to store Windows upgrade files) ESD (Electronic Software Delivery), measured in Megabytes.
-- **RemediationDiskCleanupGetCurrentEsdSizeInMB**  The size of any existing ESD (Electronic Software Delivery) folder, measured in Megabytes.
-- **RemediationDiskCleanupSearchFileSizeInMegabytes**  The size of the Cleanup Search index file, measured in Megabytes.
-- **RemediationDiskCleanupUpdateAssistantSizeInMB**  The size of the Update Assistant folder, measured in Megabytes.
-- **RemediationDoorstopChangeSucceeded**  TRUE if Doorstop registry key was successfully modified.
-- **RemediationDoorstopExists**  TRUE if there is a OneSettings Doorstop value.
-- **RemediationDoorstopRegkeyError**  TRUE if an error occurred accessing the Doorstop registry key.
-- **RemediationDRFKeyDeleteSucceeded**  TRUE if the RecoveredFrom (Doorstop) registry key was successfully deleted.
-- **RemediationDUABuildNumber**  The build number of the DUA.
-- **RemediationDUAKeyDeleteSucceeded**  TRUE if the UninstallActive registry key was successfully deleted.
-- **RemediationDuplicateTokenSucceeded**  TRUE if the user token was successfully duplicated.
-- **RemediationImpersonateUserSucceeded**  TRUE if the user was successfully impersonated.
-- **RemediationNoisyHammerTaskKickOffIsSuccess**  TRUE if the Auto UA task started successfully.
-- **RemediationQueryTokenSucceeded**  TRUE if the user token was successfully queried.
-- **RemediationRanHibernation**  TRUE if the system entered Hibernation.
-- **RemediationRevertToSystemSucceeded**  TRUE if reversion to the system context succeeded.
-- **RemediationUpdateServiceHealthRemediationResult**  The result of the Update Service Health plug-in.
-- **RemediationUpdateTaskHealthRemediationResult**  The result of the Update Task Health plug-in.
-- **RemediationUpdateTaskHealthTaskList**  A list of tasks fixed by the Update Task Health plug-in.
-- **RemediationWindowsLogSpaceFound**  The size of the Windows log files found, measured in Megabytes.
-- **RemediationWindowsLogSpaceFreed**  The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
-- **RemediationWindowsSecondaryDriveFreeSpace**  The amount of free space on the secondary drive, measured in Megabytes.
-- **RemediationWindowsSecondaryDriveLetter**  The letter designation of the first secondary drive with a total capacity of 10GB or more.
-- **RemediationWindowsSecondaryDriveTotalSpace**  The total storage capacity of the secondary drive, measured in Megabytes.
-- **RemediationWindowsTotalSystemDiskSize**  The total storage capacity of the System Disk Drive, measured in Megabytes.
-- **Result**  The HRESULT for Detection or Perform Action phases of the plug-in.
-- **RunResult**  The HRESULT for Detection or Perform Action phases of the plug-in.
-- **ServiceHealthPlugin**  The name of the Service Health plug-in.
-- **StartComponentCleanupTask**  TRUE if the Component Cleanup task started successfully.
-- **TotalSizeofOrphanedInstallerFilesInMegabytes**  The size of any orphaned Windows Installer files, measured in Megabytes.
-- **TotalSizeofStoreCacheAfterCleanupInMegabytes**  The size of the Microsoft Store cache after cleanup, measured in Megabytes.
-- **TotalSizeofStoreCacheBeforeCleanupInMegabytes**  The size of the Microsoft Store cache (prior to cleanup), measured in Megabytes.
-- **usoScanDaysSinceLastScan**  The number of days since the last USO (Update Session Orchestrator) scan.
-- **usoScanInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
-- **usoScanIsAllowAutoUpdateKeyPresent**  TRUE if the AllowAutoUpdate registry key is set.
-- **usoScanIsAllowAutoUpdateProviderSetKeyPresent**  TRUE if AllowAutoUpdateProviderSet registry key is set.
-- **usoScanIsAuOptionsPresent**  TRUE if Auto Update Options registry key is set.
-- **usoScanIsFeatureUpdateInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
-- **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
-- **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
-- **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
-- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
-- **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
-- **WindowsHyberFilSysSizeInMegabytes**  The size of the Windows Hibernation file, measured in Megabytes.
-- **WindowsInstallerFolderSizeInMegabytes**  The size of the Windows Installer folder, measured in Megabytes.
-- **WindowsOldFolderSizeInMegabytes**  The size of the Windows.OLD folder, measured in Megabytes.
-- **WindowsOldSpaceCleanedInMB**  The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
-- **WindowsPageFileSysSizeInMegabytes**  The size of the Windows Page file, measured in Megabytes.
-- **WindowsSoftwareDistributionFolderSizeInMegabytes**  The size of the SoftwareDistribution folder, measured in Megabytes.
-- **WindowsSwapFileSysSizeInMegabytes**  The size of the Windows Swap file, measured in Megabytes.
-- **WindowsSxsFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) folder, measured in Megabytes.
-- **WindowsSxsTempFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes.
-
-
-### Microsoft.Windows.Remediation.DiskCleanUnExpectedErrorEvent
-
-This event indicates that an unexpected error occurred during an update and provides information to help address the issue. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation vector.
-- **ErrorMessage**  A description of any errors encountered while the plug-in was running.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **Hresult**  The result of the event execution.
-- **PackageVersion**  The version number of the current remediation package.
-- **SessionGuid**  GUID associated with a given execution of sediment pack.
-
-
-### Microsoft.Windows.Remediation.Error
-
-This event indicates a Sediment Pack error (update stack failure) has been detected and provides information to help address the issue. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  The result of the event execution.
-- **Message**  A message containing information about the error that occurred.
-- **PackageVersion**  The version number of the current remediation package.
-
-
-### Microsoft.Windows.Remediation.FallbackError
-
-This event indicates an error when Self Update results in a Fallback and provides information to help address the issue. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **s0**  Indicates the Fallback error level. See [Microsoft.Windows.Remediation.wilResult](#microsoftwindowsremediationwilresult).
-- **wilResult**  The result of the Windows Installer Logging. See [wilResult](#wilresult).
-
-
-### Microsoft.Windows.Remediation.RemediationNotifyUserFixIssuesInvokeUIEvent
-
-This event occurs when the Notify User task executes and provides information about the cause of the notification. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **PackageVersion**  The version number of the current remediation package.
-- **RemediationNotifyUserFixIssuesCallResult**  The result of calling the USO (Update Session Orchestrator) sequence steps.
-- **RemediationNotifyUserFixIssuesUsoDownloadCalledHr**  The error code from the USO (Update Session Orchestrator) download call.
-- **RemediationNotifyUserFixIssuesUsoInitializedHr**  The error code from the USO (Update Session Orchestrator) initialize call.
-- **RemediationNotifyUserFixIssuesUsoProxyBlanketHr**  The error code from the USO (Update Session Orchestrator) proxy blanket call.
-- **RemediationNotifyUserFixIssuesUsoSetSessionHr**  The error code from the USO (Update Session Orchestrator) session call.
-
-
-### Microsoft.Windows.Remediation.RemediationShellFailedAutomaticAppUpdateModifyEventId
-
-This event provides the modification of the date on which an Automatic App Update scheduled task failed and provides information about the failure. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation Vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **hResult**  The result of the event execution.
-- **PackageVersion**  The version number of the current remediation package.
-
-
-### Microsoft.Windows.Remediation.RemediationShellUnexpectedExceptionId
-
-This event identifies the remediation plug-in that returned an unexpected exception and provides information about the exception. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation Vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **PackageVersion**  The version number of the current remediation package.
-- **RemediationShellUnexpectedExceptionId**  The ID of the remediation plug-in that caused the exception.
-
-
-### Microsoft.Windows.Remediation.RemediationUHEnableServiceFailed
-
-This event tracks the health of key update (Remediation) services and whether they are enabled. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation Vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **hResult**  The result of the event execution.
-- **PackageVersion**  The version number of the current remediation package.
-- **serviceName**  The name associated with the operation.
-
-
-### Microsoft.Windows.Remediation.RemediationUpgradeSucceededDataEventId
-
-This event returns information about the upgrade upon success to help ensure Windows is up to date.
-
-The following fields are available:
-
-- **AppraiserPlugin**  TRUE / FALSE depending on whether the Appraiser plug-in task fix was successful.
-- **ClearAUOptionsPlugin**  TRUE / FALSE depending on whether the AU (Auto Updater) Options registry keys were successfully deleted.
-- **CV**  The Correlation Vector.
-- **DatetimeSyncPlugin**  TRUE / FALSE depending on whether the DateTimeSync plug-in ran successfully.
-- **DiskCleanupPlugin**  TRUE / FALSE depending on whether the DiskCleanup plug-in ran successfully.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **NoisyHammerPlugin**  TRUE / FALSE depending on whether the Auto UA plug-in ran successfully.
-- **PackageVersion**  The version number of the current remediation package.
-- **RebootRequiredPlugin**  TRUE / FALSE depending on whether the Reboot plug-in ran successfully.
-- **RemediationNotifyUserFixIssuesPlugin**  TRUE / FALSE depending on whether the User Fix Issues plug-in ran successfully
-- **RemediationPostUpgradeDiskSpace**  The amount of disk space available after the upgrade.
-- **RemediationPostUpgradeHibernationSize**  The size of the Hibernation file after the upgrade.
-- **ServiceHealthPlugin**  A list of services updated by the plug-in.
-- **SIHHealthPlugin**  TRUE / FALSE depending on whether the SIH Health plug-in ran successfully.
-- **StackDataResetPlugin**  TRUE / FALSE depending on whether the update stack completed successfully.
-- **TaskHealthPlugin**  A list of tasks updated by the plug-in.
-- **UpdateApplicabilityFixerPlugin**  TRUE / FALSE depending on whether the update applicability fixer plug-in completed successfully.
-- **WindowsUpdateEndpointPlugin**  TRUE / FALSE depending on whether the Windows Update Endpoint was successful.
-
-
-### Microsoft.Windows.Remediation.Started
-
-This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  The version of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.Remediation.wilResult
-
-This event provides Self Update information to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  A list of diagnostic activities containing this error.
-- **currentContextId**  An identifier for the newest diagnostic activity containing this error.
-- **currentContextMessage**  A message associated with the most recent diagnostic activity containing this error (if any).
-- **currentContextName**  Name of the most recent diagnostic activity containing this error.
-- **failureCount**  Number of failures seen within the binary where the error occurred.
-- **failureId**  The identifier assigned to this failure.
-- **failureType**  Indicates the type of failure observed (exception, returned, error, logged error, or fail fast).
-- **fileName**  The source code file name where the error occurred.
-- **function**  The name of the function where the error occurred.
-- **hresult**  The failure error code.
-- **lineNumber**  The Line Number within the source code file where the error occurred.
-- **message**  A message associated with the failure (if any).
-- **module**  The name of the binary module in which the error occurred.
-- **originatingContextId**  The identifier for the oldest diagnostic activity containing this error.
-- **originatingContextMessage**  A message associated with the oldest diagnostic activity containing this error (if any).
-- **originatingContextName**  The name of the oldest diagnostic activity containing this error.
-- **threadId**  The identifier of the thread the error occurred on.
-
-
-## Sediment events
-
-### Microsoft.Windows.Sediment.Info.AppraiserData
-
-This event provides data on the current Appraiser status of the device to help ensure Windows is up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The value of the Return Code for the registry query.
-- **GStatus**  The pre-upgrade GStatus value.
-- **PayloadVersion**  The version information for the remediation component.
-- **RegKeyName**  The name of the registry subkey where data was found for this event.
-- **Time**  The system time at which the event began.
-- **UpgEx**  The pre-upgrade UpgEx value.
-
-
-### Microsoft.Windows.Sediment.Info.BinaryInfo
-
-This event provides information about the binary returned by the Operating System Remediation System Service (OSRSS) to help ensure Windows is up to date.
-
-The following fields are available:
-
-- **BinaryPath**  The sanitized name of the system binary from which the data was gathered.
-- **ErrorCode**  The value of the return code for querying the version from the binary.
-- **FileVerBuild**  The binary’s build number.
-- **FileVerMajor**  The binary’s major version number.
-- **FileVerMinor**  The binary’s minor version number.
-- **FileVerRev**  The binary’s revision number.
-- **PayloadVersion**  The version information for the remediation component.
-- **Time**  The system time at which the event began.
-
-
-### Microsoft.Windows.Sediment.Info.DetailedState
-
-This event is sent when detailed state information is needed from an update trial run. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### Microsoft.Windows.Sediment.Info.DownloadServiceError
-
-This event provides information when the Download Service returns an error. The information provided helps keep Windows up to date.
-
-The following fields are available:
-
-- **Architecture**  The platform architecture used to identify the correct download payload.
-- **BuildNumber**  The starting build number used to identify the correct download payload.
-- **Edition**  The Operating System Edition used to identify the correct download payload.
-- **Error**  The description of the error encountered.
-- **LanguageCode**  The system User Interface Language used to identify the correct download payload.
-- **Stack**  Details about the error encountered.
-- **WorkingDirectory**  The folder location (path) downloader was attempting to say the payload to.
-
-
-### Microsoft.Windows.Sediment.Info.DownloadServiceProgress
-
-This event indicates the progress of the downloader in 1% increments. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **Percentage**  The amount successfully downloaded, measured as a percentage of the whole.
-
-
-### Microsoft.Windows.Sediment.Info.Error
-
-This event indicates an error in the updater payload. This information assists in keeping Windows up to date.
-
-The following fields are available:
-
-- **FailureType**  The type of error encountered.
-- **FileName**  The code file in which the error occurred.
-- **HResult**  The failure error code.
-- **LineNumber**  The line number in the code file at which the error occurred.
-- **ReleaseVer**  The version information for the component in which the error occurred.
-- **Time**  The system time at which the error occurred.
-
-
-### Microsoft.Windows.Sediment.Info.PhaseChange
-
-The event indicates progress made by the updater. This information assists in keeping Windows up to date.
-
-The following fields are available:
-
-- **NewPhase**  The phase of progress made.
-- **ReleaseVer**  The version information for the component in which the change occurred.
-- **Time**  The system time at which the phase chance occurred.
-
-
-### Microsoft.Windows.Sediment.Info.ServiceInfo
-
-This event provide information about the system service for which data is being gathered by the Operating System Remediation System Service (OSRSS) to help ensure Windows is up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The value returned by the error for querying the service information.
-- **PayloadVersion**  The version information for the remediation component.
-- **ServiceName**  The name of the system service for which data was gathered.
-- **ServiceStatus**  The status of the specified service.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.Info.Uptime
-
-This event provides information about how long the device has been operating. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **Days**  The number of days the device has been on.
-- **Hours**  The number of hours the device has been on.
-- **Minutes**  The number of minutes the device has been on.
-- **PayloadVersion**  The version information for the remediation component.
-- **Seconds**  The number of seconds the machine has been on.
-- **Ticks**  The number of system clock “ticks” the device has been on.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ApplicabilityCheckFailed
-
-This event returns data relating to the error state after one of the applicability checks for the installer component of the Operating System Remediation System Service (OSRSS) has failed. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CheckName**  The name of the applicability check that failed.
-- **InstallerVersion**  The version information for the installer component.
-- **Time**  The system timestamp for when the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.AttemptingUpdate
-
-This event indicates the Operating System Remediation System Service (OSRSS) installer is attempting an update to itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.BinaryUpdated
-
-This event indicates the Operating System Remediation System Service (OSRSS) updated installer binaries with new binaries as part of its self-update process. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.Error
-
-This event indicates an error occurred in the Operating System Remediation System Service (OSRSS). The information provided helps ensure future upgrade/update attempts are more successful. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **FailureType**  The type of error encountered.
-- **FileName**  The code file in which the error occurred.
-- **HResult**  The failure error code.
-- **InstallerVersion**  The version information of the Installer component.
-- **LineNumber**  The line number in the code file at which the error occurred.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.InstallerLaunched
-
-This event indicates the Operating System Remediation System Service (OSRSS) has launched. The information provided helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceInstalled
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully installed the Installer Component. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceRestarted
-
-This event indicates the Operating System Remediation System Service (OSRSS) has restarted after installing an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStarted
-
-This event indicates the Operating System Remediation System Service (OSRSS) has started after installing an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStopped
-
-This event indicates the Operating System Remediation System Service (OSRSS) was stopped by a self-updated to install an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UninstallerCompleted
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully uninstalled the installed version as part of a self-update. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UninstallerLaunched
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully started the Uninstaller as part of a self-update. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterCompleted
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully completed the self-update operation. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterLaunched
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully launched the self-updater after downloading it. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.SedimentLauncher.Applicable
-
-This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DetectedCondition**  Boolean true if detect condition is true and perform action will be run.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **IsSelfUpdateEnabledInOneSettings**  True if self update enabled in Settings.
-- **IsSelfUpdateNeeded**  True if self update needed by device.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentLauncher.Completed
-
-This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **FailedReasons**  Concatenated list of failure reasons.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **SedLauncherExecutionResult**  HRESULT for one execution of the Sediment Launcher.
-
-
-### Microsoft.Windows.SedimentLauncher.Error
-
-This event indicates an error occurred during the execution of the plug-in. The information provided helps ensure future upgrade/update attempts are more successful. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  The result for the Detection or Perform Action phases of the plug-in.
-- **Message**  A message containing information about the error that occurred (if any).
-- **PackageVersion**  The version number of the current remediation package.
-
-
-### Microsoft.Windows.SedimentLauncher.FallbackError
-
-This event indicates that an error occurred during execution of the plug-in fallback. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **s0**  Error occurred during execution of the plugin fallback. See [Microsoft.Windows.SedimentLauncher.wilResult](#microsoftwindowssedimentlauncherwilresult).
-
-
-### Microsoft.Windows.SedimentLauncher.Information
-
-This event provides general information returned from the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  This is the HRESULT for detection or perform action phases of the plugin.
-- **Message**  Information message returned from a plugin containing only information internal to the plugins execution.
-- **PackageVersion**  Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentLauncher.Started
-
-This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentLauncher.wilResult
-
-This event provides the result from the Windows internal library. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  List of telemetry activities containing this error.
-- **currentContextId**  Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage**  Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName**  Name of the newest telemetry activity containing this error.
-- **failureCount**  Number of failures seen within the binary where the error occurred.
-- **failureId**  Identifier assigned to this failure.
-- **failureType**  Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName**  Source code file name where the error occurred.
-- **function**  Name of the function where the error occurred.
-- **hresult**  Failure error code.
-- **lineNumber**  Line number within the source code file where the error occurred.
-- **message**  Custom message associated with the failure (if any).
-- **module**  Name of the binary where the error occurred.
-- **originatingContextId**  Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage**  Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName**  Name of the oldest telemetry activity containing this error.
-- **threadId**  Identifier of the thread the error occurred on.
-
-
-### Microsoft.Windows.SedimentService.Applicable
-
-This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DetectedCondition**  Determine whether action needs to run based on device properties.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **IsSelfUpdateEnabledInOneSettings**  Indicates if self update is enabled in One Settings.
-- **IsSelfUpdateNeeded**  Indicates if self update is needed.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentService.Completed
-
-This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **FailedReasons**  List of reasons when the plugin action failed.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **SedimentServiceCheckTaskFunctional**  True/False if scheduled task check succeeded.
-- **SedimentServiceCurrentBytes**  Number of current private bytes of memory consumed by sedsvc.exe.
-- **SedimentServiceKillService**  True/False if service is marked for kill (Shell.KillService).
-- **SedimentServiceMaximumBytes**  Maximum bytes allowed for the service.
-- **SedimentServiceRetrievedKillService**  True/False if result of One Settings check for kill succeeded - we only send back one of these indicators (not for each call).
-- **SedimentServiceStopping**  True/False indicating whether the service is stopping.
-- **SedimentServiceTaskFunctional**  True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
-- **SedimentServiceTotalIterations**  Number of 5 second iterations service will wait before running again.
-
-
-### Microsoft.Windows.SedimentService.Error
-
-This event indicates whether an error condition occurred in the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  This is the HRESULT for detection or perform action phases of the plugin.
-- **Message**  Custom message associated with the failure (if any).
-- **PackageVersion**  Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentService.FallbackError
-
-This event indicates whether an error occurred for a fallback in the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **s0**  Event returned when an error occurs for a fallback in the plugin. See [Microsoft.Windows.SedimentService.wilResult](#microsoftwindowssedimentservicewilresult).
-
-
-### Microsoft.Windows.SedimentService.Information
-
-This event provides general information returned from the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  This is the HRESULT for detection or perform action phases of the plugin.
-- **Message**  Custom message associated with the failure (if any).
-- **PackageVersion**  Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentService.Started
-
-This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation Vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **PackageVersion**  The version number of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentService.wilResult
-
-This event provides the result from the Windows internal library. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  List of telemetry activities containing this error.
-- **currentContextId**  Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage**  Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName**  Name of the newest telemetry activity containing this error.
-- **failureCount**  Number of failures seen within the binary where the error occurred.
-- **failureId**  Identifier assigned to this failure.
-- **failureType**  Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName**  Source code file name where the error occurred.
-- **function**  Name of the function where the error occurred.
-- **hresult**  Failure error code.
-- **lineNumber**  Line number within the source code file where the error occurred.
-- **message**  Custom message associated with the failure (if any).
-- **module**  Name of the binary where the error occurred.
-- **originatingContextId**  Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage**  Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName**  Name of the oldest telemetry activity containing this error.
-- **threadId**  Identifier of the thread the error occurred on.
-
-
-## Setup events
-
-### SetupPlatformTel.SetupPlatformTelActivityEvent
-
-This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActivityId**  Provides a unique ID to correlate events that occur between a activity start event, and a stop event
-- **ActivityName**  Provides a friendly name of the package type that belongs to the ActivityId (Setup, LanguagePack, GDR, Driver, etc.)
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **value**  Value associated with the corresponding event name. For example, time-related events will include the system time
-- **Value**  Value associated with the corresponding event name. For example, time-related events will include the system time
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStarted
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-The following fields are available:
-
-- **Name**  The name of the dynamic update type. Example: GDR driver
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStopped
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-
-
-### SetupPlatformTel.SetupPlatformTelEvent
-
-This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **Value**  Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
-
-
-## Shared PC events
-
-### Microsoft.Windows.SharedPC.AccountManager.DeleteUserAccount
-
-Activity for deletion of a user account for devices set up for Shared PC mode as part of the Transient Account Manager to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates.
-
-The following fields are available:
-
-- **accountType**  The type of account that was deleted. Example: AD, Azure AD, or Local
-- **userSid**  The security identifier of the account.
-- **wilActivity**  Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.SharedPC.AccountManager.SinglePolicyEvaluation
-
-Activity for run of the Transient Account Manager that determines if any user accounts should be deleted for devices set up for Shared PC mode to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates
-
-The following fields are available:
-
-- **evaluationTrigger**  When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours
-- **totalAccountCount**  The number of accounts on a device after running the Transient Account Manager policies.
-- **wilActivity**  Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity).
-
-
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The function where the failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-### wilResult
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The call context stack where failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-## SIH events
-
-### SIHEngineTelemetry.EvalApplicability
-
-This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### SIHEngineTelemetry.ExecuteAction
-
-This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### SIHEngineTelemetry.PostRebootReport
-
-This event reports the status of an action following a reboot, should one have been required. The data collected with this event is used to help keep Windows up to date.
-
-
-
-## Software update events
-
-### SoftwareUpdateClientTelemetry.CheckForUpdates
-
-This event sends tracking data about the software distribution client check for content that is applicable to a device, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActivityMatchingId**  Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults**  Indicates if the scan allowed using cached results.
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BranchReadinessLevel**  The servicing branch configured on the device.
-- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CapabilityDetectoidGuid**  The GUID for a hardware applicability detectoid that could not be evaluated.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-- **ClientVersion**  The version number of the software distribution client.
-- **Context**  Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeferralPolicySources**  Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
-- **DeferredUpdates**  Update IDs which are currently being deferred until a later time
-- **DeviceModel**  What is the device model.
-- **DriverError**  The error code hit during a driver scan. This is 0 if no error was encountered.
-- **DriverExclusionPolicy**  Indicates if the policy for not including drivers with Windows Update is enabled.
-- **DriverSyncPassPerformed**  Were drivers scanned this time?
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **ExtendedMetadataCabUrl**  Hostname that is used to download an update.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FailedUpdateGuids**  The GUIDs for the updates that failed to be evaluated during the scan.
-- **FailedUpdatesCount**  The number of updates that failed to be evaluated during the scan.
-- **FeatureUpdateDeferral**  The deferral period configured for feature OS updates on the device (in days).
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FeatureUpdatePausePeriod**  The pause duration configured for feature OS updates on the device (in days).
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
-- **MSIError**  The last error that was encountered during a scan for updates.
-- **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
-- **NumberOfApplicableUpdates**  The number of updates which were ultimately deemed applicable to the system after the detection process is complete
-- **NumberOfApplicationsCategoryScanEvaluated**  The number of categories (apps) for which an app update scan checked
-- **NumberOfLoop**  The number of round trips the scan required
-- **NumberOfNewUpdatesFromServiceSync**  The number of updates which were seen for the first time in this scan
-- **NumberOfUpdatesEvaluated**  The total number of updates which were evaluated as a part of the scan
-- **NumFailedMetadataSignatures**  The number of metadata signatures checks which failed for new metadata synced down.
-- **Online**  Indicates if this was an online scan.
-- **PausedUpdates**  A list of UpdateIds which that currently being paused.
-- **PauseFeatureUpdatesEndTime**  If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseFeatureUpdatesStartTime**  If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PauseQualityUpdatesEndTime**  If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseQualityUpdatesStartTime**  If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdateDeferral**  The deferral period configured for quality OS updates on the device (in days).
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **QualityUpdatePausePeriod**  The pause duration configured for quality OS updates on the device (in days).
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **ScanDurationInSeconds**  The number of seconds a scan took
-- **ScanEnqueueTime**  The number of seconds it took to initialize a scan
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
-- **ServiceUrl**  The environment URL a device is configured to scan with
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
-- **SyncType**  Describes the type of scan the event was
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetMetadataVersion**  For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
-- **TotalNumMetadataSignatures**  The total number of metadata signatures checks done for new metadata that was synced down.
-- **WebServiceRetryMethods**  Web service method requests that needed to be retried to complete operation.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.Commit
-
-This event sends data on whether the Update Service has been called to execute an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client.
-- **DeviceModel**  What is the device model.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  State of call
-- **EventType**  Possible values are "Child", "Bundle", or "Driver".
-- **FlightId**  The specific ID of the flight the device is getting
-- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
-- **RevisionNumber**  Unique revision number of Update
-- **ServerId**  Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **UpdateId**  Unique Update ID
-- **WUDeviceID**  UniqueDeviceID
-
-
-### SoftwareUpdateClientTelemetry.Download
-
-This event sends tracking data about the software distribution client download of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActiveDownloadTime**  How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.
-- **AppXBlockHashValidationFailureCount**  A count of the number of blocks that have failed validation after being downloaded.
-- **AppXDownloadScope**  Indicates the scope of the download for application content.
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The SKU number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleBytesDownloaded**  Number of bytes downloaded for the specific content bundle.
-- **BundleId**  Identifier associated with the specific content bundle.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle had previously failed to download.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **BytesDownloaded**  How many bytes were downloaded for an individual piece of content (not the entire bundle).
-- **CachedEngineVersion**  The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable.
-- **CallerApplicationName**  The name provided by the application that initiated API calls into the software distribution client.
-- **CbsDownloadMethod**  Indicates whether the download was a full- or a partial-file download.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  ID which defines which CDN the software distribution client downloaded the content from.
-- **ClientManagedByWSUSServer**  Indicates whether the client is managed by Windows Server Update Services (WSUS).
-- **ClientVersion**  The version number of the software distribution client.
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeviceModel**  The model of the device.
-- **DeviceOEM**  Identifies the Original Equipment Manufacturer (OEM) of the device.
-- **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
-- **DownloadScenarioId**  A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events.
-- **DownloadType**  Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads.
-- **Edition**  Identifies the edition of Windows currently running on the device.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventNamespaceID**  The ID of the test events environment.
-- **EventScenario**  Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed.
-- **EventType**  Identifies the type of the event (Child, Bundle, or Driver).
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightBuildNumber**  If this download was for a flight (pre-release build), this indicates the build number of that flight.
-- **FlightId**  The specific ID of the flight (pre-release build) the device is getting.
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HandlerType**  Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
-- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **HostName**  The parent URL the content is downloading from.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6.
-- **IsAOACDevice**  Indicates whether the device is an Always On, Always Connected (AOAC) device.
-- **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **NetworkCostBitMask**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
-- **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
-- **PackageFullName**  The package name of the content.
-- **PhonePreviewEnabled**  Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
-- **PlatformRole**  The role of the OS platform (Desktop, Mobile, Workstation, etc.).
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **ProcessorArchitecture**  Processor architecture of the system (x86, AMD64, ARM).
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The Correlation Vector that was used before the most recent change to a new Correlation Vector.
-- **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
-- **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
-- **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
-- **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TargetMetadataVersion**  The version of the currently downloading (or most recently downloaded) package.
-- **ThrottlingServiceHResult**  Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
-- **TimeToEstablishConnection**  Time (in milliseconds) it took to establish the connection prior to beginning downloaded.
-- **TotalExpectedBytes**  The total size (in Bytes) expected to be downloaded.
-- **UpdateId**  An identifier associated with the specific piece of content.
-- **UpdateID**  An identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates whether the content was marked as Important, Recommended, or Optional.
-- **UsedDO**  Indicates whether the download used the Delivery Optimization (DO) service.
-- **UsedSystemVolume**  Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-- **WUSetting**  Indicates the users' current updating settings.
-
-
-### SoftwareUpdateClientTelemetry.DownloadCheckpoint
-
-This event provides a checkpoint between each of the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
-- **EventType**  Possible values are "Child", "Bundle", "Release" or "Driver"
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough
-- **FileId**  A hash that uniquely identifies a file
-- **FileName**  Name of the downloaded file
-- **FlightId**  The unique identifier for each flight
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RevisionNumber**  Unique revision number of Update
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
-- **UpdateId**  Unique Update ID
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### SoftwareUpdateClientTelemetry.DownloadHeartbeat
-
-This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BundleID**  Identifier associated with the specific content bundle. If this value is found, it shouldn't report as all zeros
-- **BytesTotal**  Total bytes to transfer for this content
-- **BytesTransferred**  Total bytes transferred for this content at the time of heartbeat
-- **ConnectionStatus**  Indicates the connectivity state of the device at the time of heartbeat
-- **CurrentError**  Last (transient) error encountered by the active download
-- **DownloadFlags**  Flags indicating if power state is ignored
-- **DownloadState**  Current state of the active download for this content (queued, suspended, or progressing)
-- **IsNetworkMetered**  Indicates whether Windows considered the current network to be ?metered"
-- **MOAppDownloadLimit**  Mobile operator cap on size of application downloads, if any
-- **MOUpdateDownloadLimit**  Mobile operator cap on size of operating system update downloads, if any
-- **PowerState**  Indicates the power state of the device at the time of heartbeat (DC, AC, Battery Saver, or Connected Standby)
-- **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one
-- **ResumeCount**  Number of times this active download has resumed from a suspended state
-- **ServiceID**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
-- **SuspendCount**  Number of times this active download has entered a suspended state
-- **SuspendReason**  Last reason for why this active download entered a suspended state
-
-
-### SoftwareUpdateClientTelemetry.Install
-
-This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleBytesDownloaded**  How many bytes were downloaded for the specific content bundle?
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailFlag**  Has this particular update bundle previously failed to install?
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CbsDownloadMethod**  Was the download a full download or a partial download?
-- **ClientManagedByWSUSServer**  Is the client managed by Windows Server Update Services (WSUS)?
-- **ClientVersion**  The version number of the software distribution client.
-- **CSIErrorType**  The stage of CBS installation where it failed.
-- **CurrentMobileOperator**  Mobile operator that device is currently connected to.
-- **DeviceModel**  What is the device model.
-- **DeviceOEM**  What OEM does this device belong to.
-- **DownloadPriority**  The priority of the download activity.
-- **DownloadScenarioId**  A unique ID for a given download used to tie together Windows Update and DO events.
-- **DriverPingBack**  Contains information about the previous driver and system state.
-- **Edition**  Indicates the edition of Windows being used.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventNamespaceID**  Indicates whether the event succeeded or failed. Has the format EventType+Event where Event is Succeeded, Cancelled, Failed, etc.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **EventType**  Possible values are Child, Bundle, or Driver.
-- **ExtendedErrorCode**  The extended error code.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FeatureUpdatePause**  Are feature OS updates paused on the device?
-- **FlightBranch**  The branch that a device is on if participating in the Windows Insider Program.
-- **FlightBuildNumber**  If this installation was for a Windows Insider build, this is the build number of that build.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **FlightRing**  The ring that a device is on if participating in the Windows Insider Program.
-- **HandlerType**  Indicates what kind of content is being installed. Example: app, driver, Windows update
-- **HardwareId**  If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IsAOACDevice**  Is it Always On, Always Connected? (Mobile device usage model)
-- **IsDependentSet**  Is the driver part of a larger System Hardware/Firmware update?
-- **IsFinalOutcomeEvent**  Does this event signal the end of the update/upgrade process?
-- **IsFirmware**  Is this update a firmware update?
-- **IsSuccessFailurePostReboot**  Did it succeed and then fail after a restart?
-- **IsWUfBDualScanEnabled**  Is Windows Update for Business dual scan enabled on the device?
-- **IsWUfBEnabled**  Is Windows Update for Business enabled on the device?
-- **MergedUpdate**  Was the OS update and a BSP update merged for installation?
-- **MsiAction**  The stage of MSI installation where it failed.
-- **MsiProductCode**  The unique identifier of the MSI installer.
-- **PackageFullName**  The package name of the content being installed.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting being introduced.
-- **PlatformRole**  The PowerPlatformRole.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **ProcessorArchitecture**  Processor architecture of the system (x86, AMD64, ARM).
-- **QualityUpdatePause**  Are quality OS updates paused on the device?
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to install.
-- **RepeatSuccessInstallFlag**  Indicates whether this specific piece of content had previously installed successful, for example if another user had already installed it.
-- **RevisionNumber**  The revision number of this specific piece of content.
-- **ServiceGuid**  An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
-- **Setup360Phase**  If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of an installation event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode**  The ID which represents a given MSI installation
-- **UpdateId**  Unique update ID
-- **UpdateID**  An identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedSystemVolume**  Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-- **WUSetting**  Indicates the user's current updating settings.
-
-
-### SoftwareUpdateClientTelemetry.SLSDiscovery
-
-This event sends data about the ability of Windows to discover the location of a backend server with which it must connect to perform updates or content acquisition, in order to determine disruptions in availability of update services and provide context for Windows Update errors. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
-- **HResult**  Indicates the result code of the event (success, cancellation, failure code HResult)
-- **IsBackground**  Indicates whether the SLS discovery event took place in the foreground or background
-- **NextExpirationTime**  Indicates when the SLS cab expires
-- **ServiceID**  An ID which represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.)
-- **SusClientId**  The unique device ID controlled by the software distribution client
-- **UrlPath**  Path to the SLS cab that was downloaded
-- **WUAVersion**  The version number of the software distribution client
-
-
-### SoftwareUpdateClientTelemetry.UpdateDetected
-
-This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **NumberOfApplicableUpdates**  The number of updates ultimately deemed applicable to the system after the detection process is complete.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
-- **ServiceGuid**  An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
-- **WUDeviceID**  The unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **EndpointUrl**  The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
-- **EventScenario**  The purpose of this event, such as scan started, scan succeeded, or scan failed.
-- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
-- **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode**  The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
-- **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
-- **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
-- **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
-- **RevisionId**  The revision ID for a specific piece of content.
-- **RevisionNumber**  The revision number for a specific piece of content.
-- **ServiceGuid**  Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
-- **SHA256OfLeafCerData**  A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfTimestampToken**  An encoded string of the timestamp token.
-- **SignatureAlgorithm**  The hash algorithm for the metadata signature.
-- **SLSPrograms**  A test program to which a device may have opted in. Example: Insider Fast
-- **StatusCode**  The status code of the event.
-- **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
-- **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
-- **UpdateId**  The update ID for a specific piece of content.
-- **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
-
-
-## Update Assistant events
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.BlockingEventId
-
-The event sends basic info on the reason that Windows 10 was not updated due to compatibility issues, previous rollbacks, or admin policies. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ApplicabilityBlockedReason**  Blocked due to an applicability issue.
-- **BlockWuUpgrades**  The upgrade assistant is currently blocked.
-- **clientID**  An identification of the current release of Update Assistant.
-- **CloverTrail**  This device is Clovertrail.
-- **DeviceIsMdmManaged**  This device is MDM managed.
-- **IsNetworkAvailable**  If the device network is not available.
-- **IsNetworkMetered**  If network is metered.
-- **IsSccmManaged**  This device is managed by Configuration Manager.
-- **NewlyInstalledOs**  OS is newly installed quiet period.
-- **PausedByPolicy**  Updates are paused by policy.
-- **RecoveredFromRS3**  Previously recovered from RS3.
-- **RS1UninstallActive**  Blocked due to an active RS1 uninstall.
-- **RS3RollBacks**  Exceeded number of allowable RS3 rollbacks.
-- **triggerTaskSource**  Describe which task launches this instance.
-- **WsusManaged**  This device is WSUS managed.
-- **ZeroExhaust**  This device is zero exhaust.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.DeniedLaunchEventId
-
-The event sends basic info when a device was blocked or prevented from updating to the latest Windows 10 version. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **denyReason**  All the reasons why the Update Assistant was prevented from launching. Bitmask with values from UpdateAssistant.cpp eUpgradeModeReason.
-- **triggerTaskSource**  Describe which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedLaunchEventId
-
-This event indicates that Update Assistant Orchestrator failed to launch Update Assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **hResult**  Error code of the Update Assistant Orchestrator failure.
-- **triggerTaskSource**  Describe which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedOneSettingsQueryEventId
-
-This event indicates that One Settings was not queried by update assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **hResult**  Error code of One Settings query failure.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.LaunchEventId
-
-This event sends basic information on whether the device should be updated to the latest Windows 10 version. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **autoStartRunCount**  The auto start run count of Update Assistant.
-- **clientID**  The ID of the current release of Update Assistant.
-- **launchMode**  Indicates the type of launch performed.
-- **launchTypeReason**  A bitmask of all the reasons for type of launch.
-- **triggerTaskSource**  Indicates which task launches this instance.
-- **UALaunchRunCount**  Total number of times Update Assistant launched.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.RestoreEventId
-
-The event sends basic info on whether the Windows 10 update notification has previously launched. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  ID of the current release of Update Assistant.
-- **restoreReason**  All the reasons for the restore.
-- **triggerTaskSource**  Indicates which task launches this instance.
-
-
-## Update events
-
-### Update360Telemetry.UpdateAgent_DownloadRequest
-
-This event sends data during the download request phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeletedCorruptFiles**  Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
-- **ErrorCode**  The error code returned for the current download request phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PackageCountOptional**  Number of optional packages requested.
-- **PackageCountRequired**  Number of required packages requested.
-- **PackageCountTotal**  Total number of packages needed.
-- **PackageCountTotalCanonical**  Total number of canonical packages.
-- **PackageCountTotalDiff**  Total number of diff packages.
-- **PackageCountTotalExpress**  Total number of express packages.
-- **PackageSizeCanonical**  Size of canonical packages in bytes
-- **PackageSizeDiff**  Size of diff packages in bytes
-- **PackageSizeExpress**  Size of express packages in bytes
-- **RangeRequestState**  Represents the state of the download range request.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Result of the download request phase of update.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_FellBackToCanonical
-
-This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **PackageCount**  The number of packages that fell back to “canonical”.
-- **PackageList**  PackageIDs which fell back to “canonical”.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-
-
-### Update360Telemetry.UpdateAgent_Initialize
-
-This event sends data during the initialize phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current initialize phase.
-- **FlightId**  Unique ID for each flight.
-- **FlightMetadata**  Contains the FlightId and the build being flighted.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **SessionId**  Unique value for each Update Agent mode attempt .
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_Install
-
-This event sends data during the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest scan.
-- **Result**  Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_Merge
-
-This event sends data on the merge phase when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current reboot.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-
-
-### Update360Telemetry.UpdateAgent_ModeStart
-
-This event sends data for the start of each mode during the process of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **Mode**  Indicates that the Update Agent mode that has started. 1 = Initialize, 2 = DownloadRequest, 3 = Install, 4 = Commit
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest scan.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_SetupBoxLaunch
-
-This event sends data during the launching of the setup box when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **Quiet**  Indicates whether setup is running in quiet mode. 0 = false 1 = true
-- **RelatedCV**  Correlation vector value generated from the latest scan.
-- **SandboxSize**  The size of the sandbox folder on the device.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **SetupMode**  Setup mode 1 = predownload, 2 = install, 3 = finalize
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentCommit
-
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentDownloadRequest
-
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
-- **DownloadRequests**  Number of times a download was retried.
-- **ErrorCode**  The error code returned for the current download request phase.
-- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
-- **FlightId**  Unique ID for each flight.
-- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
-- **ObjectId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **PackageCountOptional**  # of optional packages requested.
-- **PackageCountRequired**  # of required packages requested.
-- **PackageCountTotal**  Total # of packages needed.
-- **PackageCountTotalCanonical**  Total number of canonical packages.
-- **PackageCountTotalDiff**  Total number of diff packages.
-- **PackageCountTotalExpress**  Total number of express packages.
-- **PackageExpressType**  Type of express package.
-- **PackageSizeCanonical**  Size of canonical packages in bytes.
-- **PackageSizeDiff**  Size of diff packages in bytes.
-- **PackageSizeExpress**  Size of express packages in bytes.
-- **RangeRequestState**  Indicates the range request type used.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the download request phase of update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt (same value for initialize, download, install commit phases).
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentExpand
-
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ElapsedTickCount**  Time taken for expand phase.
-- **EndFreeSpace**  Free space after expand phase.
-- **EndSandboxSize**  Sandbox size after expand phase.
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **StartFreeSpace**  Free space before expand phase.
-- **StartSandboxSize**  Sandbox size after expand phase.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInitialize
-
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **FlightMetadata**  Contains the FlightId and the build being flighted.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionData**  String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInstall
-
-This event sends data for the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **ObjectId**  Correlation vector value generated from the latest USO scan.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  The result for the current install phase.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentMitigationResult
-
-This event sends data indicating the result of each update agent mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  Indicates whether the mitigation is applicable for the current update.
-- **CommandCount**  The number of command operations in the mitigation entry.
-- **CustomCount**  The number of custom operations in the mitigation entry.
-- **FileCount**  The number of file operations in the mitigation entry.
-- **FlightId**  Unique identifier for each flight.
-- **Index**  The mitigation index of this particular mitigation.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **Name**  The friendly name of the mitigation.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **OperationIndex**  The mitigation operation index (in the event of a failure).
-- **OperationName**  The friendly name of the mitigation operation (in the event of failure).
-- **RegistryCount**  The number of registry operations in the mitigation entry.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentMitigationSummary
-
-This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Update360Telemetry.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **Mode**  Indicates the mode that has started.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **Version**  Version of update
-
-
-### Update360Telemetry.UpdateAgentOneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Update360Telemetry.UpdateAgentSetupBoxLaunch
-
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ContainsExpressPackage**  Indicates whether the download package is express.
-- **FlightId**  Unique ID for each flight.
-- **FreeSpace**  Free space on OS partition.
-- **InstallCount**  Number of install attempts using the same sandbox.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **Quiet**  Indicates whether setup is running in quiet mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **SandboxSize**  Size of the sandbox.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **SetupMode**  Mode of setup to be launched.
-- **UpdateId**  Unique ID for each Update.
-- **UserSession**  Indicates whether install was invoked by user actions.
-
-
-## Upgrade events
-
-### FacilitatorTelemetry.DCATDownload
-
-This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
-
-
-
-### FacilitatorTelemetry.DUDownload
-
-This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### FacilitatorTelemetry.InitializeDU
-
-This event determines whether devices received additional or critical supplemental content during an OS upgrade. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.Downlevel
-
-This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ClientId**  If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the downlevel OS.
-- **HostOsSkuName**  The operating system edition which is running Setup360 instance (downlevel OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
-- **Setup360Result**  The result of Setup360 (HRESULT used to diagnose errors).
-- **Setup360Scenario**  The Setup360 flow type (for example, Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  An ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
-
-
-### Setup360Telemetry.Finalize
-
-This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.OsUninstall
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase or action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PostRebootInstall
-
-This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
-
-
-### Setup360Telemetry.PreDownloadQuiet
-
-This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous operating system).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreDownloadUX
-
-This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous operating system.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous operating system).
-- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PreInstallQuiet
-
-This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  Setup360 flow type (Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreInstallUX
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date.  Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type, Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.Setup360
-
-This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FieldName**  Retrieves the data point.
-- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
-- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **ReportId**  Retrieves the report ID.
-- **ScenarioId**  Retrieves the deployment scenario.
-- **Value**  Retrieves the value associated with the corresponding FieldName.
-
-
-### Setup360Telemetry.Setup360DynamicUpdate
-
-This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
-
-
-
-### Setup360Telemetry.Setup360MitigationResult
-
-This event sends data indicating the result of each setup mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.Setup360MitigationSummary
-
-This event sends a summary of all the setup mitigations available for this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.Setup360OneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.UnexpectedEvent
-
-This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-## Windows Error Reporting events
-
-### Microsoft.Windows.WERVertical.OSCrash
-
-This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
-
-The following fields are available:
-
-- **BootId**  Uint32 identifying the boot number for this device.
-- **BugCheckCode**  Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
-- **BugCheckParameter1**  Uint64 parameter providing additional information.
-- **BugCheckParameter2**  Uint64 parameter providing additional information.
-- **BugCheckParameter3**  Uint64 parameter providing additional information.
-- **BugCheckParameter4**  Uint64 parameter providing additional information.
-- **DumpFileAttributes**  Codes that identify the type of data contained in the dump file
-- **DumpFileSize**  Size of the dump file
-- **IsValidDumpFile**  True if the dump file is valid for the debugger, false otherwise
-- **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
-
-
-### WerTraceloggingProvider.AppCrashEvent
-
-This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record.
-
-The following fields are available:
-
-- **AppName**  The name of the app that crashed.
-- **AppSessionGuid**  The unique ID used as a correlation vector for process instances in the telemetry backend.
-- **AppTimeStamp**  The date time stamp of the app.
-- **AppVersion**  The version of the app that crashed.
-- **ExceptionCode**  The exception code returned by the process that crashed.
-- **ExceptionOffset**  The address where the exception occurred.
-- **Flags**  Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, do not terminate the process after reporting.
-- **ModName**  The module name of the process that crashed.
-- **ModTimeStamp**  The date time stamp of the module.
-- **ModVersion**  The module version of the process that crashed.
-- **PackageFullName**  The package name if the crashing application is packaged.
-- **PackageRelativeAppId**  The relative application ID if the crashing application is packaged.
-- **ProcessArchitecture**  The architecture of the system.
-- **ProcessCreateTime**  The time of creation of the process that crashed.
-- **ProcessId**  The ID of the process that crashed.
-- **ReportId**  A unique ID used to identify the report. This can be used to track the report.
-- **TargetAppId**  The target app ID.
-- **TargetAppVer**  The target app version.
-
-
-## Windows Phone events
-
-### Microsoft.Windows.Phone.Telemetry.OnBoot.RebootReason
-
-This event lists the reboot reason when an app is going to reboot.
-
-The following fields are available:
-
-- **BootId**  The system boot ID.
-- **BoottimeSinceLastShutdown**  The boot time since the last shutdown.
-- **RebootReason**  Reason for the reboot.
-
-
-## Windows Store events
-
-### Microsoft.Windows.Store.Partner.ReportApplication
-
-This is report application event for Microsoft Store client. The data collected with this event is used to help keep Windows up to date and secure.
-
-
-
-### Microsoft.Windows.Store.StoreActivating
-
-This event sends tracking data about when the Store app activation via protocol URI is in progress, to help keep Windows up to date.
-
-The following fields are available:
-
-- **correlationVectorRoot**  Identifies multiple events within a session/sequence. Initial value before incrementation or extension.
-- **protocolUri**  Protocol URI used to activate the store.
-- **reason**  The reason for activating the store.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
-
-This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The Item Bundle ID.
-- **CategoryId**  The Item Category ID.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IntentPFNs**  Intent Product Family Name
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Was this a mandatory update?
-- **IsRemediation**  Was this a remediation install?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Flag indicating if this is an update.
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The product family name of the product being installed.
-- **ProductId**  The identity of the package or packages being installed.
-- **SystemAttemptNumber**  The total number of automatic attempts at installation before it was canceled.
-- **UpdateId**  Update ID (if this is an update)
-- **UserAttemptNumber**  The total number of user attempts at installation before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
-
-This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
-
-This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
-
-This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all package or packages to be downloaded and installed.
-- **AttemptNumber**  Total number of installation attempts.
-- **BundleId**  The identity of the Windows Insider build that is associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IntentPFNs**  Intent Product Family Name
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this an automatic restore of a previously acquired product?
-- **IsUpdate**  Is this a product update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of all packages to be downloaded and installed.
-- **PreviousHResult**  The previous HResult code.
-- **PreviousInstallState**  Previous installation state before it was canceled.
-- **ProductId**  The name of the package or packages requested for installation.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  Total number of automatic attempts to install before it was canceled.
-- **UserAttemptNumber**  Total number of user attempts to install before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
-
-This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The Store Product ID of the app being installed.
-- **HResult**  HResult code of the action being performed.
-- **IsBundle**  Is this a bundle?
-- **PackageFamilyName**  The name of the package being installed.
-- **ProductId**  The Store Product ID of the product being installed.
-- **SkuId**  Specific edition of the item being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
-
-This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  Includes a set of package full names for each app that is part of an atomic set.
-- **AttemptNumber**  The total number of attempts to acquire this product.
-- **BundleId**  The bundle ID
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  HResult code to show the result of the operation (success/failure).
-- **IntentPFNs**  Intent Product Family Name
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Did the user initiate the installation?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this happening after a device restore?
-- **IsUpdate**  Is this an update?
-- **IsWin32**  Flag indicating if this is a Win32app.
-- **ParentBundledId**  The product's parent bundle ID.
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to acquire this product.
-- **UpdateId**  The update ID (if this is an update)
-- **UserAttemptNumber**  The number of attempts by the user to acquire this product
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
-
-This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The identity of the Windows Insider build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **DownloadSize**  The total size of the download.
-- **ExtendedHResult**  Any extended HResult error codes.
-- **HResult**  The result code of the last action performed.
-- **IntentPFNs**  Intent Product Family Name
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this initiated by the user?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this a restore of a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **IsWin32**  Flag indicating if this is a Win32 app (unused).
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  The Product Family Name of the app being download.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to download.
-- **UpdateId**  Update ID (if this is an update)
-- **UserAttemptNumber**  The number of attempts by the user to download.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
-
-This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
-
-This event is sent after sending the inventory of the products installed to determine whether updates for those products are available.  It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
-
-This event is sent after a product has been installed to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **ExtendedHResult**  The extended HResult error code.
-- **HResult**  The result code of the last action performed.
-- **IntentPFNs**  Intent Product Family Name
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this an interactive installation?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **IsWin32**  Flag indicating if this a Win32 app (unused).
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UpdateId**  Update ID (if this is an update)
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
-
-This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsApplicability**  Is this request to only check if there are any applicable packages to install?
-- **IsInteractive**  Is this user requested?
-- **IsOnline**  Is the request doing an online check?
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
-
-This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IntentPFNs**  The licensing identity of this package.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **IsWin32**  Flag indicating if this a Win32 app (unused).
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UpdateId**  Update ID (if this is an update)
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
-
-This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IntentPFNs**  The licensing identity of this package.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of system attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
-
-This event happens after a scan for available app updates. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
-
-This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **FailedRetry**  Indicates whether the installation or update retry was successful.
-- **HResult**  The HResult code of the operation.
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **ProductId**  The product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
-
-This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **ProductId**  The product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
-
-This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **BundleId**  The identity of the build associated with this product.
-- **CatalogId**  If this product is from a private catalog, the Store Product ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specific edition ID being installed.
-- **VolumePath**  The disk path of the installation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
-
-This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IntentPFNs**  The licensing identity of this package.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The Product Full Name.
-- **PreviousHResult**  The result code of the last action performed before this operation.
-- **PreviousInstallState**  Previous state before the installation or update was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
-
-This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IntentPFNs**  Intent Product Family Name
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **IsUserRetry**  Did the user initiate the retry?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **PreviousHResult**  The previous HResult error code.
-- **PreviousInstallState**  Previous state before the installation was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector for the original install before it was resumed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
-
-This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ProductId**  The Store Product ID for the product being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
-
-This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The Store Catalog ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specific edition of the app being updated.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
-
-This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **PFamN**  The name of the app that is requested for update.
-
-
-## Windows Update Delivery Optimization events
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
-
-This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download being done in the background?
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same group.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **clientTelId**  A random number used for device sampling.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **isVpn**  Indicates whether the device is connected to a VPN (Virtual Private Network).
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the file download session.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
-
-This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same domain group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same domain group.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **bytesRequested**  The total number of bytes requested for download.
-- **cdnConnectionCount**  The total number of connections made to the CDN.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp**  The IP address of the source CDN.
-- **clientTelId**  A random number used for device sampling.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downlinkBps**  The maximum measured available download bandwidth (in bytes per second).
-- **downlinkUsageBps**  The download speed (in bytes per second).
-- **downloadMode**  The download mode used for this file download session.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **fileSize**  The size of the file being downloaded.
-- **groupConnectionCount**  The total number of connections made to peers in the same group.
-- **internetConnectionCount**  The total number of connections made to peers not in the same LAN or the same group.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **lanConnectionCount**  The total number of connections made to peers in the same LAN.
-- **numPeers**  The total number of peers used for this download.
-- **restrictedUpload**  Is the upload restricted?
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the download session.
-- **totalTimeMs**  Duration of the download (in seconds).
-- **updateID**  The ID of the update being downloaded.
-- **uplinkBps**  The maximum measured available upload bandwidth (in bytes per second).
-- **uplinkUsageBps**  The upload speed (in bytes per second).
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
-
-This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **clientTelId**  A random number used for device sampling.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being paused.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **reasonCode**  The reason for pausing the download.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the download session.
-- **updateID**  The ID of the update being paused.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
-
-This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Indicates whether the download is happening in the background.
-- **cdnUrl**  The URL of the source CDN.
-- **clientTelId**  A random number used for device sampling.
-- **costFlags**  A set of flags representing network cost.
-- **deviceProfile**  Identifies the usage or form factor (such as Desktop, Xbox, or VM).
-- **diceRoll**  Random number used for determining if a client will use peering.
-- **doClientVersion**  The version of the Delivery Optimization client.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downloadMode**  The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
-- **errorCode**  The error code that was returned.
-- **experimentId**  ID used to correlate client/services calls that are part of the same test during A/B testing.
-- **fileID**  The ID of the file being downloaded.
-- **filePath**  The path to where the downloaded file will be written.
-- **groupID**  ID for the group.
-- **isVpn**  Indicates whether the device is connected to a Virtual Private Network.
-- **jobID**  The ID of the Windows Update job.
-- **minDiskSizeGB**  The minimum disk size (in GB) policy set for the device to allow peering with delivery optimization.
-- **minDiskSizePolicyEnforced**  Indicates whether there is an enforced minimum disk size requirement for peering.
-- **minFileSizePolicy**  The minimum content file size policy to allow the download using peering with delivery optimization.
-- **peerID**  The ID for this delivery optimization client.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID for the file download session.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  Indicates whether the download used memory streaming.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
-
-This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cdnHeaders**  The HTTP headers returned by the CDN.
-- **cdnIp**  The IP address of the CDN.
-- **cdnUrl**  The URL of the CDN.
-- **clientTelId**  A random number used for device sampling.
-- **errorCode**  The error code that was returned.
-- **errorCount**  The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **httpStatusCode**  The HTTP status code returned by the CDN.
-- **isHeadRequest**  The type of  HTTP request that was sent to the CDN. Example: HEAD or GET
-- **requestSize**  The size of the range requested from the CDN.
-- **responseSize**  The size of the range response received from the CDN.
-- **sessionID**  The ID of the download session.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.JobError
-
-This event represents a Windows Update job error. It allows for investigation of top errors. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientTelId**  A random number used for device sampling.
-- **errorCode**  The error code returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **jobID**  The Windows Update job ID.
-
-
-## Windows Update events
-
-### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationCompleted
-
-This event sends data collected at the end of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date.
-
-The following fields are available:
-
-- **MigrationDurationInMilliseconds**  How long the DMF migration took (in milliseconds)
-- **MigrationEndTime**  A system timestamp of when the DMF migration completed.
-- **RevisionNumbers**  A collection of revision numbers for the updates associated with the DMF session.
-- **UpdateIds**  A collection of GUIDs for updates that are associated with the DMF session.
-- **WuClientId**  The GUID of the Windows Update client responsible for triggering the DMF migration
-
-
-### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationStarted
-
-This event sends data collected at the beginning of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date.
-
-The following fields are available:
-
-- **MigrationMicrosoftPhases**  Revision numbers for the updates that were installed.
-- **MigrationOEMPhases**  WU Update IDs for the updates that were installed.
-- **MigrationStartTime**  The timestamp representing the beginning of the DMF migration
-- **RevisionNumbers**  A collection of the revision numbers associated with the UpdateIds.
-- **UpdateIds**  A collection of GUIDs identifying the upgrades that are running.
-- **WuClientId**  The GUID of the Windows Update client invoking DMF
-
-
-### Microsoft.Windows.Update.DataMigrationFramework.MigratorResult
-
-This event sends DMF migrator data to help keep Windows up to date.
-
-The following fields are available:
-
-- **CurrentStep**  This is the last step the migrator reported before returning a result. This tells us how far through the individual migrator the device was before failure.
-- **ErrorCode**  The result (as an HRESULT) of the migrator that just completed.
-- **MigratorId**  A GUID identifying the migrator that just completed.
-- **MigratorName**  The name of the migrator that just completed.
-- **RunDurationInSeconds**  The time it took for the migrator to complete.
-- **TotalSteps**  Migrators report progress in number of completed steps against the total steps. This is the total number of steps.
-
-
-### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
-
-This event indicates that a notification dialog box is about to be displayed to user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown.
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **EngagedModeLimit**  The number of days to switch between DTE dialog boxes.
-- **EnterAutoModeLimit**  The maximum number of days for a device to enter Auto Reboot mode.
-- **ETag**  OneSettings versioning value.
-- **IsForcedEnabled**  Indicates whether Forced Reboot mode is enabled for this device.
-- **IsUltimateForcedEnabled**  Indicates whether Ultimate Forced Reboot mode is enabled for this device.
-- **NotificationUxState**  Indicates which dialog box is shown.
-- **NotificationUxStateString**  Indicates which dialog box is shown.
-- **RebootUxState**  Indicates  the state of the restart (Engaged, Auto, Forced, or UltimateForced).
-- **RebootUxStateString**  Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
-- **RebootVersion**  Version of DTE.
-- **SkipToAutoModeLimit**  The minimum length of time to pass in restart pending before a device can be put into auto mode.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog
-
-This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose on this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog
-
-This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootForcedPrecursorDialog
-
-This event indicates that the Enhanced Engaged restart "forced precursor" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootForcedWarningDialog
-
-This event indicates that the Enhanced Engaged "forced warning" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
-
-This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time of the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
-
-This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  Time the dialog box was shown on the local device.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootSecondReminderDialog
-
-This event indicates that the second reminder dialog box was displayed for Enhanced Engaged restart. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The time the dialog box was shown on the local device.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootThirdReminderDialog
-
-This event indicates that the third reminder dialog box for Enhanced Engaged restart was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The time the dialog box was shown on the local device.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-
-
-### Microsoft.Windows.Update.Orchestrator.CommitFailed
-
-This event indicates that a device was unable to restart after an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code that was returned.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.Update.Orchestrator.DeferRestart
-
-This event indicates that a restart required for installing updates was postponed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **filteredDeferReason**  Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
-- **raisedDeferReason**  Indicates all potential reasons for postponing restart (such as user active, or low battery).
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Detection
-
-This event sends launch data for a Windows Update scan to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  The reason why the device could not check for updates.
-- **detectionBlockreason**  The reason detection did not complete.
-- **detectionDeferreason**  A log of deferral reasons for every update state.
-- **errorCode**  The error code returned for the current process.
-- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
-- **interactive**  Indicates whether the user initiated the session.
-- **revisionNumber**  The Update revision number.
-- **updateId**  The unique identifier of the Update.
-- **updateScenarioType**  Identifies the type of update session being performed.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Download
-
-This event sends launch data for a Windows Update download to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  Reason for download not completing.
-- **detectionDeferreason**  Reason for download not completing
-- **errorCode**  An error code represented as a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the session is user initiated.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
-
-This event sends data on whether the update was applicable to the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time when this event was generated.
-- **flightID**  The specific ID of the Windows Insider build.
-- **revisionNumber**  Update revision number.
-- **updateId**  Unique Windows Update ID.
-- **updateScenarioType**  Update session type.
-- **UpdateStatus**  Last status of update.
-- **wuDeviceid**  Unique Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
-
-This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time of the event.
-- **flightID**  Unique update ID
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Install
-
-This event sends launch data for a Windows Update install to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **errorCode**  The error code represented by a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The ID of the Windows Insider build the device is getting.
-- **flightUpdate**  Indicates whether the update is a Windows Insider build.
-- **ForcedRebootReminderSet**  A boolean value that indicates if a forced reboot will happen for updates.
-- **installCommitfailedtime**  The time it took for a reboot to happen but the upgrade failed to progress.
-- **installRebootinitiatetime**  The time it took for a reboot to be attempted.
-- **interactive**  Identifies if session is user initiated.
-- **minutesToCommit**  The time it took to install updates.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.LowUptimes
-
-This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **lowUptimeMinHours**  Current setting for the minimum number of hours needed to not be considered low uptime.
-- **lowUptimeQueryDays**  Current setting for the number of recent days to check for uptime.
-- **uptimeMinutes**  Number of minutes of uptime measured.
-- **wuDeviceid**  Unique device ID for Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
-
-This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **externalOneshotupdate**  The last time a task-triggered scan was completed.
-- **interactiveOneshotupdate**  The last time an interactive scan was completed.
-- **oldlastscanOneshotupdate**  The last time a scan completed successfully.
-- **wuDeviceid**  The Windows Update Device GUID (Globally-Unique ID).
-
-
-### Microsoft.Windows.Update.Orchestrator.PostInstall
-
-This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in megawatt-hours (mWh) or percentage left.
-- **bundleId**  The unique identifier associated with the specific content bundle.
-- **bundleRevisionnumber**  Identifies the revision number of the content bundle.
-- **errorCode**  The error code returned for the current phase.
-- **eventScenario**  State of update action.
-- **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
-- **sessionType**  The Windows Update session type (Interactive or Background).
-- **wuDeviceid**  The unique device identifier used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged
-
-This event is sent when the options in power menu changed, usually due to an update pending reboot, or after a update is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **powermenuNewOptions**  The new options after the power menu changed.
-- **powermenuOldOptions**  The old options before the power menu changed.
-- **rebootPendingMinutes**  If the power menu changed because a reboot is pending due to a update, this indicates how long that reboot has been pending.
-- **wuDeviceid**  The device ID recorded by Windows Update if the power menu changed because a reboot is pending due to an update.
-
-
-### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
-
-This event is generated before the shutdown and commit operations. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### Microsoft.Windows.Update.Orchestrator.RebootFailed
-
-This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **EventPublishedTime**  The time that the reboot failure occurred.
-- **flightID**  Unique update ID.
-- **installRebootDeferreason**  Reason for reboot not occurring.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot was scheduled outside of active hours.
-- **RebootResults**  Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RefreshSettings
-
-This event sends basic data about the version of upgrade settings applied to the system to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  Hex code for the error message, to allow lookup of the specific error.
-- **settingsDownloadTime**  Timestamp of the last attempt to acquire settings.
-- **settingsETag**  Version identifier for the settings.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
-
-This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **RebootTaskRestoredTime**  Time at which this reboot task was restored.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **wuDeviceid**  Device ID for the device on which the reboot is restored.
-
-
-### Microsoft.Windows.Update.Orchestrator.SystemNeeded
-
-This event sends data about why a device is unable to reboot, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  End-to-end update session ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **systemNeededReason**  List of apps or tasks that are preventing the system from restarting.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
-
-This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configuredPoliciescount**  Number of policies on the device.
-- **policiesNamevaluesource**  Policy name and source of policy (group policy, MDM or flight).
-- **policyCacherefreshtime**  Time when policy cache was refreshed.
-- **updateInstalluxsetting**  Indicates whether a user has set policies via a user experience option.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
-
-This event sends data about whether an update required a reboot to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
-
-This event sends information about an update that encountered problems and was not able to complete. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code encountered.
-- **wuDeviceid**  The ID of the device in which the error occurred.
-
-
-### Microsoft.Windows.Update.Orchestrator.USODiagnostics
-
-This event sends data on whether the state of the update attempt, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  result showing success or failure of current update
-- **revisionNumber**  Unique revision number of the Update
-- **updateId**  Unique ID for Update
-- **updateState**  Progress within an update state
-- **wuDeviceid**  Unique ID for Device
-
-
-### Microsoft.Windows.Update.Orchestrator.UsoSession
-
-This event represents the state of the USO service at start and completion. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeSessionid**  A unique session GUID.
-- **eventScenario**  The state of the update action.
-- **interactive**  Is the USO session interactive?
-- **lastErrorcode**  The last error that was encountered.
-- **lastErrorstate**  The state of the update when the last error was encountered.
-- **sessionType**  A GUID that refers to the update session type.
-- **updateScenarioType**  A descriptive update session type.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.Update.UpdateStackServicing.CheckForUpdates
-
-This event sends data about the UpdateStackServicing check for updates, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BspVersion**  The version of the BSP.
-- **CallerApplicationName**  The name of the USS scheduled task. Example UssScheduled or UssBoot
-- **ClientVersion**  The version of the client.
-- **CommercializationOperator**  The name of the operator.
-- **DetectionVersion**  The string returned from the GetDetectionVersion export of the downloaded detection DLL.
-- **DeviceName**  The name of the device.
-- **EventInstanceID**  The USS session ID.
-- **EventScenario**  The scenario of the event. Example: Started, Failed, or Succeeded
-- **OemName**  The name of the manufacturer.
-- **ServiceGuid**  The GUID of the service.
-- **StatusCode**  The HRESULT code of the operation.
-- **WUDeviceID**  The Windows Update device ID.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
-
-This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
-- **DeviceLocalTime**  The date and time (based on the device date/time settings) the reboot mode changed.
-- **EngagedModeLimit**  The number of days to switch between DTE (Direct-to-Engaged) dialogs.
-- **EnterAutoModeLimit**  The maximum number of days a device can enter Auto Reboot mode.
-- **ETag**  The Entity Tag that represents the OneSettings version.
-- **IsForcedEnabled**  Identifies whether Forced Reboot mode is enabled for the device.
-- **IsUltimateForcedEnabled**  Identifies whether Ultimate Forced Reboot mode is enabled for the device.
-- **OldestUpdateLocalTime**  The date and time (based on the device date/time settings) this update’s reboot began pending.
-- **RebootUxState**  Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
-- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
-- **SkipToAutoModeLimit**  The maximum number of days to switch to start while in Auto Reboot mode.
-- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
-- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
-
-This event is sent when a security update has successfully completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **UtcTime**  The Coordinated Universal Time that the restart was no longer needed.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
-
-This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether Active Hours applies on this device.
-- **forcedReboot**  True, if a reboot is forced on the device. Otherwise, this is False
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  True, if a reboot is scheduled outside of active hours. False, otherwise.
-- **rebootScheduledByUser**  True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
-- **rebootState**  Current state of the reboot.
-- **revisionNumber**  Revision number of the OS.
-- **scheduledRebootTime**  Time scheduled for the reboot.
-- **updateId**  Identifies which update is being scheduled.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.ToastDisplayedToScheduleReboot
-
-This event is sent when a toast notification is shown to the user about scheduling a device restart. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **UtcTime**  The Coordinated Universal Time when the toast notification was shown.
-
-
-### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Is the restart respecting Active Hours?
-- **forcedReboot**  True, if a reboot is forced on the device. Otherwise, this is False
-- **rebootArgument**  The arguments that are passed to the OS for the restarted.
-- **rebootOutsideOfActiveHours**  Was the restart scheduled outside of Active Hours?
-- **rebootScheduledByUser**  Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
-- **rebootState**  The state of the restart.
-- **revisionNumber**  The revision number of the OS being updated.
-- **scheduledRebootTime**  Time of the scheduled reboot
-- **updateId**  The Windows Update device GUID.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICOInteractionCampaignComplete
-
-This event is generated whenever a RUXIM user interaction campaign becomes complete. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that became complete.
-- **ResultId**  The final result of the interaction campaign.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ControlId**  String identifying the control (if any) that was selected by the user during presentation.
-- **hrInteractionHandler**  The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
-- **hrScheduler**  The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
-- **InteractionCampaignID**  The ID of the interaction campaign that was processed.
-- **ResultId**  The result of the evaluation/presentation.
-- **WasCompleted**  True if the interaction campaign is complete.
-- **WasPresented**  True if the Interaction Handler displayed the interaction campaign to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMICS.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncExit
-
-This event is sent when RUXIM completes checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **hrInitialize**  Error, if any, that occurred while initializing OneSettings.
-- **hrQuery**  Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncLaunch
-
-This event is sent when RUXIM begins checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
-
-This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **hrLocal**  The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
-- **hrPresentation**  The error (if any) reported by RUXIM Presentation Handler during presentation.
-- **InteractionCampaignID**  GUID; the user interaction campaign processed by RUXIM Interaction Handler.
-- **ResultId**  The result generated by the evaluation and presentation.
-- **WasCompleted**  True if the user interaction campaign is complete.
-- **WasPresented**  True if the user interaction campaign is displayed to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that RUXIMIH processed.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMIH.
-- **InteractionCampaignID**  GUID identifying the user interaction campaign that the Interaction Handler will process.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
-
-This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **HRESULT**  Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
-- **Id**  GUID passed in by the caller to identify the evaluation.
-- **NodeEvaluationData**  Structure showing the results of individual checks that occurred during the overall evaluation.
-- **Result**  The overall result generated by the evaluation.
-
-
-## Windows Update mitigation events
-
-### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
-
-This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The client ID used by Windows Update.
-- **FlightId**  The ID of each Windows Insider build the device received.
-- **InstanceId**  A unique device ID that identifies each update instance.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **MountedImageCount**  The number of mounted images.
-- **MountedImageMatches**  The number of mounted image matches.
-- **MountedImagesFailed**  The number of mounted images that could not be removed.
-- **MountedImagesRemoved**  The number of mounted images that were successfully removed.
-- **MountedImagesSkipped**  The number of mounted images that were not found.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each Windows Update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-### Mitigation360Telemetry.MitigationCustom.FixupEditionId
-
-This event sends data specific to the FixupEditionId mitigation used for OS Updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-## Windows Update Reserve Manager events
-
-### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
-
-This event returns data about the Update Reserve Manager, including whether it’s been initialized. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-## Winlogon events
-
-### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
-
-This event signals the completion of the setup process. It happens only once during the first logon.
-
-
-
-## XBOX events
-
-### Microsoft.Xbox.XamTelemetry.AppActivationError
-
-This event indicates whether the system detected an activation error in the app.
-
-The following fields are available:
-
-- **ActivationUri**  Activation URI (Uniform Resource Identifier) used in the attempt to activate the app.
-- **AppId**  The Xbox LIVE Title ID.
-- **AppUserModelId**  The AUMID (Application User Model ID) of the app to activate.
-- **Result**  The HResult error.
-- **UserId**  The Xbox LIVE User ID (XUID).
-
-
-### Microsoft.Xbox.XamTelemetry.AppActivity
-
-This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
-
-The following fields are available:
-
-- **AppActionId**  The ID of the application action.
-- **AppCurrentVisibilityState**  The ID of the current application visibility state.
-- **AppId**  The Xbox LIVE Title ID of the app.
-- **AppPackageFullName**  The full name of the application package.
-- **AppPreviousVisibilityState**  The ID of the previous application visibility state.
-- **AppSessionId**  The application session ID.
-- **AppType**  The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
-- **BCACode**  The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
-- **DurationMs**  The amount of time (in milliseconds) since the last application state transition.
-- **IsTrialLicense**  This boolean value is TRUE if the application is on a trial license.
-- **LicenseType**  The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
-- **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
-- **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
-- **UserId**  The XUID (Xbox User ID) of the current user.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
deleted file mode 100644
index 9e654c4f7c..0000000000
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ /dev/null
@@ -1,6543 +0,0 @@
----
-description: Learn more about the Windows 10, version 1709 diagnostic data gathered at the basic level.
-title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10)
-ms.service: windows-client
-ms.subservice: itpro-privacy
-localizationpriority: medium
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 03/27/2017
-ms.topic: reference
----
-
-
-# Windows 10, version 1709 basic level Windows diagnostic events and fields
-
- **Applies to**
-
-- Windows 10, version 1709
-
-
-The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
-
-The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-
-Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
-
-You can learn more about Windows functional and diagnostic data through these articles:
-
-- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
-- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
-- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
-
-
-
-## Appraiser events
-
-### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
-
-This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **DatasourceApplicationFile_RS4**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS4**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS4**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
-- **DatasourceSystemBios_19H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionApplicationFile_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionDevicePnp_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionDriverPackage_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_RS4**  The count of the number of this particular object type present on this device.
-- **DecisionSystemBios_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS4**  The total number of objects of this type present on this device.
-- **InventoryApplicationFile**  The total number of objects of this type present on this device.
-- **InventoryLanguagePack**  The total number of objects of this type present on this device.
-- **InventoryMediaCenter**  The total number of objects of this type present on this device.
-- **InventorySystemBios**  The total number of objects of this type present on this device.
-- **InventoryUplevelDriverPackage**  The total number of objects of this type present on this device.
-- **PCFP**  The total number of objects of this type present on this device.
-- **SystemMemory**  The total number of objects of this type present on this device.
-- **SystemProcessorCompareExchange**  The total number of objects of this type present on this device.
-- **SystemProcessorLahfSahf**  The total number of objects of this type present on this device.
-- **SystemProcessorNx**  The total number of objects of this type present on this device.
-- **SystemProcessorPrefetchW**  The total number of objects of this type present on this device.
-- **SystemProcessorSse2**  The total number of objects of this type present on this device.
-- **SystemTouch**  The total number of objects of this type present on this device.
-- **SystemWim**  The total number of objects of this type present on this device.
-- **SystemWindowsActivationStatus**  The total number of objects of this type present on this device.
-- **SystemWlan**  The total number of objects of this type present on this device.
-- **Wmdrm_RS4**  The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
-
-This event represents the basic metadata about specific application files installed on the system. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **AvDisplayName**  If the app is an anti-virus app, this is its display name.
-- **CompatModelIndex**  The compatibility prediction for this file.
-- **HasCitData**  Indicates whether the file is present in CIT data.
-- **HasUpgradeExe**  Indicates whether the anti-virus app has an upgrade.exe file.
-- **IsAv**  Is the file an anti-virus reporting EXE?
-- **ResolveAttempted**  This will always be an empty string when sending diagnostic data.
-- **SdbEntries**  An array of fields that indicates the SDB entries that apply to this file.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
-
-This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
-
-This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
-
-This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **ActiveNetworkConnection**  Indicates whether the device is an active network device.
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **IsBootCritical**  Indicates whether the device boot is critical.
-- **WuDriverCoverage**  Indicates whether there is a driver uplevel for this device, according to Windows Update.
-- **WuDriverUpdateId**  The Windows Update ID of the applicable uplevel driver.
-- **WuPopulatedFromId**  The expected uplevel driver matching ID based on driver coverage from Windows Update.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
-
-This event indicates that the DatasourceDevicePnp object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
-
-This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
-
-This event sends compatibility database data about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
-
-This event indicates that the DatasourceDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
-
-This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
-
-This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
-
-This event indicates that the DataSourceMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
-
-This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events has completed being sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
-
-This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
-
-This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
-
-This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
-
-This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
-
-This event sends compatibility database information about the BIOS to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
-
-This event indicates that the DatasourceSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
-
-This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
-
-This event sends compatibility decision data about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **BlockAlreadyInbox**  The uplevel runtime block on the file already existed on the current OS.
-- **BlockingApplication**  Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
-- **DisplayGenericMessage**  Will be a generic message be shown for this file?
-- **HardBlock**  This file is blocked in the SDB.
-- **HasUxBlockOverride**  Does the file have a block that is overridden by a tag in the SDB?
-- **MigApplication**  Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
-- **MigRemoval**  Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
-- **NeedsDismissAction**  Will the file cause an action that can be dismissed?
-- **NeedsInstallPostUpgradeData**  After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
-- **NeedsNotifyPostUpgradeData**  Does the file have a notification that should be shown after upgrade?
-- **NeedsReinstallPostUpgradeData**  After upgrade, this file will have a post-upgrade notification to reinstall the app.
-- **NeedsUninstallAction**  The file must be uninstalled to complete the upgrade.
-- **SdbBlockUpgrade**  The file is tagged as blocking upgrade in the SDB,
-- **SdbBlockUpgradeCanReinstall**  The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
-- **SdbBlockUpgradeUntilUpdate**  The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
-- **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
-- **SoftBlock**  The file is softblocked in the SDB and has a warning.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-
-This event indicates that the DecisionApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
-
-This event indicates that a new set of DecisionApplicationFileAdd events will be sent. This event is used to make compatibility decisions about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
-
-This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **AssociatedDriverIsBlocked**  Is the driver associated with this PNP device blocked?
-- **AssociatedDriverWillNotMigrate**  Will the driver associated with this plug-and-play device migrate?
-- **BlockAssociatedDriver**  Should the driver associated with this PNP device be blocked?
-- **BlockingDevice**  Is this PNP device blocking upgrade?
-- **BlockUpgradeIfDriverBlocked**  Is the PNP device both boot critical and does not have a driver included with the OS?
-- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork**  Is this PNP device the only active network device?
-- **DisplayGenericMessage**  Will a generic message be shown during Setup for this PNP device?
-- **DriverAvailableInbox**  Is a driver included with the operating system for this PNP device?
-- **DriverAvailableOnline**  Is there a driver for this PNP device on Windows Update?
-- **DriverAvailableUplevel**  Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden**  Is there is a driver block on the device that has been overridden?
-- **NeedsDismissAction**  Will the user would need to dismiss a warning during Setup for this device?
-- **NotRegressed**  Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
-- **SdbDeviceBlockUpgrade**  Is there an SDB block on the PNP device that blocks upgrade?
-- **SdbDriverBlockOverridden**  Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
-
-This event Indicates that the DecisionDevicePnp object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
-
-This event indicates that a new set of DecisionDevicePnpAdd events will be sent. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
-
-This event sends decision data about driver package compatibility to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **DriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-- **DriverIsDeviceBlocked**  Was the driver package was blocked because of a device block?
-- **DriverIsDriverBlocked**  Is the driver package blocked because of a driver block?
-- **DriverShouldNotMigrate**  Should the driver package be migrated during upgrade?
-- **SdbDriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
-
-This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
-
-The DecisionDriverPackageStartSync event indicates that a new set of DecisionDriverPackageAdd events will be sent. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
-
-This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **BlockingApplication**  Are there are any application issues that interfere with upgrade due to matching info blocks?
-- **DisplayGenericMessage**  Will a generic message be shown for this block?
-- **NeedsUninstallAction**  Does the user need to take an action in setup due to a matching info block?
-- **SdbBlockUpgrade**  Is a matching info block blocking upgrade?
-- **SdbBlockUpgradeCanReinstall**  Is a matching info block blocking upgrade, but has the can reinstall tag?
-- **SdbBlockUpgradeUntilUpdate**  Is a matching info block blocking upgrade but has the until update tag?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove
-
-This event indicates that the DecisionMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
-
-This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
-
-This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Are there any application issues that interfere with upgrade due to matching info blocks?
-- **MigApplication**  Is there a matching info block with a mig for the current mode of upgrade?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove
-
-This event Indicates that the DecisionMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
-
-This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **NeedsInstallPostUpgradeData**  Will the file have a notification after upgrade to install a replacement for the app?
-- **NeedsNotifyPostUpgradeData**  Should a notification be shown for this file after upgrade?
-- **NeedsReinstallPostUpgradeData**  Will the file have a notification after upgrade to reinstall the app?
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
-
-This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
-
-This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **BlockingApplication**  Is there any application issues that interfere with upgrade due to Windows Media Center?
-- **MediaCenterActivelyUsed**  If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
-- **MediaCenterIndicators**  Do any indicators imply that Windows Media Center is in active use?
-- **MediaCenterInUse**  Is Windows Media Center actively being used?
-- **MediaCenterPaidOrActivelyUsed**  Is Windows Media Center actively being used or is it running on a supported edition?
-- **NeedsDismissAction**  Are there any actions that can be dismissed coming from Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
-
-This event indicates that the DecisionMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
-
-This event indicates that a new set of DecisionMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
-
-This event sends compatibility decision data about the BIOS to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device blocked from upgrade due to a BIOS block?
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for the bios.
-- **HasBiosBlock**  Does the device have a BIOS block?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
-
-This event indicates that the DecisionSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
-
-This event indicates that a new set of DecisionSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.GatedRegChange
-
-This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
-
-The following fields are available:
-
-- **NewData**  The data in the registry value after the scan completed.
-- **OldData**  The previous data in the registry value before the scan ran.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **RegKey**  The registry key name for which a result is being sent.
-- **RegValue**  The registry value for which a result is being sent.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
-
-This event represents the basic metadata about a file on the system.  The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **AvDisplayName**  If the app is an antivirus app, this is its display name.
-- **AvProductState**  Indicates whether the antivirus program is turned on and the signatures are up to date.
-- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
-- **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
-- **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
-- **BoeProgramId**  If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
-- **CompanyName**  The company name of the vendor who developed this file.
-- **FileId**  A hash that uniquely identifies a file.
-- **FileVersion**  The File version field from the file metadata under Properties -> Details.
-- **HasUpgradeExe**  Indicates whether the antivirus app has an upgrade.exe file.
-- **IsAv**  Indicates whether the file an antivirus reporting EXE.
-- **LinkDate**  The date and time that this file was linked on.
-- **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
-- **Name**  The name of the file that was inventoried.
-- **ProductName**  The Product name field from the file metadata under Properties -> Details.
-- **ProductVersion**  The Product version field from the file metadata under Properties -> Details.
-- **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
-- **Size**  The size of the file (in hexadecimal bytes).
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
-
-This event indicates that the InventoryApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
-
-This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **HasLanguagePack**  Indicates whether this device has 2 or more language packs.
-- **LanguagePackCount**  The number of language packs are installed.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
-
-This event indicates that the InventoryLanguagePack object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
-
-This event indicates that a new set of InventoryLanguagePackAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
-
-This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **EverLaunched**  Has Windows Media Center ever been launched?
-- **HasConfiguredTv**  Has the user configured a TV tuner through Windows Media Center?
-- **HasExtendedUserAccounts**  Are any Windows Media Center Extender user accounts configured?
-- **HasWatchedFolders**  Are any folders configured for Windows  Media Center to watch?
-- **IsDefaultLauncher**  Is Windows Media Center the default app for opening music or video files?
-- **IsPaid**  Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
-- **IsSupported**  Does the running OS support Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
-
-This event indicates that the InventoryMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
-
-This event indicates that a new set of InventoryMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
-
-This event sends basic metadata about the BIOS to determine whether it has a compatibility block. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BiosDate**  The release date of the BIOS in UTC format.
-- **BiosName**  The name field from Win32_BIOS.
-- **Manufacturer**  The manufacturer field from Win32_ComputerSystem.
-- **Model**  The model field from Win32_ComputerSystem.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
-
-This event indicates that the InventorySystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
-
-This event indicates that a new set of InventorySystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
-
-This event runs only during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. It is critical in understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BootCritical**  Is the driver package marked as boot critical?
-- **Build**  The build value from the driver package.
-- **CatalogFile**  The name of the catalog file within the driver package.
-- **Class**  The device class from the driver package.
-- **ClassGuid**  The device class unique ID from the driver package.
-- **Date**  The date from the driver package.
-- **Inbox**  Is the driver package of a driver that is included with Windows?
-- **OriginalName**  The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
-- **Provider**  The provider of the driver package.
-- **PublishedName**  The name of the INF file after it was renamed.
-- **Revision**  The revision of the driver package.
-- **SignatureStatus**  Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
-- **VersionMajor**  The major version of the driver package.
-- **VersionMinor**  The minor version of the driver package.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
-
-This event indicates that the InventoryUplevelDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
-
-This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.RunContext
-
-This event is sent at the beginning of an appraiser run, the RunContext indicates what should be expected in the following data payload. This event is used with the other Appraiser events to make compatibility decisions to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the currently running version of Appraiser was built.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Context**  Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **Subcontext**  Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
-
-This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device from upgrade due to memory restrictions?
-- **MemoryRequirementViolated**  Was a memory requirement violated?
-- **pageFile**  The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
-- **ram**  The amount of memory on the device.
-- **ramKB**  The amount of memory (in KB).
-- **virtual**  The size of the user-mode portion of the virtual address space of the calling process (in bytes).
-- **virtualKB**  The amount of virtual memory (in KB).
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
-
-This event that the SystemMemory object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
-
-This event indicates that a new set of SystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
-
-This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **CompareExchange128Support**  Does the CPU support CompareExchange128?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
-
-This event indicates that the SystemProcessorCompareExchange object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
-
-This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
-
-This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **LahfSahfSupport**  Does the CPU support LAHF/SAHF?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
-
-This event indicates that the SystemProcessorLahfSahf object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
-
-This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
-
-This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **NXDriverResult**  The result of the driver used to do a non-deterministic check for NX support.
-- **NXProcessorSupport**  Does the processor support NX?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
-
-This event indicates that the SystemProcessorNx object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
-
-This event  indicates that a new set of SystemProcessorNxAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
-
-This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **PrefetchWSupport**  Does the processor support PrefetchW?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
-
-This event indicates that the SystemProcessorPrefetchW object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
-
-This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
-
-This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **SSE2ProcessorSupport**  Does the processor support SSE2?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
-
-This event indicates that the SystemProcessorSse2 object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
-
-This event indicates that a new set of SystemProcessorSse2Add events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchAdd
-
-This event sends data indicating whether the system supports touch, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IntegratedTouchDigitizerPresent**  Is there an integrated touch digitizer?
-- **MaximumTouches**  The maximum number of touch points supported by the device hardware.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchRemove
-
-This event indicates that the SystemTouch object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
-
-This event indicates that a new set of SystemTouchAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimAdd
-
-This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IsWimBoot**  Is the current operating system running from a compressed WIM file?
-- **RegistryWimBootValue**  The raw value from the registry that is used to indicate if the device is running from a WIM.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimRemove
-
-This event indicates that the SystemWim object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimStartSync
-
-This event indicates that a new set of SystemWimAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
-
-This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **WindowsIsLicensedApiValue**  The result from the API that's used to indicate if operating system is activated.
-- **WindowsNotActivatedDecision**  Is the current operating system activated?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
-
-This event indicates that the SystemWindowsActivationStatus object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
-
-This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanAdd
-
-This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked because of an emulated WLAN driver?
-- **HasWlanBlock**  Does the emulated WLAN driver have an upgrade block?
-- **WlanEmulatedDriver**  Does the device have an emulated WLAN driver?
-- **WlanExists**  Does the device support WLAN at all?
-- **WlanModulePresent**  Are any WLAN modules present?
-- **WlanNativeDriver**  Does the device have a non-emulated WLAN driver?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanRemove
-
-This event indicates that the SystemWlan object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
-
-This event indicates that a new set of SystemWlanAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
-
-This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the version of Appraiser that is running was built.
-- **AppraiserDataVersion**  The version of the data files being used by the Appraiser telemetry run.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
-- **AuxFinal**  Obsolete, always set to false.
-- **AuxInitial**  Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
-- **DeadlineDate**  A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
-- **EnterpriseRun**  Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
-- **FullSync**  Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
-- **InventoryFullSync**  Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **PerfBackoff**  Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
-- **PerfBackoffInsurance**  Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
-- **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
-- **RunDate**  The date that the diagnostic data run was stated, expressed as a filetime.
-- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
-- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
-- **RunResult**  The hresult of the Appraiser diagnostic data run.
-- **SendingUtc**  Indicates whether the Appraiser client is sending events during the current diagnostic data run.
-- **StoreHandleIsNotNull**  Obsolete, always set to false
-- **TelementrySent**  Indicates whether diagnostic data was successfully sent.
-- **ThrottlingUtc**  Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
-- **Time**  The client time of the event.
-- **VerboseMode**  Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
-- **WhyFullSyncWithoutTablePrefix**  Indicates the reason or reasons that a full sync was generated.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmAdd
-
-This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Same as NeedsDismissAction.
-- **NeedsDismissAction**  Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
-- **WmdrmApiResult**  Raw value of the API used to gather DRM state.
-- **WmdrmCdRipped**  Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
-- **WmdrmIndicators**  WmdrmCdRipped OR WmdrmPurchased.
-- **WmdrmInUse**  WmdrmIndicators AND dismissible block in setup was not dismissed.
-- **WmdrmNonPermanent**  Indicates if the system has any files with non-permanent licenses.
-- **WmdrmPurchased**  Indicates if the system has any files with permanent licenses.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmRemove
-
-This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmStartSync
-
-The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-## Census events
-
-### Census.App
-
-This event sends version data about the Apps running on this device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserEnterpriseErrorCode**  The error code of the last Appraiser enterprise run.
-- **AppraiserErrorCode**  The error code of the last Appraiser run.
-- **AppraiserRunEndTimeStamp**  The end time of the last Appraiser run.
-- **AppraiserRunIsInProgressOrCrashed**  Flag that indicates if the Appraiser run is in progress or has crashed.
-- **AppraiserRunStartTimeStamp**  The start time of the last Appraiser run.
-- **AppraiserTaskEnabled**  Whether the Appraiser task is enabled.
-- **AppraiserTaskExitCode**  The Appraiser task exist code.
-- **AppraiserTaskLastRun**  The last runtime for the Appraiser task.
-- **CensusVersion**  The version of Census that generated the current data for this device.
-- **IEVersion**  The version of Internet Explorer that is running on the device.
-
-
-### Census.Battery
-
-This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalBatteryCapablities**  Represents information about what the battery is capable of doing.
-- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
-- **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
-- **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
-- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
-
-
-### Census.Enterprise
-
-This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
-- **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
-- **CDJType**  Represents the type of cloud domain joined for the machine.
-- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
-- **ContainerType**  The type of container, such as process or virtual machine hosted.
-- **EnrollmentType**  Defines the type of MDM enrollment on the device.
-- **HashedDomain**  The hashed representation of the user domain used for login.
-- **IsCloudDomainJoined**  Is this device joined to an Azure Active Directory (AAD) tenant? true/false
-- **IsDERequirementMet**  Represents if the device can do device encryption.
-- **IsDeviceProtected**  Represents if Device protected by BitLocker/Device Encryption
-- **IsDomainJoined**  Indicates whether a machine is joined to a domain.
-- **IsEDPEnabled**  Represents if Enterprise data protected on the device.
-- **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
-- **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
-- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
-- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
-
-
-### Census.Firmware
-
-This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FirmwareManufacturer**  Represents the manufacturer of the device's firmware (BIOS).
-- **FirmwareReleaseDate**  Represents the date the current firmware was released.
-- **FirmwareType**  Represents the firmware type. The various types can be unknown, BIOS, UEFI.
-- **FirmwareVersion**  Represents the version of the current firmware.
-
-
-### Census.Flighting
-
-This event sends Windows Insider data from customers participating in improvement testing and feedback programs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceSampleRate**  The telemetry sample rate assigned to the device.
-- **EnablePreviewBuilds**  Used to enable Windows Insider builds on a device.
-- **FlightIds**  A list of the different Windows Insider builds on this device.
-- **FlightingBranchName**  The name of the Windows Insider branch currently used by the device.
-- **IsFlightsDisabled**  Represents if the device is participating in the Windows Insider program.
-- **MSA_Accounts**  Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
-- **SSRK**  Retrieves the mobile targeting settings.
-
-
-### Census.Hardware
-
-This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActiveMicCount**  The number of active microphones attached to the device.
-- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
-- **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
-- **D3DMaxFeatureLevel**  Supported Direct3D version.
-- **DeviceColor**  Indicates a color of the device.
-- **DeviceForm**  Indicates the form as per the device classification.
-- **DeviceName**  The device name that is set by the user.
-- **DigitizerSupport**  Is a digitizer supported?
-- **DUID**  The device unique ID.
-- **Gyroscope**  Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
-- **InventoryId**  The device ID used for compatibility testing.
-- **Magnetometer**  Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
-- **NFCProximity**  Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
-- **OEMDigitalMarkerFileName**  The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
-- **OEMManufacturerName**  The device manufacturer name.  The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
-- **OEMModelBaseBoard**  The baseboard model used by the OEM.
-- **OEMModelBaseBoardVersion**  Differentiates between developer and retail devices.
-- **OEMModelName**  The device model name.
-- **OEMModelNumber**  The device model number.
-- **OEMModelSKU**  The device edition that is defined by the manufacturer.
-- **OEMModelSystemFamily**  The system family set on the device by an OEM.
-- **OEMModelSystemVersion**  The system model version set on the device by the OEM.
-- **OEMOptionalIdentifier**  A Microsoft assigned value that represents a specific OEM subsidiary.
-- **OEMSerialNumber**  The serial number of the device that is set by the manufacturer.
-- **PhoneManufacturer**  The friendly name of the phone manufacturer.
-- **PowerPlatformRole**  The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
-- **SoCName**  The firmware manufacturer of the device.
-- **StudyID**  Used to identify retail and non-retail device.
-- **TelemetryLevel**  The telemetry level the user has opted into, such as Basic or Enhanced.
-- **TelemetryLevelLimitEnhanced**  The telemetry level for Windows Analytics-based solutions.
-- **TelemetrySettingAuthority**  Determines who set the telemetry level, such as GP, MDM, or the user.
-- **TPMVersion**  The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
-- **VoiceSupported**  Does the device have a cellular radio capable of making voice calls?
-
-
-### Census.Memory
-
-This event sends data about the memory on the device, including ROM and RAM. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **TotalPhysicalRAM**  Represents the physical memory (in MB).
-- **TotalVisibleMemory**  Represents the memory that is not reserved by the system.
-
-
-### Census.Network
-
-This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors). The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **IMEI0**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **IMEI1**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **MCC0**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MCC1**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MEID**  Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
-- **MNC0**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MNC1**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MobileOperatorBilling**  Represents the telephone company that provides services for mobile phone users.
-- **MobileOperatorCommercialized**  Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
-- **MobileOperatorNetwork0**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **MobileOperatorNetwork1**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **NetworkAdapterGUID**  The GUID of the primary network adapter.
-- **NetworkCost**  Represents the network cost associated with a connection.
-- **SPN0**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-- **SPN1**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-
-
-### Census.OS
-
-This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActivationChannel**  Retrieves the retail license key or Volume license key for a machine.
-- **AssignedAccessStatus**  Kiosk configuration mode.
-- **CompactOS**  Indicates if the Compact OS feature from Win10 is enabled.
-- **DeveloperUnlockStatus**  Represents if a device has been developer unlocked by the user or Group Policy.
-- **DeviceTimeZone**  The time zone that is set on the device. Example: Pacific Standard Time
-- **GenuineState**  Retrieves the ID Value specifying the OS Genuine check.
-- **InstallationType**  Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
-- **InstallLanguage**  The first language installed on the user machine.
-- **IsDeviceRetailDemo**  Retrieves if the device is running in demo mode.
-- **IsEduData**  Returns Boolean if the education data policy is enabled.
-- **IsPortableOperatingSystem**  Retrieves whether OS is running Windows-To-Go
-- **IsSecureBootEnabled**  Retrieves whether Boot chain is signed under UEFI.
-- **LanguagePacks**  The list of language packages installed on the device.
-- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
-- **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
-- **OSEdition**  Retrieves the version of the current OS.
-- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
-- **OSOOBEDateTime**  Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
-- **OSSKU**  Retrieves the Friendly Name of OS Edition.
-- **OSSubscriptionStatus**  Represents the existing status for enterprise subscription feature for PRO machines.
-- **OSSubscriptionTypeId**  Returns boolean for enterprise subscription feature for selected PRO machines.
-- **OSTimeZoneBiasInMins**  Retrieves the time zone set on machine.
-- **OSUILocale**  Retrieves the locale of the UI that is currently used by the OS.
-- **ProductActivationResult**  Returns Boolean if the OS Activation was successful.
-- **ProductActivationTime**  Returns the OS Activation time for tracking piracy issues.
-- **ProductKeyID2**  Retrieves the License key if the machine is updated with a new license key.
-- **RACw7Id**  Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
-- **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
-- **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
-- **ServiceProductKeyID**  Retrieves the License key of the KMS
-- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
-- **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
-- **SLICStatus**  Whether a SLIC table exists on the device.
-- **SLICVersion**  Returns OS type/version from SLIC table.
-
-
-### Census.Processor
-
-This event sends data about the processor. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **KvaShadow**  This is the micro code information of the processor.
-- **MMSettingOverride**  Microcode setting of the processor.
-- **MMSettingOverrideMask**  Microcode setting override of the processor.
-- **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system.
-- **ProcessorClockSpeed**  Clock speed of the processor in MHz.
-- **ProcessorCores**  Number of logical cores in the processor.
-- **ProcessorIdentifier**  Processor Identifier of a manufacturer.
-- **ProcessorManufacturer**  Name of the processor manufacturer.
-- **ProcessorModel**  Name of the processor model.
-- **ProcessorPhysicalCores**  Number of physical cores in the processor.
-- **ProcessorUpdateRevision**  The microcode revision.
-- **ProcessorUpdateStatus**  Enum value that represents the processor microcode load status
-- **SocketCount**  Count of CPU sockets.
-- **SpeculationControl**  Indicates whether the system has enabled protections needed to validate the speculation control vulnerability.
-
-
-### Census.Security
-
-This event provides information about security settings. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AvailableSecurityProperties**  This field helps to enumerate and report state on the relevant security properties for Device Guard.
-- **CGRunning**  Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
-- **DGState**  This field summarizes the Device Guard state.
-- **HVCIRunning**  Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
-- **IsSawGuest**  Indicates whether the device is running as a Secure Admin Workstation Guest.
-- **IsSawHost**  Indicates whether the device is running as a Secure Admin Workstation Host.
-- **RequiredSecurityProperties**  Describes the required security properties to enable virtualization-based security.
-- **SecureBootCapable**  Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
-- **VBSState**  Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation.  VBS has a tri-state that can be Disabled, Enabled, or Running.
-
-
-### Census.Speech
-
-This event is used to gather basic speech settings on the device. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AboveLockEnabled**  Cortana setting that represents if Cortana can be invoked when the device is locked.
-- **GPAllowInputPersonalization**  Indicates if a Group Policy setting has enabled speech functionalities.
-- **HolographicSpeechInputDisabled**  Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
-- **HolographicSpeechInputDisabledRemote**  Indicates if a remote policy has disabled speech functionalities for the HMD devices.
-- **KWSEnabled**  Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
-- **MDMAllowInputPersonalization**  Indicates if an MDM policy has enabled speech functionalities.
-- **RemotelyManaged**  Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
-- **SpeakerIdEnabled**  Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
-- **SpeechServicesEnabled**  Windows setting that represents whether a user is opted-in for speech services on the device.
-
-
-### Census.Storage
-
-This event sends data about the total capacity of the system volume and primary disk. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PrimaryDiskTotalCapacity**  Retrieves the amount of disk space on the primary disk of the device in MB.
-- **PrimaryDiskType**  Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
-- **SystemVolumeTotalCapacity**  Retrieves the size of the partition that the System volume is installed on in MB.
-
-
-### Census.Userdefault
-
-This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultApp**  The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
-- **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
-
-
-### Census.UserDisplay
-
-This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalPrimaryDisplayLogicalDPIX**  Retrieves the logical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayLogicalDPIY**  Retrieves the logical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIX**  Retrieves the physical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIY**  Retrieves the physical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayResolutionHorizontal**  Retrieves the number of pixels in the horizontal direction of the internal display.
-- **InternalPrimaryDisplayResolutionVertical**  Retrieves the number of pixels in the vertical direction of the internal display.
-- **InternalPrimaryDisplaySizePhysicalH**  Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
-- **InternalPrimaryDisplaySizePhysicalY**  Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
-- **NumberofExternalDisplays**  Retrieves the number of external displays connected to the machine
-- **NumberofInternalDisplays**  Retrieves the number of internal displays in a machine.
-- **VRAMDedicated**  Retrieves the video RAM in MB.
-- **VRAMDedicatedSystem**  Retrieves the amount of memory on the dedicated video card.
-- **VRAMSharedSystem**  Retrieves the amount of RAM memory that the video card can use.
-
-
-### Census.UserNLS
-
-This event sends data about the default app language, input, and display language preferences set by the user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultAppLanguage**  The current user Default App Language.
-- **DisplayLanguage**  The current user preferred Windows Display Language.
-- **HomeLocation**  The current user location, which is populated using GetUserGeoId() function.
-- **KeyboardInputLanguages**  The Keyboard input languages installed on the device.
-- **SpeechInputLanguages**  The Speech Input languages installed on the device.
-
-
-### Census.VM
-
-This event sends data indicating whether virtualization is enabled on the device, and its various characteristics. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CloudService**  Indicates which cloud service, if any, that this virtual machine is running within.
-- **HyperVisor**  Retrieves whether the current OS is running on top of a Hypervisor.
-- **IOMMUPresent**  Represents if an input/output memory management unit (IOMMU) is present.
-- **IsVDI**  Is the device using Virtual Desktop Infrastructure?
-- **IsVirtualDevice**  Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
-- **SLATSupported**  Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
-- **VirtualizationFirmwareEnabled**  Represents whether virtualization is enabled in the firmware.
-
-
-### Census.WU
-
-This event sends data about the Windows update server and other App store policies. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserGatedStatus**  Indicates whether a device has been gated for upgrading.
-- **AppStoreAutoUpdate**  Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
-- **AppStoreAutoUpdateMDM**  Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
-- **AppStoreAutoUpdatePolicy**  Retrieves the Microsoft Store App Auto Update group policy setting
-- **DelayUpgrade**  Retrieves the Windows upgrade flag for delaying upgrades.
-- **OSAssessmentFeatureOutOfDate**  How many days has it been since a the last feature update was released but the device did not install it?
-- **OSAssessmentForFeatureUpdate**  Is the device is on the latest feature update?
-- **OSAssessmentForQualityUpdate**  Is the device on the latest quality update?
-- **OSAssessmentForSecurityUpdate**  Is the device  on the latest security update?
-- **OSAssessmentQualityOutOfDate**  How many days has it been since a the last quality update was released but the device did not install it?
-- **OSAssessmentReleaseInfoTime**  The freshness of release information used to perform an assessment.
-- **OSRollbackCount**  The number of times feature updates have rolled back on the device.
-- **OSRolledBack**  A flag that represents when a feature update has rolled back during setup.
-- **OSUninstalled**  A flag that represents when a feature update is uninstalled on a device .
-- **OSWUAutoUpdateOptions**  Retrieves the auto update settings on the device.
-- **UninstallActive**  A flag that represents when a device has uninstalled a previous upgrade recently.
-- **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
-- **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
-- **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
-- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
-- **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
-- **WUPauseState**  Retrieves Windows Update setting to determine if updates are paused.
-- **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
-
-
-### Census.Xbox
-
-This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date.
-
-The following fields are available:
-
-- **XboxConsolePreferredLanguage**  Retrieves the preferred language selected by the user on Xbox console.
-- **XboxConsoleSerialNumber**  Retrieves the serial number of the Xbox console.
-- **XboxLiveDeviceId**  Retrieves the unique device ID of the console.
-- **XboxLiveSandboxId**  Retrieves the developer sandbox ID if the device is internal to Microsoft.
-
-
-## Common data extensions
-
-### Common Data Extensions.app
-
-Describes the properties of the running application. This extension could be populated by a client app or a web app.
-
-The following fields are available:
-
-- **asId**  An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
-- **env**  The environment from which the event was logged.
-- **expId**  Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
-- **id**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
-- **userId**  The userID as known by the application.
-- **ver**  Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
-
-
-### Common Data Extensions.container
-
-Describes the properties of the container for events logged within a container.
-
-The following fields are available:
-
-- **localId**  The device ID as known by the client.
-- **osVer**  The operating system version.
-- **type**  The container type. Examples: Process or VMHost
-
-
-### Common Data Extensions.cs
-
-Describes properties related to the schema of the event.
-
-The following fields are available:
-
-- **sig**  A common schema signature that identifies new and modified event schemas.
-
-
-### Common Data Extensions.device
-
-Describes the device-related fields.
-
-The following fields are available:
-
-- **deviceClass**  Represents the classification of the device, the device “family”.  For example, Desktop, Server, or Mobile.
-- **localId**  Represents a locally defined unique ID for the device, not the human readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
-
-
-### Common Data Extensions.Envelope
-
-Represents an envelope that contains all of the common data extensions.
-
-The following fields are available:
-
-- **appId**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
-- **appVer**  Represents the version number of the application. Used to understand errors by version and usage by version across an app.
-- **cV**  Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
-- **data**  Represents the optional unique diagnostic data for a particular event schema.
-- **epoch**  ID used to help distinguish events in the sequence by indicating the current boot session.
-- **ext_app**  Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
-- **ext_container**  Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
-- **ext_cs**  Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
-- **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
-- **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
-- **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
-- **ext_xbl**  Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
-- **flags**  Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
-- **iKey**  Represents an ID for applications or other logical groupings of events.
-- **name**  Represents the uniquely qualified name for the event.
-- **os**  The operating system name.
-- **osVer**  The operating system version.
-- **popSample**  Represents the effective sample rate for this event at the time it was generated by a client.
-- **seqNum**  Used to track the absolute order of uploaded events.
-- **tags**  A header for semi-managed extensions.
-- **time**  Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
-- **ver**  Represents the major and minor version of the extension.
-
-
-### Common Data Extensions.os
-
-Describes some properties of the operating system.
-
-The following fields are available:
-
-- **bootId**  An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
-- **expId**  Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
-- **locale**  Represents the locale of the operating system.
-
-
-### Common Data Extensions.user
-
-Describes the fields related to a user.
-
-The following fields are available:
-
-- **authId**  This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
-- **localId**  Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
-
-
-### Common Data Extensions.utc
-
-Describes the properties that could be populated by a logging library on Windows.
-
-The following fields are available:
-
-- **aId**  Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
-- **bSeq**  Upload buffer sequence number in the format: buffer identifier:sequence number
-- **cat**  Represents a bitmask of the ETW Keywords associated with the event.
-- **cpId**  The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
-- **flags**  Represents the bitmap that captures various Windows specific flags.
-- **mon**  Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
-- **op**  Represents the ETW Op Code.
-- **raId**  Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
-- **sqmId**  The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
-- **stId**  Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
-- **tickets**  An array of strings that refer back to a key in the X-Tickets http header that the client uploaded along with a batch of events.
-
-
-### Common Data Extensions.xbl
-
-Describes the fields that are related to XBOX Live.
-
-The following fields are available:
-
-- **claims**  Any additional claims whose short claim name hasn't been added to this structure.
-- **did**  XBOX device ID
-- **dty**  XBOX device type
-- **dvr**  The version of the operating system on the device.
-- **eid**  A unique ID that represents the developer entity.
-- **exp**  Expiration time
-- **ip**  The IP address of the client device.
-- **nbf**  Not before time
-- **pid**  A comma separated list of PUIDs listed as base10 numbers.
-- **sbx**  XBOX sandbox identifier
-- **sid**  The service instance ID.
-- **sty**  The service type.
-- **tid**  The XBOX Live title ID.
-- **tvr**  The XBOX Live title version.
-- **uts**  A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
-- **xid**  A list of base10-encoded XBOX User IDs.
-
-
-## Common data fields
-
-### Ms.Device.DeviceInventoryChange
-
-Describes the installation state for all hardware and software components available on a particular device.
-
-The following fields are available:
-
-- **action**  The change that was invoked on a device inventory object.
-- **inventoryId**  Device ID used for Compatibility testing
-- **objectInstanceId**  Object identity which is unique within the device scope.
-- **objectType**  Indicates the object type that the event applies to.
-- **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
-
-
-## Component-based Servicing events
-
-### CbsServicingProvider.CbsCapabilityEnumeration
-
-This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date.
-
-The following fields are available:
-
-- **architecture**  Indicates the scan was limited to the specified architecture.
-- **capabilityCount**  The number of optional content packages found during the scan.
-- **clientId**  The name of the application requesting the optional content.
-- **duration**  The amount of time it took to complete the scan.
-- **hrStatus**  The HReturn code of the scan.
-- **language**  Indicates the scan was limited to the specified language.
-- **majorVersion**  Indicates the scan was limited to the specified major version.
-- **minorVersion**  Indicates the scan was limited to the specified minor version.
-- **namespace**  Indicates the scan was limited to packages in the specified namespace.
-- **sourceFilter**  A bitmask indicating the scan checked for locally available optional content.
-- **stackBuild**  The build number of the servicing stack.
-- **stackMajorVersion**  The major version number of the servicing stack.
-- **stackMinorVersion**  The minor version number of the servicing stack.
-- **stackRevision**  The revision number of the servicing stack.
-
-
-### CbsServicingProvider.CbsCapabilitySessionFinalize
-
-This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **capabilities**  The names of the optional content packages that were installed.
-- **clientId**  The name of the application requesting the optional content.
-- **highestState**  The highest final install state of the optional content.
-- **hrStatus**  The HReturn code of the install operation.
-- **rebootCount**  The number of reboots required to complete the install.
-- **stackBuild**  The build number of the servicing stack.
-- **stackMajorVersion**  The major version number of the servicing stack.
-- **stackMinorVersion**  The minor version number of the servicing stack.
-- **stackRevision**  The revision number of the servicing stack.
-
-
-### CbsServicingProvider.CbsCapabilitySessionPended
-
-This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
-
-The following fields are available:
-
-- **clientId**  The name of the application requesting the optional content.
-- **pendingDecision**  Indicates the cause of reboot, if applicable.
-
-
-### CbsServicingProvider.CbsQualityUpdateInstall
-
-This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
-
-
-
-### CbsServicingProvider.CbsSelectableUpdateChangeV2
-
-This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
-
-The following fields are available:
-
-- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
-- **buildVersion**  The build version of the package being installed.
-- **clientId**  The name of the application requesting the optional content change.
-- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
-- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
-- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
-- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
-- **hrDownloadResult**  The return code of the download operation.
-- **hrStatusUpdate**  The return code of the servicing operation.
-- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
-- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
-- **majorVersion**  The major version of the package being installed.
-- **minorVersion**  The minor version of the package being installed.
-- **packageArchitecture**  The architecture of the package being installed.
-- **packageLanguage**  The language of the package being installed.
-- **packageName**  The name of the package being installed.
-- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
-- **revisionVersion**  The revision number of the package being installed.
-- **stackBuild**  The build number of the servicing stack binary performing the installation.
-- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
-- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
-- **stackRevision**  The revision number of the servicing stack binary performing the installation.
-- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
-- **updateStartState**  A value indicating the state of the optional content before the operation started.
-- **updateTargetState**  A value indicating the desired state of the optional content.
-
-
-## Diagnostic data events
-
-### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
-
-This event is fired by UTC at state transitions to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-
-
-### TelClientSynthetic.AuthorizationInfo_Startup
-
-This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
-- **CanCollectAnyTelemetry**  True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
-- **CanCollectCoreTelemetry**  True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
-- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
-- **CanCollectOsTelemetry**  True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
-- **CanPerformDiagnosticEscalations**  True if UTC is allowed to perform all scenario escalations.
-- **CanPerformTraceEscalations**  True if UTC is allowed to perform scenario escalations with tracing actions.
-- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
-- **PreviousPermissions**  Bitmask representing the previously configured permissions since the telemetry client was last started.
-- **TransitionFromEverythingOff**  True if this transition is moving from not allowing core telemetry to allowing core telemetry.
-
-
-### TelClientSynthetic.ConnectivityHeartBeat_0
-
-This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network. This event is fired by UTC during periods of no network as a heartbeat signal, to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CensusExitCode**  Last exit code of Census task
-- **CensusStartTime**  Returns timestamp corresponding to last successful census run.
-- **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
-- **LastConnectivityLossTime**  The FILETIME at which the last free network loss occurred.
-- **NetworkState**  Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
-- **NoNetworkTime**  Retrieves the time spent with no network (since the last time) in seconds.
-- **RestrictedNetworkTime**  The total number of seconds with restricted network during this heartbeat period.
-
-
-### TelClientSynthetic.HeartBeat_5
-
-This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
-
-
-
-### TelClientSynthetic.HeartBeat_Aria_5
-
-This event is the telemetry client ARIA heartbeat.
-
-The following fields are available:
-
-- **CompressedBytesUploaded**  Number of compressed bytes uploaded
-- **CriticalDataDbDroppedCount**  Number of critical data sampled events dropped at the database layer.
-- **CriticalOverflowEntersCounter**  Number of times critical overflow mode was entered in event database.
-- **DbCriticalDroppedCount**  Total number of dropped critical events in event database.
-- **DbDroppedCount**  Number of events dropped at the database layer.
-- **EnteringCriticalOverflowDroppedCounter**  Number of events dropped due to critical overflow mode being initiated.
-- **EventSubStoreResetCounter**  Number of times event database was reset.
-- **EventSubStoreResetSizeSum**  Total size of event database across all resets reports in this instance.
-- **EventsUploaded**  Number of events uploaded.
-- **InvalidHttpCodeCounter**  Number of invalid HTTP codes received from contacting Vortex.
-- **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
-- **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
-- **SettingsHttpFailures**  Number of failures from contacting OneSettings service.
-- **UploaderDroppedCount**  Number of events dropped at the uploader layer of telemetry client.
-- **VortexFailuresTimeout**  Number of time out failures received from Vortex.
-- **VortexHttpAttempts**  Number of attempts to contact Vortex.
-- **VortexHttpFailures4xx**  Number of 400-499 error codes received from Vortex.
-- **VortexHttpFailures5xx**  Number of 500-599 error codes received from Vortex.
-- **VortexHttpResponseFailures**  Number of Vortex responses that are not 2XX or 400.
-- **VortexHttpResponsesWithDroppedEvents**  Number of Vortex responses containing at least 1 dropped event.
-
-
-### TelClientSynthetic.TailoredExperiencesWithDiagnosticDataUpdate
-
-This event is triggered when UTC determines it needs to send information about personalization settings of the user.
-
-
-
-## DxgKernelTelemetry events
-
-### DxgKrnlTelemetry.BddDiag
-
-This event records Microsoft basic display driver diagnostic information. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BiosFlags**  Bitwise flags that contain graphics related firmware information on the device such as the system was booted with display or not, system was using VBIOS or UEFI GOP, and VBIOS has a valid display mode list or not.
-- **CurrentMode**  Information about the current display mode such as the resolution, rotation, and scaling.
-- **DefaultModeReason**  Numeric value indicating the reason that the Microsoft Basic Display Driver is in use.
-- **DefaultModeResolution**  Default resolution that Microsoft Basic Display Driver detected.
-- **DefaultResolutionProvider**  Numeric value indicating the source of the default resolution.
-- **Flags**  Bitwise flags containing Microsoft Basic Display Driver related information such as if it is running because there is no graphics driver or user PnP stopped the graphics driver, it has valid EDID or not on the connected monitor and where the EDID was from, it is running at gray scale mode or not, it is running without display or not.
-- **HeadlessReason**  Numeric value indicating why there is no display.
-- **LogAssertionCount**  Number of assertions that were encountered before this event was recorded.
-- **LogErrorCount**  Number of errors that were encountered before this event was recorded.
-- **MonitorPowerState**  Current power state of the monitor.
-- **Version**  Version of the schema for this event.
-
-
-### DxgKrnlTelemetry.GPUAdapterInventoryV2
-
-This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
-
-The following fields are available:
-
-- **AdapterTypeValue**  The numeric value indicating the type of Graphics adapter.
-- **aiSeqId**  The event sequence ID.
-- **bootId**  The system boot ID.
-- **ComputePreemptionLevel**  The maximum preemption level supported by GPU for compute payload.
-- **DedicatedSystemMemoryB**  The amount of system memory dedicated for GPU use (in bytes).
-- **DedicatedVideoMemoryB**  The amount of dedicated VRAM of the GPU (in bytes).
-- **DisplayAdapterLuid**  The display adapter LUID.
-- **DriverDate**  The date of the display driver.
-- **DriverRank**  The rank of the display driver.
-- **DriverVersion**  The display driver version.
-- **GPUDeviceID**  The GPU device ID.
-- **GPUPreemptionLevel**  The maximum preemption level supported by GPU for graphics payload.
-- **GPURevisionID**  The GPU revision ID.
-- **GPUVendorID**  The GPU vendor ID.
-- **InterfaceId**  The GPU interface ID.
-- **IsDisplayDevice**  Does the GPU have displaying capabilities?
-- **IsHybridDiscrete**  Does the GPU have discrete GPU capabilities in a hybrid device?
-- **IsHybridIntegrated**  Does the GPU have integrated GPU capabilities in a hybrid device?
-- **IsLDA**  Is the GPU comprised of Linked Display Adapters?
-- **IsMiracastSupported**  Does the GPU support Miracast?
-- **IsMismatchLDA**  Is at least one device in the Linked Display Adapters chain from a different vendor?
-- **IsMPOSupported**  Does the GPU support Multi-Plane Overlays?
-- **IsMsMiracastSupported**  Are the GPU Miracast capabilities driven by a Microsoft solution?
-- **IsPostAdapter**  Is this GPU the POST GPU in the device?
-- **IsRemovable**  TRUE if the adapter supports being disabled or removed.
-- **IsRenderDevice**  Does the GPU have rendering capabilities?
-- **IsSoftwareDevice**  Is this a software implementation of the GPU?
-- **MeasureEnabled**  Is the device listening to MICROSOFT_KEYWORD_MEASURES?
-- **NumVidPnSources**  The number of supported display output sources.
-- **NumVidPnTargets**  The number of supported display output targets.
-- **SharedSystemMemoryB**  The amount of system memory shared by GPU and CPU (in bytes).
-- **SubSystemID**  The subsystem ID.
-- **SubVendorID**  The GPU sub vendor ID.
-- **TelemetryEnabled**  Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
-- **TelInvEvntTrigger**  What triggered this event to be logged?  Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
-- **version**  The event version.
-- **WDDMVersion**  The Windows Display Driver Model version.
-
-
-## Failover Clustering events
-
-### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
-
-This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
-
-The following fields are available:
-
-- **autoAssignSite**  The cluster parameter: auto site.
-- **autoBalancerLevel**  The cluster parameter: auto balancer level.
-- **autoBalancerMode**  The cluster parameter: auto balancer mode.
-- **blockCacheSize**  The configured size of the block cache.
-- **ClusterAdConfiguration**  The ad configuration of the cluster.
-- **clusterAdType**  The cluster parameter: mgmt_point_type.
-- **clusterDumpPolicy**  The cluster configured dump policy.
-- **clusterFunctionalLevel**  The current cluster functional level.
-- **clusterGuid**  The unique identifier for the cluster.
-- **clusterWitnessType**  The witness type the cluster is configured for.
-- **countNodesInSite**  The number of nodes in the cluster.
-- **crossSiteDelay**  The cluster parameter: CrossSiteDelay.
-- **crossSiteThreshold**  The cluster parameter: CrossSiteThreshold.
-- **crossSubnetDelay**  The cluster parameter: CrossSubnetDelay.
-- **crossSubnetThreshold**  The cluster parameter: CrossSubnetThreshold.
-- **csvCompatibleFilters**  The cluster parameter: ClusterCsvCompatibleFilters.
-- **csvIncompatibleFilters**  The cluster parameter: ClusterCsvIncompatibleFilters.
-- **csvResourceCount**  The number of resources in the cluster.
-- **currentNodeSite**  The name configured for the current site for the cluster.
-- **dasModeBusType**  The direct storage bus type of the storage spaces.
-- **downLevelNodeCount**  The number of nodes in the cluster that are running down-level.
-- **drainOnShutdown**  Specifies whether a node should be drained when it is shut down.
-- **dynamicQuorumEnabled**  Specifies whether dynamic Quorum has been enabled.
-- **enforcedAntiAffinity**  The cluster parameter: enforced anti affinity.
-- **genAppNames**  The win32 service name of a clustered service.
-- **genSvcNames**  The command line of a clustered genapp.
-- **hangRecoveryAction**  The cluster parameter: hang recovery action.
-- **hangTimeOut**  Specifies the “hang time out” parameter for the cluster.
-- **isCalabria**  Specifies whether storage spaces direct is enabled.
-- **isMixedMode**  Identifies if the cluster is running with different version of OS for nodes.
-- **isRunningDownLevel**  Identifies if the current node is running down-level.
-- **logLevel**  Specifies the granularity that is logged in the cluster log.
-- **logSize**  Specifies the size of the cluster log.
-- **lowerQuorumPriorityNodeId**  The cluster parameter: lower quorum priority node ID.
-- **minNeverPreempt**  The cluster parameter: minimum never preempt.
-- **minPreemptor**  The cluster parameter: minimum preemptor priority.
-- **netftIpsecEnabled**  The parameter: netftIpsecEnabled.
-- **NodeCount**  The number of nodes in the cluster.
-- **nodeId**  The current node number in the cluster.
-- **nodeResourceCounts**  Specifies the number of node resources.
-- **nodeResourceOnlineCounts**  Specifies the number of node resources that are online.
-- **numberOfSites**  The number of different sites.
-- **numNodesInNoSite**  The number of nodes not belonging to a site.
-- **plumbAllCrossSubnetRoutes**  The cluster parameter: plumb all cross subnet routes.
-- **preferredSite**  The preferred site location.
-- **privateCloudWitness**  Specifies whether a private cloud witness exists for this cluster.
-- **quarantineDuration**  The quarantine duration.
-- **quarantineThreshold**  The quarantine threshold.
-- **quorumArbitrationTimeout**  In the event of an arbitration event, this specifies the quorum timeout period.
-- **resiliencyLevel**  Specifies the level of resiliency.
-- **resourceCounts**  Specifies the number of resources.
-- **resourceTypeCounts**  Specifies the number of resource types in the cluster.
-- **resourceTypes**  Data representative of each resource type.
-- **resourceTypesPath**  Data representative of the DLL path for each resource type.
-- **sameSubnetDelay**  The cluster parameter: same subnet delay.
-- **sameSubnetThreshold**  The cluster parameter: same subnet threshold.
-- **secondsInMixedMode**  The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
-- **securityLevel**  The cluster parameter: security level.
-- **securityLevelForStorage**  The cluster parameter: security level for storage.
-- **sharedVolumeBlockCacheSize**  Specifies the block cache size for shared for shared volumes.
-- **shutdownTimeoutMinutes**  Specifies the amount of time it takes to time out when shutting down.
-- **upNodeCount**  Specifies the number of nodes that are up (online).
-- **useClientAccessNetworksForCsv**  The cluster parameter: use client access networks for CSV.
-- **vmIsolationTime**  The cluster parameter: VM isolation time.
-- **witnessDatabaseWriteTimeout**  Specifies the timeout period for writing to the quorum witness database.
-
-
-## Fault Reporting events
-
-### Microsoft.Windows.FaultReporting.AppCrashEvent
-
-This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has crashed.
-- **AppSessionGuid**  GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
-- **AppTimeStamp**  The date/time stamp of the app.
-- **AppVersion**  The version of the app that has crashed.
-- **ExceptionCode**  The exception code returned by the process that has crashed.
-- **ExceptionOffset**  The address where the exception had occurred.
-- **Flags**  Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
-- **ModName**  Exception module name (e.g. bar.dll).
-- **ModTimeStamp**  The date/time stamp of the module.
-- **ModVersion**  The version of the module that has crashed.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has crashed.
-- **ProcessId**  The ID of the process that has crashed.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported
-- **TargetAsId**  The sequence number for the hanging process.
-
-
-## Feature update events
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
-
-This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **failureReason**  Provides data about the uninstall initialization operation failure.
-- **hr**  Provides the Win32 error code for the operation failure.
-
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered
-
-This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **name**  Name of the event
-
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked
-
-This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems.
-
-
-
-## Hang Reporting events
-
-### Microsoft.Windows.HangReporting.AppHangEvent
-
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has hung.
-- **AppSessionGuid**  GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
-- **AppVersion**  The version of the app that has hung.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has hung.
-- **ProcessId**  The ID of the process that has hung.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported.
-- **TargetAsId**  The sequence number for the hanging process.
-- **TypeCode**  Bitmap describing the hang type.
-- **WaitingOnAppName**  If this is a cross process hang waiting for an application, this has the name of the application.
-- **WaitingOnAppVersion**  If this is a cross process hang, this has the version of the application for which it is waiting.
-- **WaitingOnPackageFullName**  If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
-- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application id of the package.
-
-
-## Inventory events
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
-
-This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Device**  A count of device objects in cache.
-- **DeviceCensus**  A count of devicecensus objects in cache.
-- **DriverPackageExtended**  A count of driverpackageextended objects in cache.
-- **File**  A count of file objects in cache.
-- **FileSigningInfo**  A count of file signing objects in cache.
-- **Generic**  A count of generic objects in cache.
-- **HwItem**  A count of hwitem objects in cache.
-- **InventoryApplication**  A count of application objects in cache.
-- **InventoryApplicationFile**  A count of application file objects in cache.
-- **InventoryDeviceContainer**  A count of device container objects in cache.
-- **InventoryDeviceInterface**  A count of Plug and Play device interface objects in cache.
-- **InventoryDeviceMediaClass**  A count of device media objects in cache.
-- **InventoryDevicePnp**  A count of device Plug and Play objects in cache.
-- **InventoryDeviceUsbHubClass**  A count of device usb objects in cache
-- **InventoryDriverBinary**  A count of driver binary objects in cache.
-- **InventoryDriverPackage**  A count of device objects in cache.
-- **Metadata**  A count of metadata objects in cache.
-- **Orphan**  A count of orphan file objects in cache.
-- **Programs**  A count of program objects in cache.
-
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
-
-This event sends inventory component versions for the Device Inventory data. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **aeinv**  The version of the App inventory component.
-- **devinv**  The file version of the Device inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
-
-This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **HiddenArp**  Indicates whether a program hides itself from showing up in ARP.
-- **InstallDate**  The date the application was installed (a best guess based on folder creation date heuristics).
-- **InstallDateArpLastModified**  The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015  00:00:00
-- **InstallDateFromLinkFile**  The estimated date of install based on the links to the files.  Passed as an array.
-- **InstallDateMsi**  The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Language**  The language code of the program.
-- **MsiPackageCode**  A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
-- **MsiProductCode**  A GUID that describe the MSI Product.
-- **Name**  The name of the application.
-- **OSVersionAtInstallTime**  The four octets from the OS version at the time of the application's install.
-- **PackageFullName**  The package full name for a Store application.
-- **ProgramInstanceId**  A hash of the file IDs in an app.
-- **Publisher**  The Publisher of the application. Location pulled from depends on the 'Source' field.
-- **RootDirPath**  The path to the root directory where the program was installed.
-- **Source**  How the program was installed (for example, ARP, MSI, Appx).
-- **StoreAppType**  A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
-- **Type**  One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
-- **Version**  The version number of the program.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
-
-This event represents what drivers an application installs. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory component.
-- **ProgramIds**  The unique program identifier the driver is associated with.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
-
-The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
-
-This event provides the basic metadata about the frameworks an application may depend on. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **FileId**  A hash that uniquely identifies a file.
-- **Frameworks**  The list of frameworks this file depends on.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
-
-This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
-
-This event indicates that a new set of InventoryApplicationAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
-
-This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device). The data collected with this event is used to help keep Windows up to date and to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Categories**  A comma separated list of functional categories in which the container belongs.
-- **DiscoveryMethod**  The discovery method for the device container.
-- **FriendlyName**  The name of the device container.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **IsActive**  Is the device connected, or has it been seen in the last 14 days?
-- **IsConnected**  For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
-- **IsMachineContainer**  Is the container the root device itself?
-- **IsNetworked**  Is this a networked device?
-- **IsPaired**  Does the device container require pairing?
-- **Manufacturer**  The manufacturer name for the device container.
-- **ModelId**  A unique model ID.
-- **ModelName**  The model name.
-- **ModelNumber**  The model number for the device container.
-- **PrimaryCategory**  The primary category for the device container.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
-
-This event indicates that the InventoryDeviceContainer object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
-
-This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
-
-This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Accelerometer3D**  Indicates if an Accelerator3D sensor is found.
-- **ActivityDetection**  Indicates if an Activity Detection sensor is found.
-- **AmbientLight**  Indicates if an Ambient Light sensor is found.
-- **Barometer**  Indicates if a Barometer sensor is found.
-- **Custom**  Indicates if a Custom sensor is found.
-- **EnergyMeter**  Indicates if an Energy sensor is found.
-- **FloorElevation**  Indicates if a Floor Elevation sensor is found.
-- **GeomagneticOrientation**  Indicates if a Geo Magnetic Orientation sensor is found.
-- **GravityVector**  Indicates if a Gravity Detector sensor is found.
-- **Gyrometer3D**  Indicates if a Gyrometer3D sensor is found.
-- **Humidity**  Indicates if a Humidity sensor is found.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **LinearAccelerometer**  Indicates if a Linear Accelerometer sensor is found.
-- **Magnetometer3D**  Indicates if a Magnetometer3D sensor is found.
-- **Orientation**  Indicates if an Orientation sensor is found.
-- **Pedometer**  Indicates if a Pedometer sensor is found.
-- **Proximity**  Indicates if a Proximity sensor is found.
-- **RelativeOrientation**  Indicates if a Relative Orientation sensor is found.
-- **SimpleDeviceOrientation**  Indicates if a Simple Device Orientation sensor is found.
-- **Temperature**  Indicates if a Temperature sensor is found.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
-
-This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
-
-This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Audio_CaptureDriver**  The Audio device capture driver endpoint.
-- **Audio_RenderDriver**  The Audio device render driver endpoint.
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
-
-This event indicates that the InventoryDeviceMediaClass object represented by the objectInstanceId is no longer present. This event is used to understand a PNP device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
-
-This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
-
-This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **BusReportedDescription**  The description of the device reported by the bus.
-- **Class**  The device setup class of the driver loaded for the device.
-- **ClassGuid**  The device class unique identifier of the driver package loaded on the device.
-- **COMPID**  The list of “Compatible IDs” for this device.
-- **ContainerId**  The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to.
-- **Description**  The description of the device.
-- **DeviceState**  Identifies the current state of the parent (main) device.
-- **DriverId**  The unique identifier for the installed driver.
-- **DriverName**  The file name of the installed driver image.
-- **DriverPackageStrongName**  The immediate parent directory name in the Directory field of InventoryDriverPackage.
-- **DriverVerDate**  The date associated with the driver installed on the device.
-- **DriverVerVersion**  The version number of the driver installed on the device.
-- **Enumerator**  Identifies the bus that enumerated the device.
-- **HWID**  A list of hardware IDs for the device.
-- **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
-- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
-- **InventoryVersion**  The version number of the inventory process generating the events.
-- **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
-- **LowerFilters**  The identifiers of the Lower filters installed for the device.
-- **Manufacturer**  The manufacturer of the device.
-- **MatchingID**  The Hardware ID or Compatible ID that Windows uses to install a device instance.
-- **Model**  Identifies the model of the device.
-- **ParentId**  The Device Instance ID of the parent of the device.
-- **ProblemCode**  The error code currently returned by the device, if applicable.
-- **Provider**  Identifies the device provider.
-- **Service**  The name of the device service.
-- **STACKID**  The list of hardware IDs for the stack.
-- **UpperClassFilters**  The identifiers of the Upper Class filters installed for the device.
-- **UpperFilters**  The identifiers of the Upper filters installed for the device.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
-
-This event indicates that the InventoryDevicePnpRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
-
-This event sends basic metadata about the USB hubs on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **TotalUserConnectablePorts**  Total number of connectable USB ports.
-- **TotalUserConnectableTypeCPorts**  Total number of connectable USB Type C ports.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
-
-This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
-
-This event sends basic metadata about driver binaries running on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **DriverCheckSum**  The checksum of the driver file.
-- **DriverCompany**  The company name that developed the driver.
-- **DriverInBox**  Is the driver included with the operating system?
-- **DriverIsKernelMode**  Is it a kernel mode driver?
-- **DriverName**  The file name of the driver.
-- **DriverPackageStrongName**  The strong name of the driver package
-- **DriverSigned**  Is the driver signed?
-- **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
-- **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
-- **DriverVersion**  The version of the driver file.
-- **ImageSize**  The size of the driver file.
-- **Inf**  The name of the INF file.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Product**  The product name that is included in the driver file.
-- **ProductVersion**  The product version that is included in the driver file.
-- **Service**  The name of the service that is installed for the device.
-- **WdfVersion**  The Windows Driver Framework version.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
-
-This event indicates that the InventoryDriverBinary object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
-
-This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
-
-This event sends basic metadata about drive packages installed on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Class**  The class name for the device driver.
-- **ClassGuid**  The class GUID for the device driver.
-- **Date**  The driver package date.
-- **Directory**  The path to the driver package.
-- **DriverInBox**  Is the driver included with the operating system?
-- **Inf**  The INF name of the driver package.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Provider**  The provider for the driver package.
-- **SubmissionId**  The HLK submission ID for the driver package.
-- **Version**  The version of the driver package.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
-
-This event indicates that the InventoryDriverPackageRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
-
-This event indicates that a new set of InventoryDriverPackageAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.General. InventoryMiscellaneousMemorySlotArrayInfoRemove
-
-This event indicates that this particular data object represented by the ObjectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
-
-This event sends details collected for a specific application on the source device. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AhaVersion**  The binary version of the App Health Analyzer tool.
-- **ApplicationErrors**  The count of application errors from the event log.
-- **Bitness**  The architecture type of the application (16 Bit or 32 bit or 64 bit).
-- **device_level**  Various JRE/JAVA versions installed on a particular device.
-- **ExtendedProperties**  Attribute used for aggregating all other attributes under this event type.
-- **Jar**  Flag to determine if an app has a Java JAR file dependency.
-- **Jre**  Flag to determine if an app has JRE framework dependency.
-- **Jre_version**  JRE versions an app has declared framework dependency for.
-- **Name**  Name of the application.
-- **NonDPIAware**  Flag to determine if an app is non-DPI aware
-- **NumBinaries**  Count of all binaries (.sys,.dll,.ini) from application install location.
-- **RequiresAdmin**  Flag to determine if an app requests admin privileges for execution.
-- **RequiresAdminv2**  Additional flag to determine if an app requests admin privileges for execution.
-- **RequiresUIAccess**  Flag to determine if an app is based on UI features for accessibility.
-- **VB6**  Flag to determine if an app is based on VB6 framework.
-- **VB6v2**  Additional flag to determine if an app is based on VB6 framework.
-- **Version**  Version of the application.
-- **VersionCheck**  Flag to determine if an app has a static dependency on OS version.
-- **VersionCheckv2**  Additional flag to determine if an app has a static dependency on OS version.
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
-
-This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AllowTelemetry**  Indicates the presence of the 'allowtelemetry' command line argument.
-- **CommandLineArgs**  Command line arguments passed when launching the App Health Analyzer executable.
-- **Enhanced**  Indicates the presence of the 'enhanced' command line argument.
-- **StartTime**  UTC date and time at which this event was sent.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
-
-This event provides basic information about active memory slots on the device.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Capacity**  Memory size in bytes
-- **Manufacturer**  Name of the DRAM manufacturer
-- **Model**  Model and sub-model of the memory
-- **Slot**  Slot to which the DRAM is plugged into the motherboard.
-- **Speed**  The configured memory slot speed in MHz.
-- **Type**  Reports DDR as an enumeration value per DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails**  Reports Non-volatile as a bit flag enumeration per DMTF SMBIOS standard version 3.3.0, section 7.18.3.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
-
-This diagnostic event indicates a new sync is being generated for this object type.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
-
-This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Identifier**  UUP identifier
-- **LastActivatedVersion**  Last activated version
-- **PreviousVersion**  Previous version
-- **Source**  UUP source
-- **Version**  UUP version
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
-
-This is a diagnostic event that indicates a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.Checksum
-
-This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **ChecksumDictionary**  A count of each operating system indicator.
-- **PCFP**  Equivalent to the InventoryId field that is found in other core events.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
-
-This event represents the basic metadata about the OS indicators installed on the system. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **IndicatorValue**  The indicator value.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-## Kernel events
-
-### IO
-
-This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
-
-The following fields are available:
-
-- **BytesRead**  The total number of bytes read from or read by the OS upon system startup.
-- **BytesWritten**  The total number of bytes written to or written by the OS upon system startup.
-
-
-### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
-
-This event includes basic data about the Operating System, collected during Boot and used to evaluate the success of the upgrade process. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BootApplicationId**  This field tells us what the OS Loader Application Identifier is.
-- **BootAttemptCount**  The number of consecutive times the boot manager has attempted to boot into this operating system.
-- **BootSequence**  The current Boot ID, used to correlate events related to a particular boot session.
-- **BootStatusPolicy**  Identifies the applicable Boot Status Policy.
-- **BootType**  Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
-- **EventTimestamp**  Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
-- **FirmwareResetReasonEmbeddedController**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonEmbeddedControllerAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonPch**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonPchAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonSupplied**  Flag indicating that a reason for system reset was provided by firmware.
-- **IO**  Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
-- **LastBootSucceeded**  Flag indicating whether the last boot was successful.
-- **LastShutdownSucceeded**  Flag indicating whether the last shutdown was successful.
-- **MenuPolicy**  Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
-- **RecoveryEnabled**  Indicates whether recovery is enabled.
-- **UserInputTime**  The amount of time the loader application spent waiting for user input.
-
-
-## Migration events
-
-### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
-
-This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-## OneDrive events
-
-### Microsoft.OneDrive.Sync.Setup.APIOperation
-
-This event includes basic data about install and uninstall OneDrive API operations. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **Duration**  How long the operation took.
-- **IsSuccess**  Was the operation successful?
-- **ResultCode**  The result code.
-- **ScenarioName**  The name of the scenario.
-
-
-### Microsoft.OneDrive.Sync.Setup.EndExperience
-
-This event includes a success or failure summary of the installation. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **HResult**  The result code of the last action performed before this operation
-- **IsSuccess**  Was the operation successful?
-- **ScenarioName**  The name of the scenario.
-
-
-### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
-
-This event is related to the OS version when the OS is upgraded with OneDrive installed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CurrentOneDriveVersion**  The current version of OneDrive.
-- **CurrentOSBuildBranch**  The current branch of the operating system.
-- **CurrentOSBuildNumber**  The current build number of the operating system.
-- **CurrentOSVersion**  The current version of the operating system.
-- **HResult**  The HResult of the operation.
-- **SourceOSBuildBranch**  The source branch of the operating system.
-- **SourceOSBuildNumber**  The source build number of the operating system.
-- **SourceOSVersion**  The source version of the operating system.
-
-
-### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation
-
-This event is related to registering or unregistering the OneDrive update task. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **IsSuccess**  Was the operation successful?
-- **RegisterNewTaskResult**  The HResult of the RegisterNewTask operation.
-- **ScenarioName**  The name of the scenario.
-- **UnregisterOldTaskResult**  The HResult of the UnregisterOldTask operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
-
-This event includes basic data about the installation state of dependent OneDrive components. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ComponentName**  The name of the dependent component.
-- **isInstalled**  Is the dependent component installed?
-
-
-### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus
-
-This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **32bit**  The status of the OneDrive overlay icon on a 32-bit operating system.
-- **64bit**  The status of the OneDrive overlay icon on a 64-bit operating system.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
-
-This event sends information describing the result of the update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-- **IsLoggingEnabled**  Indicates whether logging is enabled for the updater.
-- **UpdaterVersion**  The version of the updater.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult
-
-This event determines the status when downloading the OneDrive update configuration file. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus
-
-This event determines the error code that was returned when verifying Internet connectivity. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **winInetError**  The HResult of the operation.
-
-
-## Other events
-
-### Microsoft.ServerManagementExperience.Gateway.Service.ManagedNodeProperties
-
-This is a periodic rundown event that contains more detailed information about the nodes added to this Windows Admin Center gateway for management.
-
-The following fields are available:
-
-- **nodeId**  The nodeTypeId concatenated with the hostname or IP address that gateway uses to connect to this node.
-- **nodeOperatingSystem**  A user friendly description of the node's OS version.
-- **nodeOSVersion**  A major or minor build version string for the node's OS.
-- **nodeTypeId**  A string that distinguishes between a connection target, whether it is a client, server, cluster or a hyper-converged cluster.
-- **otherProperties**  Contains a JSON object with variable content and may contain: "nodes": a list of host names or IP addresses of the servers belonging to a cluster, "aliases": the alias if it is set for this connection, "lastUpdatedTime": the number of milliseconds since Unix epoch when this connection was last updated, "ncUri", "caption", "version", "productType", "networkName", "operatingSystem", "computerManufacturer", "computerModel", "isS2dEnabled". This JSON object is formatted as an quotes-escaped string.
-
-
-## Privacy logging notification events
-
-### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
-
-This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cleanupTask**  Indicates whether the task that launched the dialog should be cleaned up.
-- **cleanupTaskResult**  The return code of the attempt to clean up the task used to show the dialog.
-- **deviceEvaluated**  Indicates whether the device was eligible for evaluation of a known issue.
-- **deviceImpacted**  Indicates whether the device was impacted by a known issue.
-- **modalAction**  The action the user took on the dialog that was presented to them.
-- **modalResult**  The return code of the attempt to show a dialog to the user explaining the issue.
-- **resetSettingsResult**  The return code of the action to correct the known issue.
-
-
-## Quality Update Assistant events
-
-### Microsoft.Windows.QualityUpdateAssistant.Applicability
-
-This event sends basic info on whether the device should be updated to the latest cumulative update. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Applicability check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck
-
-This event sends basic info on whether the device is ready to download the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Device readiness check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Download
-
-This event sends basic info when download of the latest cumulative update begins. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Download of latest cumulative update payload.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Install
-
-This event sends basic info on the result of the installation of the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Install of latest cumulative update payload.
-
-
-## Remediation events
-
-### Microsoft.Windows.Remediation.Applicable
-
-This event indicates whether Windows Update sediment remediations need to be applied to the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **ActionName**  The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
-- **AppraiserDetectCondition**  Indicates whether the plug-in passed the appraiser's check.
-- **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
-- **AppraiserTaskDisabled**  Indicates the appraiser task is disabled.
-- **CV**  Correlation vector
-- **DateTimeDifference**  The difference between local and reference clock times.
-- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
-- **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
-- **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
-- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
-- **EvalAndReportAppraiserBinariesFailed**  Indicates the EvalAndReportAppraiserBinaries event failed.
-- **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **EvalAndReportAppraiserRegEntriesFailed**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by the remediation system.
-- **HResult**  The HRESULT for detection or perform action phases of the plugin.
-- **IsAppraiserLatestResult**  The HRESULT from the appraiser task.
-- **IsConfigurationCorrected**  Indicates whether the configuration of SIH task was successfully corrected.
-- **LastHresult**  The HRESULT for detection or perform action phases of the plugin.
-- **LastRun**  The date of the most recent SIH run.
-- **NextRun**  Date of the next scheduled SIH run.
-- **PackageVersion**  The version of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Reload**  True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
-- **RemediationNoisyHammerAutoStartCount**  The number of times Auto UA auto-started.
-- **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
-- **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
-- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the Auto UA ran.
-- **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
-- **RemediationNoisyHammerIsInstalled**  TRUE if the Auto UA is installed.
-- **RemediationNoisyHammerLastTaskRunResult**  The result from the last Auto UA task run.
-- **RemediationNoisyHammerMeteredNetwork**  TRUE if the machine is on a metered network.
-- **RemediationNoisyHammerTaskEnabled**  TRUE if the Auto UA task is enabled.
-- **RemediationNoisyHammerTaskExists**  TRUE if the Auto UA task exists.
-- **RemediationNoisyHammerTaskTriggerEnabledCount**  Indicates whether the task has the count trigger enabled.
-- **RemediationNoisyHammerUAExitCode**  The exit code of the Update Assistant.
-- **RemediationNoisyHammerUAExitState**  The exit code of the Update Assistant.
-- **RemediationNoisyHammerUserLoggedIn**  TRUE if there is a user logged in.
-- **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
-- **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
-- **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
-- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
-- **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
-- **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
-- **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
-- **RemediationTaskHealthChkdskProactiveScan**  True/False based on the health of the Check Disk task.
-- **RemediationTaskHealthDiskCleanup_SilentCleanup**  True/False based on the health of the Disk Cleanup task.
-- **RemediationTaskHealthMaintenance_WinSAT**  True/False based on the health of the Health Maintenance task.
-- **RemediationTaskHealthServicing_ComponentCleanupTask**  True/False based on the health of the Health Servicing Component task.
-- **RemediationTaskHealthUSO_ScheduleScanTask**  True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
-- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask**  True/False based on the health of the Windows Update Scheduled Start task.
-- **RemediationTaskHealthWindowsUpdate_SihbootTask**  True/False based on the health of the Sihboot task.
-- **RemediationUHServiceBitsServiceEnabled**  Indicates whether BITS service is enabled.
-- **RemediationUHServiceDeviceInstallEnabled**  Indicates whether Device Install service is enabled.
-- **RemediationUHServiceDoSvcServiceEnabled**  Indicates whether DO service is enabled.
-- **RemediationUHServiceDsmsvcEnabled**  Indicates whether DSMSVC service is enabled.
-- **RemediationUHServiceLicensemanagerEnabled**  Indicates whether License Manager service is enabled.
-- **RemediationUHServiceMpssvcEnabled**  Indicates whether MPSSVC service is enabled.
-- **RemediationUHServiceTokenBrokerEnabled**  Indicates whether Token Broker service is enabled.
-- **RemediationUHServiceTrustedInstallerServiceEnabled**  Indicates whether Trusted Installer service is enabled.
-- **RemediationUHServiceUsoServiceEnabled**  Indicates whether USO (Update Session Orchestrator) service is enabled.
-- **RemediationUHServicew32timeServiceEnabled**  Indicates whether W32 Time service is enabled.
-- **RemediationUHServiceWecsvcEnabled**  Indicates whether WECSVC service is enabled.
-- **RemediationUHServiceWinmgmtEnabled**  Indicates whether WMI service is enabled.
-- **RemediationUHServiceWpnServiceEnabled**  Indicates whether WPN service is enabled.
-- **RemediationUHServiceWuauservServiceEnabled**  Indicates whether WUAUSERV service is enabled.
-- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
-- **RunAppraiserFailed**  Indicates RunAppraiser failed to run correctly.
-- **RunTask**  TRUE if SIH task should be run by the plug-in.
-- **TimeServiceNTPServer**  The URL for the NTP time server used by device.
-- **TimeServiceStartType**  The startup type for the NTP time service.
-- **TimeServiceSyncDomainJoined**  True if device domain joined and hence uses DC for clock.
-- **TimeServiceSyncType**  Type of sync behavior for Date & Time service on device.
-
-
-### Microsoft.Windows.Remediation.ChangePowerProfileDetection
-
-This event indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates, to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActionName**  A descriptive name for the plugin action
-- **CurrentPowerPlanGUID**  The ID of the current power plan configured on the device
-- **CV**  Correlation vector
-- **GlobalEventCounter**  Counter that indicates the ordering of events on the device
-- **PackageVersion**  Current package version of remediation service
-- **RemediationBatteryPowerBatteryLevel**  Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0)
-- **RemediationFUInProcess**  Result that shows whether the device is currently installing a feature update
-- **RemediationFURebootRequred**  Indicates that a feature update reboot required was detected so the plugin will exit.
-- **RemediationScanInProcess**  Result that shows whether the device is currently scanning for updates
-- **RemediationTargetMachine**  Result that shows whether this device is a candidate for remediation(s) that will fix update issues
-- **SetupMutexAvailable**  Result that shows whether setup mutex is available or not
-- **SysPowerStatusAC**  Result that shows whether system is on AC power or not
-
-
-### Microsoft.Windows.Remediation.Completed
-
-This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **ActionName**  Name of the action to be completed by the plug-in.
-- **AppraiserTaskCreationFailed**  TRUE if the appraiser task creation failed to complete successfully.
-- **AppraiserTaskDeleteFailed**  TRUE if deletion of appraiser task failed to complete successfully.
-- **AppraiserTaskExistFailed**  TRUE if detection of the appraiser task failed to complete successfully.
-- **AppraiserTaskLoadXmlFailed**  TRUE if the Appraiser XML Loader failed to complete successfully.
-- **AppraiserTaskMissing**  TRUE if the Appraiser task is missing.
-- **AppraiserTaskTimeTriggerUpdateFailedId**  TRUE if the Appraiser Task Time Trigger failed to update successfully.
-- **AppraiserTaskValidateTaskXmlFailed**  TRUE if the Appraiser Task XML failed to complete successfully.
-- **branchReadinessLevel**  Branch readiness level policy.
-- **cloudControlState**  Value indicating whether the shell is enabled on the cloud control settings.
-- **CrossedDiskSpaceThreshold**  Indicates if cleanup resulted in hard drive usage threshold required for feature update to be exceeded.
-- **CV**  The Correlation Vector.
-- **DateTimeDifference**  The difference between the local and reference clocks.
-- **DaysSinceOsInstallation**  The number of days since the installation of the Operating System.
-- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in megabytes.
-- **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
-- **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
-- **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
-- **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
-- **hasRolledBack**  Indicates whether the client machine has rolled back.
-- **hasUninstalled**  Indicates whether the client machine has uninstalled a later version of the OS.
-- **hResult**  The result of the event execution.
-- **HResult**  The result of the event execution.
-- **installDate**  The value of installDate registry key. Indicates the install date.
-- **isNetworkMetered**  Indicates whether the client machine has uninstalled a later version of the OS.
-- **LatestState**  The final state of the plug-in component.
-- **MicrosoftCompatibilityAppraiser**  The name of the component targeted by the Appraiser plug-in.
-- **PackageVersion**  The package version for the current Remediation.
-- **PageFileCount**  The number of Windows Page files.
-- **PageFileCurrentSize**  The size of the Windows Page file, measured in Megabytes.
-- **PageFileLocation**  The storage location (directory path) of the Windows Page file.
-- **PageFilePeakSize**  The maximum amount of hard disk space used by the Windows Page file, measured in Megabytes.
-- **PluginName**  The name of the plug-in specified for each generic plug-in event.
-- **RanCleanup**  TRUE if the plug-in ran disk cleanup.
-- **RemediationBatteryPowerBatteryLevel**  Indicates the battery level at which it is acceptable to continue operation.
-- **RemediationBatteryPowerExitDueToLowBattery**  True when we exit due to low battery power.
-- **RemediationBatteryPowerOnBattery**  True if we allow execution on battery.
-- **RemediationConfigurationTroubleshooterExecuted**  True/False based on whether the Remediation Configuration Troubleshooter executed successfully.
-- **RemediationConfigurationTroubleshooterIpconfigFix**  TRUE if IPConfig Fix completed successfully.
-- **RemediationConfigurationTroubleshooterNetShFix**  TRUE if network card cache reset ran successfully.
-- **RemediationDiskCleanSizeBtWindowsFolderInMegabytes**  The size of the Windows BT folder (used to store Windows upgrade files), measured in Megabytes.
-- **RemediationDiskCleanupBTFolderEsdSizeInMB**  The size of the Windows BT folder (used to store Windows upgrade files) ESD (Electronic Software Delivery), measured in Megabytes.
-- **RemediationDiskCleanupGetCurrentEsdSizeInMB**  The size of any existing ESD (Electronic Software Delivery) folder, measured in Megabytes.
-- **RemediationDiskCleanupSearchFileSizeInMegabytes**  The size of the Cleanup Search index file, measured in Megabytes.
-- **RemediationDiskCleanupUpdateAssistantSizeInMB**  The size of the Update Assistant folder, measured in Megabytes.
-- **RemediationDoorstopChangeSucceeded**  TRUE if Doorstop registry key was successfully modified.
-- **RemediationDoorstopExists**  TRUE if there is a One Settings Doorstop value.
-- **RemediationDoorstopRegkeyError**  TRUE if an error occurred accessing the Doorstop registry key.
-- **RemediationDRFKeyDeleteSucceeded**  TRUE if the RecoveredFrom (Doorstop) registry key was successfully deleted.
-- **RemediationDUABuildNumber**  The build number of the DUA.
-- **RemediationDUAKeyDeleteSucceeded**  TRUE if the UninstallActive registry key was successfully deleted.
-- **RemediationDuplicateTokenSucceeded**  TRUE if the user token was successfully duplicated.
-- **remediationExecution**  Remediation shell is in "applying remediation" state.
-- **RemediationHibernationMigrated**  TRUE if hibernation was migrated.
-- **RemediationHibernationMigrationSucceeded**  TRUE if hibernation migration succeeded.
-- **RemediationImpersonateUserSucceeded**  TRUE if the user was successfully impersonated.
-- **RemediationNoisyHammerTaskKickOffIsSuccess**  TRUE if the Auto UA task started successfully.
-- **RemediationQueryTokenSucceeded**  TRUE if the user token was successfully queried.
-- **RemediationRanHibernation**  TRUE if the system entered Hibernation.
-- **RemediationRevertToSystemSucceeded**  TRUE if reversion to the system context succeeded.
-- **RemediationShellHasUpgraded**  TRUE if the device upgraded.
-- **RemediationShellMinimumTimeBetweenShellRuns**  Indicates the time between shell runs exceeded the minimum required to execute plugins.
-- **RemediationShellRunFromService**  TRUE if the shell driver was run from the service.
-- **RemediationShellSessionIdentifier**  Unique identifier tracking a shell session.
-- **RemediationShellSessionTimeInSeconds**  Indicates the time the shell session took in seconds.
-- **RemediationShellTaskDeleted**  Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation.
-- **RemediationUpdateServiceHealthRemediationResult**  The result of the Update Service Health plug-in.
-- **RemediationUpdateTaskHealthRemediationResult**  The result of the Update Task Health plug-in.
-- **RemediationUpdateTaskHealthTaskList**  A list of tasks fixed by the Update Task Health plug-in.
-- **RemediationWindowsLogSpaceFound**  The size of the Windows log files found, measured in Megabytes.
-- **RemediationWindowsLogSpaceFreed**  The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
-- **RemediationWindowsSecondaryDriveFreeSpace**  The amount of free space on the secondary drive, measured in Megabytes.
-- **RemediationWindowsSecondaryDriveLetter**  The letter designation of the first secondary drive with a total capacity of 10GB or more.
-- **RemediationWindowsSecondaryDriveTotalSpace**  The total storage capacity of the secondary drive, measured in Megabytes.
-- **RemediationWindowsTotalSystemDiskSize**  The total storage capacity of the System Disk Drive, measured in Megabytes.
-- **Result**  The HRESULT for Detection or Perform Action phases of the plug-in.
-- **RunResult**  The HRESULT for Detection or Perform Action phases of the plug-in.
-- **ServiceHealthPlugin**  The nae of the Service Health plug-in.
-- **StartComponentCleanupTask**  TRUE if the Component Cleanup task started successfully.
-- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive, in megabytes.
-- **systemUptimeInHours**  Indicates the amount of time the system in hours has been on since the last boot.
-- **TotalSizeofOrphanedInstallerFilesInMegabytes**  The size of any orphaned Windows Installer files, measured in Megabytes.
-- **TotalSizeofStoreCacheAfterCleanupInMegabytes**  The size of the Microsoft Store cache after cleanup, measured in Megabytes.
-- **TotalSizeofStoreCacheBeforeCleanupInMegabytes**  The size of the Microsoft Store cache (prior to cleanup), measured in Megabytes.
-- **uninstallActive**  TRUE if previous uninstall has occurred for current OS
-- **usoScanDaysSinceLastScan**  The number of days since the last USO (Update Session Orchestrator) scan.
-- **usoScanInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
-- **usoScanIsAllowAutoUpdateKeyPresent**  TRUE if the AllowAutoUpdate registry key is set.
-- **usoScanIsAllowAutoUpdateProviderSetKeyPresent**  TRUE if AllowAutoUpdateProviderSet registry key is set.
-- **usoScanIsAuOptionsPresent**  TRUE if Auto Update Options registry key is set.
-- **usoScanIsFeatureUpdateInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
-- **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
-- **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
-- **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
-- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
-- **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
-- **windows10UpgraderBlockWuUpdates**  Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
-- **windowsEditionId**  Event to report the value of Windows Edition ID.
-- **WindowsHyberFilSysSizeInMegabytes**  The size of the Windows Hibernation file, measured in Megabytes.
-- **WindowsInstallerFolderSizeInMegabytes**  The size of the Windows Installer folder, measured in Megabytes.
-- **WindowsOldFolderSizeInMegabytes**  The size of the Windows.OLD folder, measured in Megabytes.
-- **WindowsOldSpaceCleanedInMB**  The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
-- **WindowsPageFileSysSizeInMegabytes**  The size of the Windows Page file, measured in Megabytes.
-- **WindowsSoftwareDistributionFolderSizeInMegabytes**  The size of the SoftwareDistribution folder, measured in Megabytes.
-- **WindowsSwapFileSysSizeInMegabytes**  The size of the Windows Swap file, measured in Megabytes.
-- **WindowsSxsFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) folder, measured in Megabytes.
-- **WindowsSxsTempFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes.
-- **windowsUpgradeRecoveredFromRs4**  Event to report the value of the Windows Upgrade Recovered key.
-
-
-### Microsoft.Windows.Remediation.RemediationShellMainExeEventId
-
-This event enables tracking of completion of process that remediates issues preventing security and quality updates keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Client side counter which indicates ordering of events sent by the remediation system.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by the remediation system.
-- **PackageVersion**  Current package version of Remediation.
-- **RemediationShellCanAcquireSedimentMutex**  True if the remediation was able to acquire the sediment mutex. False if it is already running.
-- **RemediationShellExecuteShellResult**  Indicates if the remediation system completed without errors.
-- **RemediationShellFoundDriverDll**  Result whether the remediation system found its component files to run properly.
-- **RemediationShellLoadedShellDriver**  Result whether the remediation system loaded its component files to run properly.
-- **RemediationShellLoadedShellFunction**  Result whether the remediation system loaded the functions from its component files to run properly.
-
-
-### Microsoft.Windows.Remediation.Started
-
-This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  The version of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-## Sediment events
-
-### Microsoft.Windows.Sediment.Info.DetailedState
-
-This event is sent when detailed state information is needed from an update trial run. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **Data**  Data relevant to the state, such as what percent of disk space the directory takes up.
-- **Id**  Identifies the trial being run, such as a disk related trial.
-- **ReleaseVer**  The version of the component.
-- **State**  The state of the reporting data from the trial, such as the top-level directory analysis.
-- **Time**  The time the event was fired.
-
-
-### Microsoft.Windows.Sediment.Info.Error
-
-This event indicates an error in the updater payload. This information assists in keeping Windows up to date.
-
-
-
-### Microsoft.Windows.Sediment.Info.PhaseChange
-
-The event indicates progress made by the updater. This information assists in keeping Windows up to date.
-
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ApplicabilityCheckFailed
-
-This event returns data relating to the error state after one of the applicability checks for the installer component of the Operating System Remediation System Service (OSRSS) has failed. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CheckName**  The name of the applicability check that failed.
-- **InstallerVersion**  The version information for the installer component.
-- **Time**  The system timestamp for when the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.AttemptingUpdate
-
-This event indicates the Operating System Remediation System Service (OSRSS) installer is attempting an update to itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.BinaryUpdated
-
-This event indicates the Operating System Remediation System Service (OSRSS) updated installer binaries with new binaries as part of its self-update process. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.InstallerLaunched
-
-This event indicates the Operating System Remediation System Service (OSRSS) has launched. The information provided helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceInstalled
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully installed the Installer Component. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceRestarted
-
-This event indicates the Operating System Remediation System Service (OSRSS) has restarted after installing an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStarted
-
-This event indicates the Operating System Remediation System Service (OSRSS) has started after installing an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStopped
-
-This event indicates the Operating System Remediation System Service (OSRSS) was stopped by a self-updated to install an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterCompleted
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully completed the self-update operation. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterLaunched
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully launched the self-updater after downloading it. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.SedimentLauncher.Applicable
-
-This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DetectedCondition**  Boolean true if detect condition is true and perform action will be run.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **IsSelfUpdateEnabledInOneSettings**  True if self update enabled in Settings.
-- **IsSelfUpdateNeeded**  True if self update needed by device.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentLauncher.Completed
-
-This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **FailedReasons**  Concatenated list of failure reasons.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **SedLauncherExecutionResult**  HRESULT for one execution of the Sediment Launcher.
-
-
-### Microsoft.Windows.SedimentLauncher.Error
-
-This event indicates an error occurred during the execution of the plug-in. The information provided helps ensure future upgrade/update attempts are more successful. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  The result for the Detection or Perform Action phases of the plug-in.
-- **Message**  A message containing information about the error that occurred (if any).
-- **PackageVersion**  The version number of the current remediation package.
-
-
-### Microsoft.Windows.SedimentLauncher.FallbackError
-
-This event indicates that an error occurred during execution of the plug-in fallback. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **s0**  Error occurred during execution of the plugin fallback. See [Microsoft.Windows.SedimentLauncher.wilResult](#microsoftwindowssedimentlauncherwilresult).
-- **wilResult**  Result from executing wil based function. See [wilResult](#wilresult).
-
-
-### Microsoft.Windows.SedimentLauncher.Information
-
-This event provides general information returned from the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  This is the HRESULT for detection or perform action phases of the plugin.
-- **Message**  Information message returned from a plugin containing only information internal to the plugins execution.
-- **PackageVersion**  Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentLauncher.Started
-
-This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentLauncher.wilResult
-
-This event provides the result from the Windows internal library. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  List of telemetry activities containing this error.
-- **currentContextId**  Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage**  Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName**  Name of the newest telemetry activity containing this error.
-- **failureCount**  Number of failures seen within the binary where the error occurred.
-- **failureId**  Identifier assigned to this failure.
-- **failureType**  Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName**  Source code file name where the error occurred.
-- **function**  Name of the function where the error occurred.
-- **hresult**  Failure error code.
-- **lineNumber**  Line number within the source code file where the error occurred.
-- **message**  Custom message associated with the failure (if any).
-- **module**  Name of the binary where the error occurred.
-- **originatingContextId**  Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage**  Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName**  Name of the oldest telemetry activity containing this error.
-- **threadId**  Identifier of the thread the error occurred on.
-
-
-### Microsoft.Windows.SedimentService.Applicable
-
-This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DetectedCondition**  Determine whether action needs to run based on device properties.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **IsSelfUpdateEnabledInOneSettings**  Indicates if self update is enabled in One Settings.
-- **IsSelfUpdateNeeded**  Indicates if self update is needed.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentService.Completed
-
-This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **FailedReasons**  List of reasons when the plugin action failed.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **SedimentServiceCheckTaskFunctional**  True/False if scheduled task check succeeded.
-- **SedimentServiceCurrentBytes**  Number of current private bytes of memory consumed by sedsvc.exe.
-- **SedimentServiceKillService**  True/False if service is marked for kill (Shell.KillService).
-- **SedimentServiceMaximumBytes**  Maximum bytes allowed for the service.
-- **SedimentServiceRetrievedKillService**  True/False if result of One Settings check for kill succeeded - we only send back one of these indicators (not for each call).
-- **SedimentServiceStopping**  True/False indicating whether the service is stopping.
-- **SedimentServiceTaskFunctional**  True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
-- **SedimentServiceTotalIterations**  Number of 5 second iterations service will wait before running again.
-
-
-### Microsoft.Windows.SedimentService.Error
-
-This event indicates whether an error condition occurred in the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  This is the HRESULT for detection or perform action phases of the plugin.
-- **Message**  Custom message associated with the failure (if any).
-- **PackageVersion**  Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentService.FallbackError
-
-This event indicates whether an error occurred for a fallback in the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **s0**  Event returned when an error occurs for a fallback in the plugin. See [Microsoft.Windows.SedimentService.wilResult](#microsoftwindowssedimentservicewilresult).
-- **wilResult**  Result for wil based function. See [wilResult](#wilresult).
-
-
-### Microsoft.Windows.SedimentService.Information
-
-This event provides general information returned from the plug-in. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **HResult**  This is the HRESULT for detection or perform action phases of the plugin.
-- **Message**  Custom message associated with the failure (if any).
-- **PackageVersion**  Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentService.Started
-
-This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation Vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **PackageVersion**  The version number of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentService.wilResult
-
-This event provides the result from the Windows internal library. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  List of telemetry activities containing this error.
-- **currentContextId**  Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage**  Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName**  Name of the newest telemetry activity containing this error.
-- **failureCount**  Number of failures seen within the binary where the error occurred.
-- **failureId**  Identifier assigned to this failure.
-- **failureType**  Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName**  Source code file name where the error occurred.
-- **function**  Name of the function where the error occurred.
-- **hresult**  Failure error code.
-- **lineNumber**  Line number within the source code file where the error occurred.
-- **message**  Custom message associated with the failure (if any).
-- **module**  Name of the binary where the error occurred.
-- **originatingContextId**  Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage**  Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName**  Name of the oldest telemetry activity containing this error.
-- **threadId**  Identifier of the thread the error occurred on.
-
-
-## Setup events
-
-### SetupPlatformTel.SetupPlatformTelActivityEvent
-
-This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **Value**  Value associated with the corresponding event name. For example, time-related events will include the system time
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStarted
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-The following fields are available:
-
-- **Name**  The name of the dynamic update type. Example: GDR driver
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStopped
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-
-
-### SetupPlatformTel.SetupPlatformTelEvent
-
-This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **Value**  Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
-
-
-## Shared PC events
-
-### Microsoft.Windows.SharedPC.AccountManager.DeleteUserAccount
-
-Activity for deletion of a user account for devices set up for Shared PC mode as part of the Transient Account Manager to help keep Windows up to date. Deleting un-used user accounts on Education/Shared PCs frees up disk space to improve Windows Update success rates.
-
-The following fields are available:
-
-- **accountType**  The type of account that was deleted. Example: AD, Azure Active Directory (Azure AD), or Local
-- **deleteState**  Whether the attempted deletion of the user account was successful.
-- **userSid**  The security identifier of the account.
-- **wilActivity**  Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.SharedPC.AccountManager.SinglePolicyEvaluation
-
-Activity for run of the Transient Account Manager that determines if any user accounts should be deleted for devices set up for Shared PC mode to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates
-
-The following fields are available:
-
-- **evaluationTrigger**  When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours
-- **totalAccountCount**  The number of accounts on a device after running the Transient Account Manager policies.
-- **wilActivity**  Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity).
-
-
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The function where the failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-### wilResult
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The call context stack where failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-## SIH events
-
-### SIHEngineTelemetry.EvalApplicability
-
-This event is sent when targeting logic is evaluated to determine if a device is eligible a given action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActionReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **HandlerReasons**  If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **StandardReasons**  If an action has been assessed as inapplicable, the standard logic the prevented it.
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID**  A unique identifier for the action being acted upon.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-### SIHEngineTelemetry.ExecuteAction
-
-This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event, whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **RebootRequired**  Indicates if a reboot was required to complete the action.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID**  A unique identifier for the action being acted upon.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-### SIHEngineTelemetry.PostRebootReport
-
-This event reports the status of an action following a reboot, should one have been required. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event, whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID**  A unique identifier for the action being acted upon.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-### SIHEngineTelemetry.ServiceStateChange
-
-This event reports the status of attempts to stop or start a service as part of executing an action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event, whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **Service**  The service that is being stopped/started.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **StateChange**  The service operation (stop/start) is being attempted.
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID**  A unique identifier for the action being acted upon.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-### SIHEngineTelemetry.SLSActionData
-
-This event reports if the SIH client was able to successfully parse the manifest describing the actions to be evaluated. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **FailedParseActions**  The list of actions that were not successfully parsed.
-- **ParsedActions**  The list of actions that were successfully parsed.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-## Software update events
-
-### SoftwareUpdateClientTelemetry.CheckForUpdates
-
-This event sends tracking data about the software distribution client check for content that is applicable to a device, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActivityMatchingId**  Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults**  Indicates if the scan allowed using cached results.
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BranchReadinessLevel**  The servicing branch configured on the device.
-- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CapabilityDetectoidGuid**  The GUID for a hardware applicability detectoid that could not be evaluated.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-- **ClientVersion**  The version number of the software distribution client.
-- **Context**  Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeferralPolicySources**  Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
-- **DeferredUpdates**  Update IDs which are currently being deferred until a later time
-- **DeviceModel**  What is the device model.
-- **DriverError**  The error code hit during a driver scan. This is 0 if no error was encountered.
-- **DriverExclusionPolicy**  Indicates if the policy for not including drivers with Windows Update is enabled.
-- **DriverSyncPassPerformed**  Were drivers scanned this time?
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **ExtendedMetadataCabUrl**  Hostname that is used to download an update.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FailedUpdateGuids**  The GUIDs for the updates that failed to be evaluated during the scan.
-- **FailedUpdatesCount**  The number of updates that failed to be evaluated during the scan.
-- **FeatureUpdateDeferral**  The deferral period configured for feature OS updates on the device (in days).
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FeatureUpdatePausePeriod**  The pause duration configured for feature OS updates on the device (in days).
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
-- **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
-- **MSIError**  The last error that was encountered during a scan for updates.
-- **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
-- **NumberOfApplicableUpdates**  The number of updates which were ultimately deemed applicable to the system after the detection process is complete
-- **NumberOfApplicationsCategoryScanEvaluated**  The number of categories (apps) for which an app update scan checked
-- **NumberOfLoop**  The number of round trips the scan required
-- **NumberOfNewUpdatesFromServiceSync**  The number of updates which were seen for the first time in this scan
-- **NumberOfUpdatesEvaluated**  The total number of updates which were evaluated as a part of the scan
-- **NumFailedMetadataSignatures**  The number of metadata signatures checks which failed for new metadata synced down.
-- **Online**  Indicates if this was an online scan.
-- **PausedUpdates**  A list of UpdateIds which that currently being paused.
-- **PauseFeatureUpdatesEndTime**  If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseFeatureUpdatesStartTime**  If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PauseQualityUpdatesEndTime**  If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseQualityUpdatesStartTime**  If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdateDeferral**  The deferral period configured for quality OS updates on the device (in days).
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **QualityUpdatePausePeriod**  The pause duration configured for quality OS updates on the device (in days).
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **ScanDurationInSeconds**  The number of seconds a scan took
-- **ScanEnqueueTime**  The number of seconds it took to initialize a scan
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
-- **ServiceUrl**  The environment URL a device is configured to scan with
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
-- **SyncType**  Describes the type of scan the event was
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetMetadataVersion**  For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
-- **TotalNumMetadataSignatures**  The total number of metadata signatures checks done for new metadata that was synced down.
-- **WebServiceRetryMethods**  Web service method requests that needed to be retried to complete operation.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.Commit
-
-This event sends data on whether the Update Service has been called to execute an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client.
-- **DeviceModel**  What is the device model.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  State of call
-- **EventType**  Possible values are "Child", "Bundle", or "Driver".
-- **FlightId**  The specific id of the flight the device is getting
-- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
-- **RevisionNumber**  Unique revision number of Update
-- **ServerId**  Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **UpdateId**  Unique Update ID
-- **WUDeviceID**  UniqueDeviceID
-
-
-### SoftwareUpdateClientTelemetry.Download
-
-This event sends tracking data about the software distribution client download of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActiveDownloadTime**  How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.
-- **AppXBlockHashValidationFailureCount**  A count of the number of blocks that have failed validation after being downloaded.
-- **AppXDownloadScope**  Indicates the scope of the download for application content.
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The SKU number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleBytesDownloaded**  Number of bytes downloaded for the specific content bundle.
-- **BundleId**  Identifier associated with the specific content bundle.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle had previously failed to download.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **BytesDownloaded**  Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
-- **CachedEngineVersion**  The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable.
-- **CallerApplicationName**  The name provided by the application that initiated API calls into the software distribution client.
-- **CbsDownloadMethod**  Indicates whether the download was a full- or a partial-file download.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  ID which defines which CDN the software distribution client downloaded the content from.
-- **ClientVersion**  The version number of the software distribution client.
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeviceModel**  The model of the device.
-- **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
-- **DownloadScenarioId**  A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events.
-- **DownloadType**  Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed.
-- **EventType**  Identifies the type of the event (Child, Bundle, or Driver).
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightBuildNumber**  If this download was for a flight (pre-release build), this indicates the build number of that flight.
-- **FlightId**  The specific id of the flight (pre-release build) the device is getting.
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HandlerType**  Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
-- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **HostName**  The parent URL the content is downloading from.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6.
-- **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **NetworkCostBitMask**  Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
-- **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
-- **PackageFullName**  The package name of the content.
-- **PhonePreviewEnabled**  Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
-- **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
-- **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
-- **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TargetMetadataVersion**  The version of the currently downloading (or most recently downloaded) package.
-- **ThrottlingServiceHResult**  Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
-- **TimeToEstablishConnection**  Time (in milliseconds) it took to establish the connection prior to beginning downloaded.
-- **TotalExpectedBytes**  The total size (in Bytes) expected to be downloaded.
-- **UpdateId**  An identifier associated with the specific piece of content.
-- **UpdateID**  An identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates whether the content was marked as Important, Recommended, or Optional.
-- **UsedDO**  Indicates whether the download used the Delivery Optimization (DO) service.
-- **UsedSystemVolume**  Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.DownloadCheckpoint
-
-This event provides a checkpoint between each of the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
-- **EventType**  Possible values are "Child", "Bundle", "Relase" or "Driver"
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough
-- **FileId**  A hash that uniquely identifies a file
-- **FileName**  Name of the downloaded file
-- **FlightId**  The unique identifier for each flight
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RevisionNumber**  Unique revision number of Update
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
-- **UpdateId**  Unique Update ID
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### SoftwareUpdateClientTelemetry.DownloadHeartbeat
-
-This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BundleID**  Identifier associated with the specific content bundle. If this value is found, it shouldn't report as all zeros
-- **BytesTotal**  Total bytes to transfer for this content
-- **BytesTransferred**  Total bytes transferred for this content at the time of heartbeat
-- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **ConnectionStatus**  Indicates the connectivity state of the device at the time of heartbeat
-- **CurrentError**  Last (transient) error encountered by the active download
-- **DownloadFlags**  Flags indicating if power state is ignored
-- **DownloadState**  Current state of the active download for this content (queued, suspended, or progressing)
-- **EventType**  Possible values are "Child", "Bundle", or "Driver"
-- **FlightId**  The unique identifier for each flight
-- **IsNetworkMetered**  Indicates whether Windows considered the current network to be ?metered"
-- **MOAppDownloadLimit**  Mobile operator cap on size of application downloads, if any
-- **MOUpdateDownloadLimit**  Mobile operator cap on size of operating system update downloads, if any
-- **PowerState**  Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby)
-- **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one
-- **ResumeCount**  Number of times this active download has resumed from a suspended state
-- **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
-- **ServiceID**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
-- **SuspendCount**  Number of times this active download has entered a suspended state
-- **SuspendReason**  Last reason for why this active download entered a suspended state
-- **UpdateId**  Identifier associated with the specific piece of content
-- **WUDeviceID**  Unique device id controlled by the software distribution client
-
-
-### SoftwareUpdateClientTelemetry.Install
-
-This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to install.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **ClientVersion**  The version number of the software distribution client.
-- **CSIErrorType**  The stage of CBS installation where it failed.
-- **CurrentMobileOperator**  The mobile operator to which the device is currently connected.
-- **DeviceModel**  The device model.
-- **DriverPingBack**  Contains information about the previous driver and system state.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **EventType**  Possible values are Child, Bundle, or Driver.
-- **ExtendedErrorCode**  The extended error code.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in the Windows Insider Program.
-- **FlightBuildNumber**  If this installation was for a Windows Insider build, this is the build number of that build.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **FlightRing**  The ring that a device is on if participating in the Windows Insider Program.
-- **HandlerType**  Indicates what kind of content is being installed. Example: app, driver, Windows update
-- **HardwareId**  If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IsDependentSet**  Indicates whether the driver is part of a larger System Hardware/Firmware update.
-- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware**  Indicates whether this update is a firmware update.
-- **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
-- **IsWUfBDualScanEnabled**  Is Windows Update for Business dual scan enabled on the device?
-- **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
-- **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
-- **MsiAction**  The stage of MSI installation where it failed.
-- **MsiProductCode**  The unique identifier of the MSI installer.
-- **PackageFullName**  The package name of the content being installed.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailFlag**  Indicates whether this specific piece of content previously failed to install.
-- **RevisionNumber**  The revision number of this specific piece of content.
-- **ServiceGuid**  An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
-- **Setup360Phase**  If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of an installation event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode**  The ID that represents a given MSI installation.
-- **UpdateId**  Unique update ID.
-- **UpdateID**  An identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedSystemVolume**  Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.UpdateDetected
-
-This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **NumberOfApplicableUpdates**  The number of updates ultimately deemed applicable to the system after the detection process is complete.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
-- **ServiceGuid**  An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
-- **WUDeviceID**  The unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **EndpointUrl**  The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
-- **EventScenario**  The purpose of this event, such as scan started, scan succeeded, or scan failed.
-- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
-- **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode**  The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
-- **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
-- **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
-- **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
-- **RevisionId**  The revision ID for a specific piece of content.
-- **RevisionNumber**  The revision number for a specific piece of content.
-- **ServiceGuid**  Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
-- **SHA256OfLeafCerData**  A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfTimestampToken**  An encoded string of the timestamp token.
-- **SignatureAlgorithm**  The hash algorithm for the metadata signature.
-- **SLSPrograms**  A test program to which a device may have opted in. Example: Insider Fast
-- **StatusCode**  The status code of the event.
-- **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
-- **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
-- **UpdateId**  The update ID for a specific piece of content.
-- **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
-
-
-## Update Assistant events
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.BlockingEventId
-
-The event sends basic info on the reason that Windows 10 was not updated due to compatibility issues, previous rollbacks, or admin policies. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ApplicabilityBlockedReason**  Blocked due to an applicability issue.
-- **BlockWuUpgrades**  The upgrade assistant is currently blocked.
-- **clientID**  An identification of the current release of Update Assistant.
-- **CloverTrail**  This device is Clovertrail.
-- **DeviceIsMdmManaged**  This device is MDM managed.
-- **IsNetworkAvailable**  If the device network is not available.
-- **IsNetworkMetered**  If network is metered.
-- **IsSccmManaged**  This device is managed by Configuration Manager.
-- **NewlyInstalledOs**  OS is newly installed quiet period.
-- **PausedByPolicy**  Updates are paused by policy.
-- **RecoveredFromRS3**  Previously recovered from RS3.
-- **RS1UninstallActive**  Blocked due to an active RS1 uninstall.
-- **RS3RollBacks**  Exceeded number of allowable RS3 rollbacks.
-- **triggerTaskSource**  Describe which task launches this instance.
-- **WsusManaged**  This device is WSUS managed.
-- **ZeroExhaust**  This device is zero exhaust.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.DeniedLaunchEventId
-
-The event sends basic info when a device was blocked or prevented from updating to the latest Windows 10 version. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **calendarRun**  Indicates the calendar run task invoked the update assistant wrapper.
-- **clientID**  An identification of the current release of Update Assistant.
-- **denyReason**  All the reasons why the Update Assistant was prevented from launching. Bitmask with values from UpdateAssistant.cpp eUpgradeModeReason.
-- **triggerTaskSource**  Describe which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedLaunchEventId
-
-This event indicates that Update Assistant Orchestrator failed to launch Update Assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **hResult**  Error code of the Update Assistant Orchestrator failure.
-- **triggerTaskSource**  Describe which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedOneSettingsQueryEventId
-
-This event indicates that One Settings was not queried by update assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **hResult**  Error code of One Settings query failure.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.LaunchEventId
-
-This event sends basic information on whether the device should be updated to the latest Windows 10 version. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **autoStartRunCount**  The auto start run count of Update Assistant.
-- **clientID**  The ID of the current release of Update Assistant.
-- **launchMode**  Indicates the type of launch performed.
-- **launchTypeReason**  A bitmask of all the reasons for type of launch.
-- **triggerTaskSource**  Indicates which task launches this instance.
-- **UALaunchRunCount**  Total number of times Update Assistant launched.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.RestoreEventId
-
-The event sends basic info on whether the Windows 10 update notification has previously launched. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **calendarRun**  Indicates the update assistant wrapper was started by the calendar run task.
-- **clientID**  ID of the current release of Update Assistant.
-- **restoreReason**  All the reasons for the restore.
-- **triggerTaskSource**  Indicates which task launches this instance.
-
-
-## Update events
-
-### Update360Telemetry.UpdateAgent_DownloadRequest
-
-This event sends data during the download request phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
-- **ErrorCode**  The error code returned for the current download request phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **PackageCountOptional**  # of optional packages requested.
-- **PackageCountRequired**  # of required packages requested.
-- **PackageCountTotal**  Total # of packages needed.
-- **PackageCountTotalCanonical**  Total number of canonical packages.
-- **PackageCountTotalDiff**  Total number of diff packages.
-- **PackageCountTotalExpress**  Total number of express packages.
-- **PackageSizeCanonical**  Size of canonical packages in bytes.
-- **PackageSizeDiff**  Size of diff packages in bytes.
-- **PackageSizeExpress**  Size of express packages in bytes.
-- **RangeRequestState**  Indicates the range request type used.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the download request phase of update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt (same value for initialize, download, install commit phases)
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgent_FellBackToCanonical
-
-This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **PackageCount**  The number of packages that fell back to “canonical”.
-- **PackageList**  PackageIDs which fell back to “canonical”.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-
-
-### Update360Telemetry.UpdateAgent_Initialize
-
-This event sends data during the initialize phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current initialize phase.
-- **FlightId**  Unique ID for each flight.
-- **FlightMetadata**  Contains the FlightId and the build being flighted.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **SessionId**  Unique value for each Update Agent mode attempt .
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_Install
-
-This event sends data during the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest scan.
-- **Result**  Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_Merge
-
-This event sends data on the merge phase when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current reboot.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-
-
-### Update360Telemetry.UpdateAgent_ModeStart
-
-This event sends data for the start of each mode during the process of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **Mode**  Indicates that the Update Agent mode that has started. 1 = Initialize, 2 = DownloadRequest, 3 = Install, 4 = Commit
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest scan.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgent_SetupBoxLaunch
-
-This event sends data during the launching of the setup box when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **Quiet**  Indicates whether setup is running in quiet mode. 0 = false 1 = true
-- **RelatedCV**  Correlation vector value generated from the latest scan.
-- **SandboxSize**  The size of the sandbox folder on the device.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt.
-- **SetupMode**  Setup mode 1 = predownload, 2 = install, 3 = finalize
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentCommit
-
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentDownloadRequest
-
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
-- **DownloadRequests**  Number of times a download was retried.
-- **ErrorCode**  The error code returned for the current download request phase.
-- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
-- **FlightId**  Unique ID for each flight.
-- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
-- **ObjectId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **PackageCategoriesSkipped**  Indicates package categories that were skipped, if applicable.
-- **PackageCountOptional**  # of optional packages requested.
-- **PackageCountRequired**  # of required packages requested.
-- **PackageCountTotal**  Total # of packages needed.
-- **PackageCountTotalCanonical**  Total number of canonical packages.
-- **PackageCountTotalDiff**  Total number of diff packages.
-- **PackageCountTotalExpress**  Total number of express packages.
-- **PackageExpressType**  Type of express package.
-- **PackageSizeCanonical**  Size of canonical packages in bytes.
-- **PackageSizeDiff**  Size of diff packages in bytes.
-- **PackageSizeExpress**  Size of express packages in bytes.
-- **RangeRequestState**  Indicates the range request type used.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the download request phase of update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt (same value for initialize, download, install commit phases).
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentExpand
-
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ElapsedTickCount**  Time taken for expand phase.
-- **EndFreeSpace**  Free space after expand phase.
-- **EndSandboxSize**  Sandbox size after expand phase.
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **StartFreeSpace**  Free space before expand phase.
-- **StartSandboxSize**  Sandbox size after expand phase.
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentFellBackToCanonical
-
-This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PackageCount**  Number of packages that feel back to canonical.
-- **PackageList**  PackageIds which fell back to canonical.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInitialize
-
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **FlightMetadata**  Contains the FlightId and the build being flighted.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionData**  String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInstall
-
-This event sends data for the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **ObjectId**  Correlation vector value generated from the latest USO scan.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  The result for the current install phase.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentMerge
-
-The UpdateAgentMerge event sends data on the merge phase when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current merge phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Related correlation vector value.
-- **Result**  Outcome of the merge phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentMitigationResult
-
-This event sends data indicating the result of each update agent mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  Indicates whether the mitigation is applicable for the current update.
-- **CommandCount**  The number of command operations in the mitigation entry.
-- **CustomCount**  The number of custom operations in the mitigation entry.
-- **FileCount**  The number of file operations in the mitigation entry.
-- **FlightId**  Unique identifier for each flight.
-- **Index**  The mitigation index of this particular mitigation.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **Name**  The friendly name of the mitigation.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **OperationIndex**  The mitigation operation index (in the event of a failure).
-- **OperationName**  The friendly name of the mitigation operation (in the event of failure).
-- **RegistryCount**  The number of registry operations in the mitigation entry.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentMitigationSummary
-
-This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  The count of mitigations that were applicable to the system and scenario.
-- **Failed**  The count of mitigations that failed.
-- **FlightId**  Unique identifier for each flight.
-- **MitigationScenario**  The update scenario in which the mitigations were attempted.
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing all mitigations (in 100-nanosecond increments).
-- **Total**  Total number of mitigations that were available.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **Mode**  Indicates the mode that has started.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **Version**  Version of update
-
-
-### Update360Telemetry.UpdateAgentOneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Count**  The count of applicable OneSettings for the device.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-- **Values**  The values sent back to the device, if applicable.
-
-
-### Update360Telemetry.UpdateAgentPostRebootResult
-
-This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current post reboot phase.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PostRebootResult**  Indicates the Hresult.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Indicates the Hresult
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentSetupBoxLaunch
-
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ContainsExpressPackage**  Indicates whether the download package is express.
-- **FlightId**  Unique ID for each flight.
-- **FreeSpace**  Free space on OS partition.
-- **InstallCount**  Number of install attempts using the same sandbox.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **Quiet**  Indicates whether setup is running in quiet mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **SandboxSize**  Size of the sandbox.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **SetupMode**  Mode of setup to be launched.
-- **UpdateId**  Unique ID for each Update.
-- **UserSession**  Indicates whether install was invoked by user actions.
-
-
-## Update notification events
-
-### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage
-
-This event indicates that Javascript is reporting a schema and a set of values for critical telemetry. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version of the current campaign.
-- **CampaignID**  ID of the currently running campaign.
-- **ConfigCatalogVersion**  Current catalog version of the update notification.
-- **ContentVersion**  Content version of the current update notification campaign.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign.
-- **GlobalEventCounter**  Client side counter that indicates the ordering of events sent by this user.
-- **key1**  UI interaction data.
-- **key10**  UI interaction data.
-- **key11**  UI interaction data.
-- **key12**  UI interaction data.
-- **key13**  UI interaction data.
-- **key14**  UI interaction data.
-- **key15**  UI interaction data.
-- **key16**  UI interaction data.
-- **key17**  UI interaction data.
-- **key18**  UI interaction data.
-- **key19**  UI interaction data.
-- **key2**  UI interaction data.
-- **key20**  UI interaction data.
-- **key21**  UI interaction data.
-- **key22**  UI interaction data.
-- **key23**  UI interaction data.
-- **key24**  The interaction data for the user interface.
-- **key25**  The interaction data for the user interface.
-- **key26**  The interaction data for the user interface.
-- **key27**  The interaction data for the user interface.
-- **key28**  The interaction data for the user interface.
-- **key29**  UI interaction data.
-- **key3**  UI interaction data.
-- **key30**  UI interaction data.
-- **key4**  UI interaction data.
-- **key5**  UI interaction data.
-- **key6**  UI interaction data.
-- **key7**  UI interaction data.
-- **key8**  UI interaction data.
-- **key9**  UI interaction data.
-- **PackageVersion**  Current package version of the update notification.
-- **schema**  UI interaction type.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat
-
-This event is sent at the start of each campaign, to be used as a heartbeat. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Current campaign that is running on Update Notification Pipeline.
-- **ConfigCatalogVersion**  Current catalog version of Update Notification Pipeline.
-- **ContentVersion**  Content version for the current campaign on Update Notification Pipeline.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on Update Notification Pipeline.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current package version for Update Notification Pipeline.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerCleaningCampaign
-
-This event indicates that the Campaign Manager is cleaning up the campaign content. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  The current campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  The current catalog version of the Update Notification Pipeline (UNP).
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current UNP package version.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerGetIsCamppaignCompleteFailed
-
-This event is sent when a campaign completion status query fails. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Current campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **hresult**  HRESULT of the failure.
-- **PackageVersion**  Current UNP package version.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat
-
-This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Currently campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current UNP package version.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerRunCampaignFailed
-
-This event is sent when the Campaign Manager encounters an unexpected error while running the campaign. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Currently campaign that's running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **hresult**  HRESULT of the failure.
-- **PackageVersion**  Current UNP package version.
-
-
-## Upgrade events
-
-### FacilitatorTelemetry.DCATDownload
-
-This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
-
-
-
-### FacilitatorTelemetry.DUDownload
-
-This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### FacilitatorTelemetry.InitializeDU
-
-This event determines whether devices received additional or critical supplemental content during an OS upgrade. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.Downlevel
-
-This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ClientId**  If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the downlevel OS.
-- **HostOsSkuName**  The operating system edition which is running Setup360 instance (downlevel OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
-- **Setup360Result**  The result of Setup360 (HRESULT used to diagnose errors).
-- **Setup360Scenario**  The Setup360 flow type (for example, Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  An ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
-
-
-### Setup360Telemetry.Finalize
-
-This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  d
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.OsUninstall
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase or action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PostRebootInstall
-
-This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
-
-
-### Setup360Telemetry.PreDownloadQuiet
-
-This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous operating system).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreDownloadUX
-
-This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous operating system.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous operating system).
-- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PreInstallQuiet
-
-This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  Setup360 flow type (Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreInstallUX
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date.  Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type, Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.Setup360
-
-This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FieldName**  Retrieves the data point.
-- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
-- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **ReportId**  Retrieves the report ID.
-- **ScenarioId**  Retrieves the deployment scenario.
-- **Value**  Retrieves the value associated with the corresponding FieldName.
-
-
-### Setup360Telemetry.Setup360DynamicUpdate
-
-This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
-
-
-
-### Setup360Telemetry.Setup360MitigationResult
-
-This event sends data indicating the result of each setup mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.Setup360MitigationSummary
-
-This event sends a summary of all the setup mitigations available for this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Setup360Telemetry.Setup360OneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The Windows Update client ID passed to Setup.
-- **Count**  The count of applicable OneSettings for the device.
-- **FlightData**  The ID for the flight (test instance version).
-- **InstanceId**  The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
-- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
-- **ReportId**  The Update ID passed to Setup.
-- **Result**  The HResult of the event error.
-- **ScenarioId**  The update scenario ID.
-- **Values**  Values sent back to the device, if applicable.
-
-
-### Setup360Telemetry.UnexpectedEvent
-
-This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-## Windows as a Service diagnostic events
-
-### Microsoft.Windows.WaaSAssessment.Error
-
-This event returns the name of the missing setting needed to determine the Operating System build age. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **m**  The WaaS (“Workspace as a Service”—cloud-based “workspace”) Assessment Error String.
-
-
-### Microsoft.Windows.WaaSMedic.EngineFailed
-
-This event indicates failure during medic engine execution. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **hResult**  Error code from the execution.
-
-
-### Microsoft.Windows.WaaSMedic.RemediationFailed
-
-This event is sent when the WaaS Medic update stack remediation tool fails to apply a described resolution to a problem that is blocking Windows Update from operating correctly on a target device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **diagnostic**  Parameter where the resolution failed.
-- **hResult**  Error code that resulted from attempting the resolution.
-- **isRemediated**  Indicates whether the condition was remediated.
-- **pluginName**  Name of the attempted resolution.
-
-
-### Microsoft.Windows.WaaSMedic.Summary
-
-This event provides the results of the WaaSMedic diagnostic run. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **detectionSummary**  Result of each detection that ran
-- **featureAssessmentImpact**  Windows as a Service (WaaS) Assessment impact on feature updates
-- **insufficientSessions**  True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise
-- **isManaged**  Indicates the device is managed for updates
-- **isWUConnected**  Indicates the device is connected to Windows Update
-- **noMoreActions**  All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions
-- **qualityAssessmentImpact**  Windows as a Service (WaaS) Assessment impact for quality updates
-- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on
-- **usingBackupFeatureAssessment**  The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client
-- **usingBackupQualityAssessment**  The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client
-- **versionString**  Installed version of the WaaSMedic engine
-
-
-### Microsoft.Windows.WaaSMedic.SummaryEvent
-
-This event provides the result of the WaaSMedic operation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **detectionSummary**  Result of each applicable detection that was run.
-- **featureAssessmentImpact**  Windows as a Service (WaaS) Assessment impact on feature updates
-- **hrEngineResult**  Indicates the WaaSMedic engine operation error codes
-- **insufficientSessions**  True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise
-- **isManaged**  Indicates the device is managed for updates
-- **isWUConnected**  Indicates the device is connected to Windows Update
-- **noMoreActions**  All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions
-- **qualityAssessmentImpact**  Windows as a Service (WaaS) Assessment impact for quality updates
-- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
-- **usingBackupFeatureAssessment**  The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client
-- **usingBackupQualityAssessment**  The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client
-- **versionString**  Installed version of the WaaSMedic engine
-
-
-## Windows Error Reporting events
-
-### Microsoft.Windows.WERVertical.OSCrash
-
-This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
-
-The following fields are available:
-
-- **BootId**  Uint32 identifying the boot number for this device.
-- **BugCheckCode**  Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
-- **BugCheckParameter1**  Uint64 parameter providing additional information.
-- **BugCheckParameter2**  Uint64 parameter providing additional information.
-- **BugCheckParameter3**  Uint64 parameter providing additional information.
-- **BugCheckParameter4**  Uint64 parameter providing additional information.
-- **DumpFileAttributes**  Codes that identify the type of data contained in the dump file
-- **DumpFileSize**  Size of the dump file
-- **IsValidDumpFile**  True if the dump file is valid for the debugger, false otherwise
-- **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
-
-
-## Windows Store events
-
-### Microsoft.Windows.Store.Partner.ReportApplication
-
-This is report application event for Microsoft Store client. The data collected with this event is used to help keep Windows up to date and secure.
-
-
-
-### Microsoft.Windows.Store.StoreActivating
-
-This event sends tracking data about when the Store app activation via protocol URI is in progress, to help keep Windows up to date.
-
-The following fields are available:
-
-- **correlationVectorRoot**  Identifies multiple events within a session/sequence. Initial value before incrementation or extension.
-- **protocolUri**  Protocol URI used to activate the store.
-- **reason**  The reason for activating the store.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
-
-This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The Item Bundle ID.
-- **CategoryId**  The Item Category ID.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Was this a mandatory update?
-- **IsRemediation**  Was this a remediation install?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Flag indicating if this is an update.
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The product family name of the product being installed.
-- **ProductId**  The identity of the package or packages being installed.
-- **SystemAttemptNumber**  The total number of automatic attempts at installation before it was canceled.
-- **UserAttemptNumber**  The total number of user attempts at installation before it was canceled.
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
-
-This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
-
-This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
-
-This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all package or packages to be downloaded and installed.
-- **AttemptNumber**  Total number of installation attempts.
-- **BundleId**  The identity of the Windows Insider build that is associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this an automatic restore of a previously acquired product?
-- **IsUpdate**  Is this a product update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of all packages to be downloaded and installed.
-- **PreviousHResult**  The previous HResult code.
-- **PreviousInstallState**  Previous installation state before it was canceled.
-- **ProductId**  The name of the package or packages requested for installation.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  Total number of automatic attempts to install before it was canceled.
-- **UserAttemptNumber**  Total number of user attempts to install before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
-
-This event is sent at the end of the installs or updates. Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **CatalogId**  The Store Product ID of the app being installed.
-- **HResult**  HResult code of the action being performed.
-- **IsBundle**  Is this a bundle?
-- **PackageFamilyName**  The name of the package being installed.
-- **ProductId**  The Store Product ID of the product being installed.
-- **SkuId**  Specific edition of the item being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
-
-This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  Includes a set of package full names for each app that is part of an atomic set.
-- **AttemptNumber**  The total number of attempts to acquire this product.
-- **BundleId**  The bundle ID
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  HResult code to show the result of the operation (success/failure).
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Did the user initiate the installation?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this happening after a device restore?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to acquire this product.
-- **UserAttemptNumber**  The number of attempts by the user to acquire this product
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
-
-This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The identity of the Windows Insider build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **DownloadSize**  The total size of the download.
-- **ExtendedHResult**  Any extended HResult error codes.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this initiated by the user?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this a restore of a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  The Product Family Name of the app being download.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to download.
-- **UserAttemptNumber**  The number of attempts by the user to download.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
-
-This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
-
-This event is sent after sending the inventory of the products installed to determine whether updates for those products are available.  It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
-
-This event is sent after a product has been installed to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **ExtendedHResult**  The extended HResult error code.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this an interactive installation?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
-
-This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsApplicability**  Is this request to only check if there are any applicable packages to install?
-- **IsInteractive**  Is this user requested?
-- **IsOnline**  Is the request doing an online check?
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
-
-This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
-
-This event is sent after restoring user data (if any) that needs to be restored following a product install.  Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of system attempts.
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
-
-This event is sent after a scan for available app updates to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
-
-FulfillmentComplete event is fired at the end of an app install or update. We use this to track the very end of the install/update process. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps.
-
-The following fields are available:
-
-- **FailedRetry**  Tells us if the retry for an install or update was successful or not.
-- **HResult**  Resulting HResult error/success code of this call
-- **PFN**  Package Family Name of the app that being installed or updated
-- **ProductId**  Product Id of the app that is being updated or installed
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
-
-FulfillmentInitiate event is fired at the start of an app install or update.  We use this to track the very beginning of the install/update process. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps.
-
-The following fields are available:
-
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **ProductId**  The product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
-
-This event is sent when a product install or update is initiated. Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **BundleId**  The identity of the build associated with this product.
-- **CatalogId**  If this product is from a private catalog, the Store Product ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specific edition ID being installed.
-- **VolumePath**  The disk path of the installation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
-
-This event is sent when a product install or update is paused either by a user or the system. Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The Product Full Name.
-- **PreviousHResult**  The result code of the last action performed before this operation.
-- **PreviousInstallState**  Previous state before the installation or update was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
-
-This event is sent when a product install or update is resumed either by a user or the system. Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **IsUserRetry**  Did the user initiate the retry?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **PreviousHResult**  The previous HResult error code.
-- **PreviousInstallState**  Previous state before the installation was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector for the original install before it was resumed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
-
-This event is sent when a product install or update is resumed by a user and on install retries. Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **ProductId**  The Store Product ID for the product being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
-
-This event is sent when searching for update packages to install. Store Agent events are needed to help keep Windows Apps up to date and secure, like the Mail and Calendar Apps. App install or update failures can be unique across devices and without this data from every device we will not be able to track failures and fix future vulnerabilities related to these Windows Apps.
-
-The following fields are available:
-
-- **CatalogId**  The Store Catalog ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specfic edition of the app being updated.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
-
-This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **PFamN**  The name of the app that is requested for update.
-
-
-## Windows Update Delivery Optimization events
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
-
-This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download being done in the background?
-- **bytesFromCacheServer**  Bytes received from a cache host.
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same group.
-- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **callerName**  Name of the API caller.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **clientTelId**  A random number used for device sampling.
-- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **gCurMemoryStreamBytes**  Current usage for memory streaming.
-- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
-- **isVpn**  Indicates whether the device is connected to a VPN (Virtual Private Network).
-- **jobID**  Identifier for the Windows Update job.
-- **reasonCode**  Reason the action or event occurred.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the file download session.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
-
-This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **bytesFromCacheServer**  Bytes received from a cache host.
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same domain group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same domain group.
-- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **bytesRequested**  The total number of bytes requested for download.
-- **cacheServerConnectionCount**  Number of connections made to cache hosts.
-- **callerName**  Name of the API caller.
-- **cdnConnectionCount**  The total number of connections made to the CDN.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp**  The IP address of the source CDN.
-- **clientTelId**  A random number used for device sampling.
-- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downlinkBps**  The maximum measured available download bandwidth (in bytes per second).
-- **downlinkUsageBps**  The download speed (in bytes per second).
-- **downloadMode**  The download mode used for this file download session.
-- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **fileSize**  The size of the file being downloaded.
-- **gCurMemoryStreamBytes**  Current usage for memory streaming.
-- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
-- **groupConnectionCount**  The total number of connections made to peers in the same group.
-- **internetConnectionCount**  The total number of connections made to peers not in the same LAN or the same group.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **lanConnectionCount**  The total number of connections made to peers in the same LAN.
-- **numPeers**  The total number of peers used for this download.
-- **restrictedUpload**  Is the upload restricted?
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the download session.
-- **totalTimeMs**  Duration of the download (in seconds).
-- **updateID**  The ID of the update being downloaded.
-- **uplinkBps**  The maximum measured available upload bandwidth (in bytes per second).
-- **uplinkUsageBps**  The upload speed (in bytes per second).
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
-
-This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **callerName**  The name of the API caller.
-- **clientTelId**  A random number used for device sampling.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being paused.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **reasonCode**  The reason for pausing the download.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the download session.
-- **updateID**  The ID of the update being paused.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
-
-This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Indicates whether the download is happening in the background.
-- **bytesRequested**  Number of bytes requested for the download.
-- **callerName**  Name of the API caller.
-- **cdnUrl**  The URL of the source CDN.
-- **clientTelId**  Random number used for device selection
-- **costFlags**  A set of flags representing network cost.
-- **deviceProfile**  Identifies the usage or form factor (such as Desktop, Xbox, or VM).
-- **diceRoll**  Random number used for determining if a client will use peering.
-- **doClientVersion**  The version of the Delivery Optimization client.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downloadMode**  The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
-- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **errorCode**  The error code that was returned.
-- **experimentId**  ID used to correlate client/services calls that are part of the same test during A/B testing.
-- **fileID**  The ID of the file being downloaded.
-- **filePath**  The path to where the downloaded file will be written.
-- **fileSize**  Total file size of the file that was downloaded.
-- **fileSizeCaller**  Value for total file size provided by our caller.
-- **groupID**  ID for the group.
-- **isVpn**  Indicates whether the device is connected to a Virtual Private Network.
-- **jobID**  The ID of the Windows Update job.
-- **minDiskSizeGB**  The minimum disk size (in GB) policy set for the device to allow peering with delivery optimization.
-- **minDiskSizePolicyEnforced**  Indicates whether there is an enforced minimum disk size requirement for peering.
-- **minFileSizePolicy**  The minimum content file size policy to allow the download using peering with delivery optimization.
-- **peerID**  The ID for this delivery optimization client.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID for the file download session.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  Indicates whether the download used memory streaming.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
-
-This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cdnHeaders**  The HTTP headers returned by the CDN.
-- **cdnIp**  The IP address of the CDN.
-- **cdnUrl**  The URL of the CDN.
-- **clientTelId**  A random number used for device sampling.
-- **errorCode**  The error code that was returned.
-- **errorCount**  The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **httpStatusCode**  The HTTP status code returned by the CDN.
-- **isHeadRequest**  The type of  HTTP request that was sent to the CDN. Example: HEAD or GET
-- **peerType**  The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
-- **requestOffset**  The byte offset within the file in the sent request.
-- **requestSize**  The size of the range requested from the CDN.
-- **responseSize**  The size of the range response received from the CDN.
-- **sessionID**  The ID of the download session.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.JobError
-
-This event represents a Windows Update job error. It allows for investigation of top errors. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientTelId**  A random number used for device sampling.
-- **doErrorCode**  Error code returned for delivery optimization.
-- **errorCode**  The error code returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **jobID**  The Windows Update job ID.
-
-
-## Windows Update events
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit
-
-This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  The unique GUID for each diagnostics session.
-- **relatedCV**  A correlation vector value generated from the latest USO scan.
-- **result**  Outcome of the initialization of the session.
-- **scenarioId**  Identifies the Update scenario.
-- **sessionId**  The unique value for each update session.
-- **updateId**  The unique identifier for each Update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest
-
-This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deletedCorruptFiles**  Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  Unique value for each Update Agent mode.
-- **packageCountOptional**  Number of optional packages requested.
-- **packageCountRequired**  Number of required packages requested.
-- **packageCountTotal**  Total number of packages needed.
-- **packageCountTotalCanonical**  Total number of canonical packages.
-- **packageCountTotalDiff**  Total number of diff packages.
-- **packageCountTotalExpress**  Total number of express packages.
-- **packageSizeCanonical**  Size of canonical packages in bytes.
-- **packageSizeDiff**  Size of diff packages in bytes.
-- **packageSizeExpress**  Size of express packages in bytes
-- **rangeRequestState**  Represents the state of the download range request.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Result of the download request phase of update.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
-
-This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **flightMetadata**  Contains the FlightId and the build being flighted.
-- **objectId**  Unique value for each Update Agent mode.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall
-
-This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current install phase.
-- **flightId**  The unique identifier for each flight (pre-release builds).
-- **objectId**  Unique value for each diagnostics session.
-- **relatedCV**  Correlation vector value generated from the latest scan.
-- **result**  Outcome of the install phase of the update.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **sessionId**  Unique value for each update session.
-- **updateId**  Unique ID for each Update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario. The update scenario is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightId**  The unique identifier for each flight (pre-release builds).
-- **mode**  Indicates the active Update Agent mode.
-- **objectId**  Unique value for each diagnostics session.
-- **relatedCV**  Correlation vector value generated from the latest scan.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **sessionId**  The unique identifier for each update session.
-- **updateId**  The unique identifier for each Update.
-
-
-### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
-
-This event indicates that a notification dialog box is about to be displayed to user. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog
-
-This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog
-
-This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
-
-This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
-
-This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootSecondReminderDialog
-
-This event indicates that the second reminder dialog box was displayed for Enhanced Engaged restart. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootThirdReminderDialog
-
-This event indicates that the third reminder dialog box for Enhanced Engaged restart was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows secure and up-to-date by indicating when a reboot is scheduled by the system or a user for a security, quality, or feature update.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether an Active Hours policy is present on the device.
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  Indicates whether a restart is scheduled outside of active hours.
-- **rebootScheduledByUser**  Indicates whether the restart was scheduled by user (if not, it was scheduled automatically).
-- **rebootState**  The current state of the restart.
-- **revisionNumber**  Revision number of the update that is getting installed with this restart.
-- **scheduledRebootTime**  Time of the scheduled restart.
-- **scheduledRebootTimeInUTC**  Time of the scheduled restart in Coordinated Universal Time.
-- **updateId**  ID of the update that is getting installed with this restart.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
-
-This event indicates a policy is present that may restrict update activity to outside of active hours. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.Orchestrator.AttemptImmediateReboot
-
-This event sends data when the Windows Update Orchestrator is set to reboot immediately after installing the update. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours
-
-This event indicates that update activity was blocked because it is within the active hours window. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.Orchestrator.CommitFailed
-
-This event indicates that a device was unable to restart after an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code that was returned.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.Update.Orchestrator.DeferRestart
-
-This event indicates that a restart required for installing updates was postponed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **filteredDeferReason**  Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
-- **raisedDeferReason**  Indicates all potential reasons for postponing restart (such as user active, or low battery).
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Detection
-
-This event sends launch data for a Windows Update scan to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  The reason why the device could not check for updates.
-- **detectionBlockreason**  The reason detection did not complete.
-- **detectionRetryMode**  Indicates whether we will try to scan again.
-- **errorCode**  The error code returned for the current process.
-- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
-- **interactive**  Indicates whether the user initiated the session.
-- **revisionNumber**  The Update revision number.
-- **updateId**  The unique identifier of the Update.
-- **updateScenarioType**  Identifies the type of update session being performed.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
-
-This event indicates the reboot was postponed due to needing a display. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **displayNeededReason**  Reason the display is needed.
-- **eventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### Microsoft.Windows.Update.Orchestrator.Download
-
-This event sends launch data for a Windows Update download to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  Reason for download not completing.
-- **errorCode**  An error code represented as a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the session is user initiated.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
-
-This event sends data on whether the update was applicable to the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time when this event was generated.
-- **flightID**  The specific ID of the Windows Insider build.
-- **revisionNumber**  Update revision number.
-- **updateId**  Unique Windows Update ID.
-- **updateScenarioType**  Update session type.
-- **UpdateStatus**  Last status of update.
-- **UUPFallBackConfigured**  Indicates whether UUP fallback is configured.
-- **wuDeviceid**  Unique Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.GameActive
-
-This event indicates that an enabled GameMode process prevented the device from restarting to complete an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **gameModeReason**  Name of the enabled GameMode process that prevented the device from restarting to complete an update.
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
-
-This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time of the event.
-- **flightID**  Unique update ID
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Install
-
-This event sends launch data for a Windows Update install to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **errorCode**  The error code reppresented by a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The ID of the Windows Insider build the device is getting.
-- **flightUpdate**  Indicates whether the update is a Windows Insider build.
-- **ForcedRebootReminderSet**  A boolean value that indicates if a forced reboot will happen for updates.
-- **installCommitfailedtime**  The time it took for a reboot to happen but the upgrade failed to progress.
-- **installRebootinitiatetime**  The time it took for a reboot to be attempted.
-- **interactive**  Identifies if session is user initiated.
-- **minutesToCommit**  The time it took to install updates.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.LowUptimes
-
-This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **isLowUptimeMachine**  Is the machine considered low uptime or not.
-- **lowUptimeMinHours**  Current setting for the minimum number of hours needed to not be considered low uptime.
-- **lowUptimeQueryDays**  Current setting for the number of recent days to check for uptime.
-- **uptimeMinutes**  Number of minutes of uptime measured.
-- **wuDeviceid**  Unique device ID for Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
-
-This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **externalOneshotupdate**  The last time a task-triggered scan was completed.
-- **interactiveOneshotupdate**  The last time an interactive scan was completed.
-- **oldlastscanOneshotupdate**  The last time a scan completed successfully.
-- **wuDeviceid**  The Windows Update Device GUID (Globally-Unique ID).
-
-
-### Microsoft.Windows.Update.Orchestrator.PostInstall
-
-This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in megawatt-hours (mWh) or percentage left.
-- **bundleId**  The unique identifier associated with the specific content bundle.
-- **bundleRevisionnumber**  Identifies the revision number of the content bundle.
-- **errorCode**  The error code returned for the current phase.
-- **eventScenario**  State of update action.
-- **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
-- **sessionType**  The Windows Update session type (Interactive or Background).
-- **updateScenarioType**  Identifies the type of Update session being performed.
-- **wuDeviceid**  The unique device identifier used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged
-
-This event is sent when the options in power menu changed, usually due to an update pending reboot, or after a update is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
-
-This event is generated before the shutdown and commit operations. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### Microsoft.Windows.Update.Orchestrator.RebootFailed
-
-This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **EventPublishedTime**  The time that the reboot failure occurred.
-- **flightID**  Unique update ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot was scheduled outside of active hours.
-- **RebootResults**  Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RefreshSettings
-
-This event sends basic data about the version of upgrade settings applied to the system to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  Hex code for the error message, to allow lookup of the specific error.
-- **settingsDownloadTime**  Timestamp of the last attempt to acquire settings.
-- **settingsETag**  Version identifier for the settings.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
-
-This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **RebootTaskRestoredTime**  Time at which this reboot task was restored.
-- **wuDeviceid**  Device ID for the device on which the reboot is restored.
-
-
-### Microsoft.Windows.Update.Orchestrator.SystemNeeded
-
-This event sends data about why a device is unable to reboot, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  End-to-end update session ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **systemNeededReason**  List of apps or tasks that are preventing the system from restarting.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateInstallPause
-
-This event indicates the data sent when the device pauses an in-progress update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updateClassificationGUID**  The classification GUID for the update that was paused.
-- **updateId**  An update ID for the update that was paused.
-- **wuDeviceid**  A unique Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
-
-This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configuredPoliciescount**  Number of policies on the device.
-- **policiesNamevaluesource**  Policy name and source of policy (group policy, MDM or flight).
-- **policyCacherefreshtime**  Time when policy cache was refreshed.
-- **updateInstalluxsetting**  Indicates whether a user has set policies via a user experience option.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
-
-This event sends data about whether an update required a reboot to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
-
-This event sends information about an update that encountered problems and was not able to complete. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code encountered.
-- **wuDeviceid**  The ID of the device in which the error occurred.
-
-
-### Microsoft.Windows.Update.Orchestrator.USODiagnostics
-
-This event sends data on whether the state of the update attempt, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  result showing success or failure of current update
-- **LastApplicableUpdateFoundTime**  The time when the last applicable update was found.
-- **LastDownloadDeferredReason**  The last reason download was deferred.
-- **LastDownloadDeferredTime**  The time of the download deferral.
-- **LastDownloadFailureError**  The last download failure.
-- **LastDownloadFailureTime**  The time of the last download failure.
-- **LastInstallCompletedTime**  The time when the last successful install completed.
-- **LastInstallDeferredReason**  The reason the last install was deferred.
-- **LastInstallDeferredTime**  The time when the last install was deferred.
-- **LastInstallFailureError**  The error code associated with the last install failure.
-- **LastInstallFailureTime**  The time when the last install failed to complete.
-- **LastRebootDeferredReason**  The reason the last reboot was deferred.
-- **LastRebootDeferredTime**  The time when the last reboot was deferred.
-- **LastRebootPendingTime**  The time when the last reboot state was set to “Pending”.
-- **LastScanDeferredReason**  The reason the last scan was deferred.
-- **LastScanDeferredTime**  The time when the last scan was deferred.
-- **LastScanFailureError**  The error code for the last scan failure.
-- **LastScanFailureTime**  The time when the last scan failed.
-- **LastUpdateCheckTime**  The time of the last update check.
-- **LastUpdateDownloadTime**  The time when the last update was downloaded.
-- **LastUpgradeInstallFailureError**  The error code for the last upgrade install failure.
-- **LastUpgradeInstallFailureTime**  The time of the last upgrade install failure.
-- **LowUpTimeDetectTime**  The last time “low up-time” was detected.
-- **NoLowUpTimeDetectTime**  The last time no “low up-time” was detected.
-- **RebootRequired**  Indicates reboot is required.
-- **revisionNumber**  Unique revision number of the Update
-- **updateId**  Unique ID for Update
-- **updateState**  Progress within an update state
-- **UpgradeInProgressTime**  The amount of time a feature update has been in progress.
-- **WaaSFeatureAssessmentDays**  The number of days Feature Update Assessment has been out of date.
-- **WaaSFeatureAssessmentImpact**  The impact of the Feature Update Assessment.
-- **WaaSUpToDateAssessmentDays**  The number of days Quality Update Assessment has been out of date.
-- **WaaSUpToDateAssessmentImpact**  The impact of Quality Update Assessment.
-- **wuDeviceid**  Unique ID for Device
-
-
-### Microsoft.Windows.Update.Orchestrator.UsoSession
-
-This event represents the state of the USO service at start and completion. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeSessionid**  A unique session GUID.
-- **eventScenario**  The state of the update action.
-- **interactive**  Is the USO session interactive?
-- **lastErrorcode**  The last error that was encountered.
-- **lastErrorstate**  The state of the update when the last error was encountered.
-- **sessionType**  A GUID that refers to the update session type.
-- **updateScenarioType**  A descriptive update session type.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.Update.Orchestrator.UUPFallBack
-
-This event indicates that USO determined UUP needs to fall back. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  The current event time.
-- **UUPFallBackConfigured**  The fall back error code.
-- **UUPFallBackErrorReason**  The reason for fall back error.
-- **wuDeviceid**  A Windows Update device ID.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
-
-This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
-- **DeviceLocalTime**  The date and time (based on the device date/time settings) the reboot mode changed.
-- **EngagedModeLimit**  The number of days to switch between DTE (Direct-to-Engaged) dialogs.
-- **EnterAutoModeLimit**  The maximum number of days a device can enter Auto Reboot mode.
-- **ETag**  The Entity Tag that represents the OneSettings version.
-- **IsForcedEnabled**  Identifies whether Forced Reboot mode is enabled for the device.
-- **IsUltimateForcedEnabled**  Identifies whether Ultimate Forced Reboot mode is enabled for the device.
-- **OldestUpdateLocalTime**  The date and time (based on the device date/time settings) this update’s reboot began pending.
-- **RebootUxState**  Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
-- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
-- **SkipToAutoModeLimit**  The maximum number of days to switch to start while in Auto Reboot mode.
-- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
-- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
-
-This event is sent when a security update has successfully completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **UtcTime**  The Coordinated Universal Time that the restart was no longer needed.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootRequestReasonsToIgnore
-
-This event is sent when the reboot can be deferred based on some reasons, before reboot attempts. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Reason**  The reason sent which will cause the reboot to defer.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
-
-This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether Active Hours applies on this device.
-- **forcedReboot**  True, if a reboot is forced on the device. Otherwise, this is False
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  True, if a reboot is scheduled outside of active hours. False, otherwise.
-- **rebootScheduledByUser**  True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
-- **rebootState**  Current state of the reboot.
-- **revisionNumber**  Revision number of the OS.
-- **scheduledRebootTime**  Time scheduled for the reboot.
-- **scheduledRebootTimeInUTC**  Time scheduled for the reboot, in UTC.
-- **updateId**  Identifies which update is being scheduled.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot
-
-This event is fired the first time when the reboot is required. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask
-
-This event is sent when MUSE broker schedules a task. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **TaskArgument**  The arguments which the task is scheduled with
-- **TaskName**  Name of the task
-
-
-### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Is the restart respecting Active Hours?
-- **forcedReboot**  True, if a reboot is forced on the device. Otherwise, this is False
-- **rebootArgument**  The arguments that are passed to the OS for the restarted.
-- **rebootOutsideOfActiveHours**  Was the restart scheduled outside of Active Hours?
-- **rebootScheduledByUser**  Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
-- **rebootState**  The state of the restart.
-- **revisionNumber**  The revision number of the OS being updated.
-- **scheduledRebootTime**  Time of the scheduled reboot
-- **scheduledRebootTimeInUTC**  Time of the scheduled restart, in Coordinated Universal Time.
-- **updateId**  The Windows Update device GUID.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICOInteractionCampaignComplete
-
-This event is generated whenever a RUXIM user interaction campaign becomes complete. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that became complete.
-- **ResultId**  The final result of the interaction campaign.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ControlId**  String identifying the control (if any) that was selected by the user during presentation.
-- **hrInteractionHandler**  The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
-- **hrScheduler**  The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
-- **InteractionCampaignID**  The ID of the interaction campaign that was processed.
-- **ResultId**  The result of the evaluation/presentation.
-- **WasCompleted**  True if the interaction campaign is complete.
-- **WasPresented**  True if the Interaction Handler displayed the interaction campaign to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMICS.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncExit
-
-This event is sent when RUXIM completes checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **hrInitialize**  Error, if any, that occurred while initializing OneSettings.
-- **hrQuery**  Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncLaunch
-
-This event is sent when RUXIM begins checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
-
-This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **hrLocal**  The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
-- **hrPresentation**  The error (if any) reported by RUXIM Presentation Handler during presentation.
-- **InteractionCampaignID**  GUID; the user interaction campaign processed by RUXIM Interaction Handler.
-- **ResultId**  The result generated by the evaluation and presentation.
-- **WasCompleted**  True if the user interaction campaign is complete.
-- **WasPresented**  True if the user interaction campaign is displayed to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that RUXIMIH processed.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMIH.
-- **InteractionCampaignID**  GUID identifying the user interaction campaign that the Interaction Handler will process.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
-
-This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **HRESULT**  Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
-- **Id**  GUID passed in by the caller to identify the evaluation.
-- **NodeEvaluationData**  Structure showing the results of individual checks that occurred during the overall evaluation.
-- **Result**  Overall result generated by the evaluation.
-
-
-## Windows Update mitigation events
-
-### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
-
-This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The client ID used by Windows Update.
-- **FlightId**  The ID of each Windows Insider build the device received.
-- **InstanceId**  A unique device ID that identifies each update instance.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **MountedImageCount**  The number of mounted images.
-- **MountedImageMatches**  The number of mounted image matches.
-- **MountedImagesFailed**  The number of mounted images that could not be removed.
-- **MountedImagesRemoved**  The number of mounted images that were successfully removed.
-- **MountedImagesSkipped**  The number of mounted images that were not found.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each Windows Update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-## Windows Update Reserve Manager events
-
-### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
-
-This event returns data about the Update Reserve Manager, including whether it’s been initialized. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-## Winlogon events
-
-### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
-
-This event signals the completion of the setup process. It happens only once during the first logon.
-
-
-
-## XBOX events
-
-### Microsoft.Xbox.XamTelemetry.AppActivationError
-
-This event indicates whether the system detected an activation error in the app.
-
-
-
-### Microsoft.Xbox.XamTelemetry.AppActivity
-
-This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
deleted file mode 100644
index 9a5fa7bcfb..0000000000
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ /dev/null
@@ -1,8235 +0,0 @@
----
-description: Learn more about the Windows 10, version 1803 diagnostic data gathered at the basic level.
-title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10)
-ms.service: windows-client
-ms.subservice: itpro-privacy
-localizationpriority: medium
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 03/27/2017
-ms.topic: reference
----
-
-
-# Windows 10, version 1803 basic level Windows diagnostic events and fields
-
- **Applies to**
-
-- Windows 10, version 1803
-
-
-The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
-
-The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-
-Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
-
-You can learn more about Windows functional and diagnostic data through these articles:
-
-- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
-- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
-- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
-
-
-## Appraiser events
-
-### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
-
-This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **DatasourceApplicationFile_RS1**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS5**  The count of the number of this particular object type present on this device.
-- **DatasourceDevicePnp_RS1**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS5**  The count of the number of this particular object type present on this device.
-- **DatasourceDriverPackage_RS1**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS5**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
-- **DatasourceSystemBios_RS1**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS5**  The count of the number of this particular object type present on this device.
-- **DatasourceSystemBios_RS5Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS1**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionDevicePnp_RS1**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionDriverPackage_RS1**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS5**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_RS1**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionSystemBios_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS5**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
-- **DecisionSystemBios_RS5Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_RS1**  The total number of objects of this type present on this device.
-- **InventoryApplicationFile**  The total number of objects of this type present on this device.
-- **InventoryLanguagePack**  The total number of objects of this type present on this device.
-- **InventoryMediaCenter**  The total number of objects of this type present on this device.
-- **InventorySystemBios**  The total number of objects of this type present on this device.
-- **InventoryTest**  The total number of objects of this type present on this device.
-- **InventoryUplevelDriverPackage**  The total number of objects of this type present on this device.
-- **PCFP**  The total number of objects of this type present on this device.
-- **SystemMemory**  The total number of objects of this type present on this device.
-- **SystemProcessorCompareExchange**  The total number of objects of this type present on this device.
-- **SystemProcessorLahfSahf**  The total number of objects of this type present on this device.
-- **SystemProcessorNx**  The total number of objects of this type present on this device.
-- **SystemProcessorPrefetchW**  The total number of objects of this type present on this device.
-- **SystemProcessorSse2**  The total number of objects of this type present on this device.
-- **SystemTouch**  The total number of objects of this type present on this device.
-- **SystemWim**  The total number of objects of this type present on this device.
-- **SystemWindowsActivationStatus**  The total number of objects of this type present on this device.
-- **SystemWlan**  The total number of objects of this type present on this device.
-- **Wmdrm_RS1**  The total number of objects of this type present on this device.
-- **Wmdrm_RS3**  The total number of objects of this type present on this device.
-- **Wmdrm_RS5**  The count of the number of this particular object type present on this device.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
-
-This event represents the basic metadata about specific application files installed on the system. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **AvDisplayName**  If the app is an antivirus app, this is its display name.
-- **CompatModelIndex**  The compatibility prediction for this file.
-- **HasCitData**  Indicates whether the file is present in CIT data.
-- **HasUpgradeExe**  Indicates whether the anti-virus app has an upgrade.exe file.
-- **IsAv**  Is the file an antivirus reporting EXE?
-- **ResolveAttempted**  This will always be an empty string when sending diagnostic data.
-- **SdbEntries**  An array of fields that indicates the SDB entries that apply to this file.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
-
-This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
-
-This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
-
-This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **ActiveNetworkConnection**  Indicates whether the device is an active network device.
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **IsBootCritical**  Indicates whether the device boot is critical.
-- **WuDriverCoverage**  Indicates whether there is a driver uplevel for this device, according to Windows Update.
-- **WuDriverUpdateId**  The Windows Update ID of the applicable uplevel driver.
-- **WuPopulatedFromId**  The expected uplevel driver matching ID based on driver coverage from Windows Update.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
-
-This event indicates that the DatasourceDevicePnp object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
-
-This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
-
-This event sends compatibility database data about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
-
-This event indicates that the DatasourceDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
-
-This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
-
-This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
-
-This event indicates that the DataSourceMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
-
-This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events has completed being sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
-
-This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
-
-This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
-
-This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
-
-This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
-
-This event sends compatibility database information about the BIOS to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
-
-This event indicates that the DatasourceSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
-
-This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
-
-This event sends compatibility decision data about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **BlockAlreadyInbox**  The uplevel runtime block on the file already existed on the current OS.
-- **BlockingApplication**  Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
-- **DisplayGenericMessage**  Will a generic message be shown for this file?
-- **DisplayGenericMessageGated**  Indicates whether a generic message will be shown for this file.
-- **HardBlock**  This file is blocked in the SDB.
-- **HasUxBlockOverride**  Does the file have a block that is overridden by a tag in the SDB?
-- **MigApplication**  Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
-- **MigRemoval**  Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
-- **NeedsDismissAction**  Will the file cause an action that can be dismissed?
-- **NeedsInstallPostUpgradeData**  After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
-- **NeedsNotifyPostUpgradeData**  Does the file have a notification that should be shown after upgrade?
-- **NeedsReinstallPostUpgradeData**  After upgrade, this file will have a post-upgrade notification to reinstall the app.
-- **NeedsUninstallAction**  The file must be uninstalled to complete the upgrade.
-- **SdbBlockUpgrade**  The file is tagged as blocking upgrade in the SDB,
-- **SdbBlockUpgradeCanReinstall**  The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
-- **SdbBlockUpgradeUntilUpdate**  The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
-- **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
-- **SoftBlock**  The file is softblocked in the SDB and has a warning.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-
-This event indicates that the DecisionApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
-
-This event indicates that a new set of DecisionApplicationFileAdd events will be sent. This event is used to make compatibility decisions about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
-
-This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **AssociatedDriverIsBlocked**  Is the driver associated with this PNP device blocked?
-- **AssociatedDriverWillNotMigrate**  Will the driver associated with this plug-and-play device migrate?
-- **BlockAssociatedDriver**  Should the driver associated with this PNP device be blocked?
-- **BlockingDevice**  Is this PNP device blocking upgrade?
-- **BlockUpgradeIfDriverBlocked**  Is the PNP device both boot critical and does not have a driver included with the OS?
-- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork**  Is this PNP device the only active network device?
-- **DisplayGenericMessage**  Will a generic message be shown during Setup for this PNP device?
-- **DisplayGenericMessageGated**  Indicates whether a generic message will be shown during Setup for this PNP device.
-- **DriverAvailableInbox**  Is a driver included with the operating system for this PNP device?
-- **DriverAvailableOnline**  Is there a driver for this PNP device on Windows Update?
-- **DriverAvailableUplevel**  Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden**  Is there is a driver block on the device that has been overridden?
-- **NeedsDismissAction**  Will the user would need to dismiss a warning during Setup for this device?
-- **NotRegressed**  Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
-- **SdbDeviceBlockUpgrade**  Is there an SDB block on the PNP device that blocks upgrade?
-- **SdbDriverBlockOverridden**  Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
-
-This event Indicates that the DecisionDevicePnp object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
-
-This event indicates that a new set of DecisionDevicePnpAdd events will be sent. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
-
-This event sends decision data about driver package compatibility to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for this driver package.
-- **DriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-- **DriverIsDeviceBlocked**  Was the driver package was blocked because of a device block?
-- **DriverIsDriverBlocked**  Is the driver package blocked because of a driver block?
-- **DriverShouldNotMigrate**  Should the driver package be migrated during upgrade?
-- **SdbDriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
-
-This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
-
-The DecisionDriverPackageStartSync event indicates that a new set of DecisionDriverPackageAdd events will be sent. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
-
-This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **BlockingApplication**  Are there are any application issues that interfere with upgrade due to matching info blocks?
-- **DisplayGenericMessage**  Will a generic message be shown for this block?
-- **NeedsUninstallAction**  Does the user need to take an action in setup due to a matching info block?
-- **SdbBlockUpgrade**  Is a matching info block blocking upgrade?
-- **SdbBlockUpgradeCanReinstall**  Is a matching info block blocking upgrade, but has the can reinstall tag?
-- **SdbBlockUpgradeUntilUpdate**  Is a matching info block blocking upgrade but has the until update tag?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove
-
-This event indicates that the DecisionMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
-
-This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
-
-This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Are there any application issues that interfere with upgrade due to matching info blocks?
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown due to matching info blocks.
-- **MigApplication**  Is there a matching info block with a mig for the current mode of upgrade?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove
-
-This event Indicates that the DecisionMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
-
-This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **NeedsInstallPostUpgradeData**  Will the file have a notification after upgrade to install a replacement for the app?
-- **NeedsNotifyPostUpgradeData**  Should a notification be shown for this file after upgrade?
-- **NeedsReinstallPostUpgradeData**  Will the file have a notification after upgrade to reinstall the app?
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
-
-This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
-
-This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **BlockingApplication**  Is there any application issues that interfere with upgrade due to Windows Media Center?
-- **MediaCenterActivelyUsed**  If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
-- **MediaCenterIndicators**  Do any indicators imply that Windows Media Center is in active use?
-- **MediaCenterInUse**  Is Windows Media Center actively being used?
-- **MediaCenterPaidOrActivelyUsed**  Is Windows Media Center actively being used or is it running on a supported edition?
-- **NeedsDismissAction**  Are there any actions that can be dismissed coming from Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
-
-This event indicates that the DecisionMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
-
-This event indicates that a new set of DecisionMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
-
-This event sends compatibility decision data about the BIOS to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device blocked from upgrade due to a BIOS block?
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for the bios.
-- **HasBiosBlock**  Does the device have a BIOS block?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
-
-This event indicates that the DecisionSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
-
-This event indicates that a new set of DecisionSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.GatedRegChange
-
-This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
-
-The following fields are available:
-
-- **NewData**  The data in the registry value after the scan completed.
-- **OldData**  The previous data in the registry value before the scan ran.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **RegKey**  The registry key name for which a result is being sent.
-- **RegValue**  The registry value for which a result is being sent.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
-
-This event represents the basic metadata about a file on the system.  The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **AvDisplayName**  If the app is an antivirus app, this is its display name.
-- **AvProductState**  Indicates whether the antivirus program is turned on and the signatures are up to date.
-- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
-- **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
-- **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
-- **BoeProgramId**  If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
-- **CompanyName**  The company name of the vendor who developed this file.
-- **FileId**  A hash that uniquely identifies a file.
-- **FileVersion**  The File version field from the file metadata under Properties -> Details.
-- **HasUpgradeExe**  Indicates whether the antivirus app has an upgrade.exe file.
-- **IsAv**  Indicates whether the file an antivirus reporting EXE.
-- **LinkDate**  The date and time that this file was linked on.
-- **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
-- **Name**  The name of the file that was inventoried.
-- **ProductName**  The Product name field from the file metadata under Properties -> Details.
-- **ProductVersion**  The Product version field from the file metadata under Properties -> Details.
-- **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
-- **Size**  The size of the file (in hexadecimal bytes).
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
-
-This event indicates that the InventoryApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
-
-This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **HasLanguagePack**  Indicates whether this device has 2 or more language packs.
-- **LanguagePackCount**  The number of language packs are installed.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
-
-This event indicates that the InventoryLanguagePack object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
-
-This event indicates that a new set of InventoryLanguagePackAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
-
-This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **EverLaunched**  Has Windows Media Center ever been launched?
-- **HasConfiguredTv**  Has the user configured a TV tuner through Windows Media Center?
-- **HasExtendedUserAccounts**  Are any Windows Media Center Extender user accounts configured?
-- **HasWatchedFolders**  Are any folders configured for Windows  Media Center to watch?
-- **IsDefaultLauncher**  Is Windows Media Center the default app for opening music or video files?
-- **IsPaid**  Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
-- **IsSupported**  Does the running OS support Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
-
-This event indicates that the InventoryMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
-
-This event indicates that a new set of InventoryMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
-
-This event sends basic metadata about the BIOS to determine whether it has a compatibility block. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BiosDate**  The release date of the BIOS in UTC format.
-- **BiosName**  The name field from Win32_BIOS.
-- **Manufacturer**  The manufacturer field from Win32_ComputerSystem.
-- **Model**  The model field from Win32_ComputerSystem.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
-
-This event indicates that the InventorySystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
-
-This event indicates that a new set of InventorySystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
-
-This event runs only during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. It is critical in understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BootCritical**  Is the driver package marked as boot critical?
-- **Build**  The build value from the driver package.
-- **CatalogFile**  The name of the catalog file within the driver package.
-- **Class**  The device class from the driver package.
-- **ClassGuid**  The device class unique ID from the driver package.
-- **Date**  The date from the driver package.
-- **Inbox**  Is the driver package of a driver that is included with Windows?
-- **OriginalName**  The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
-- **Provider**  The provider of the driver package.
-- **PublishedName**  The name of the INF file after it was renamed.
-- **Revision**  The revision of the driver package.
-- **SignatureStatus**  Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
-- **VersionMajor**  The major version of the driver package.
-- **VersionMinor**  The minor version of the driver package.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
-
-This event indicates that the InventoryUplevelDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
-
-This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.RunContext
-
-This event is sent at the beginning of an appraiser run, the RunContext indicates what should be expected in the following data payload. This event is used with the other Appraiser events to make compatibility decisions to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the currently running version of Appraiser was built.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Context**  Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
-
-This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device from upgrade due to memory restrictions?
-- **MemoryRequirementViolated**  Was a memory requirement violated?
-- **pageFile**  The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
-- **ram**  The amount of memory on the device.
-- **ramKB**  The amount of memory (in KB).
-- **virtual**  The size of the user-mode portion of the virtual address space of the calling process (in bytes).
-- **virtualKB**  The amount of virtual memory (in KB).
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
-
-This event that the SystemMemory object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
-
-This event indicates that a new set of SystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
-
-This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **CompareExchange128Support**  Does the CPU support CompareExchange128?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
-
-This event indicates that the SystemProcessorCompareExchange object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
-
-This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
-
-This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **LahfSahfSupport**  Does the CPU support LAHF/SAHF?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
-
-This event indicates that the SystemProcessorLahfSahf object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
-
-This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
-
-This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **NXDriverResult**  The result of the driver used to do a non-deterministic check for NX support.
-- **NXProcessorSupport**  Does the processor support NX?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
-
-This event indicates that the SystemProcessorNx object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
-
-This event  indicates that a new set of SystemProcessorNxAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
-
-This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **PrefetchWSupport**  Does the processor support PrefetchW?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
-
-This event indicates that the SystemProcessorPrefetchW object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
-
-This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
-
-This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **SSE2ProcessorSupport**  Does the processor support SSE2?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
-
-This event indicates that the SystemProcessorSse2 object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
-
-This event indicates that a new set of SystemProcessorSse2Add events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchAdd
-
-This event sends data indicating whether the system supports touch, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IntegratedTouchDigitizerPresent**  Is there an integrated touch digitizer?
-- **MaximumTouches**  The maximum number of touch points supported by the device hardware.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchRemove
-
-This event indicates that the SystemTouch object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
-
-This event indicates that a new set of SystemTouchAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimAdd
-
-This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IsWimBoot**  Is the current operating system running from a compressed WIM file?
-- **RegistryWimBootValue**  The raw value from the registry that is used to indicate if the device is running from a WIM.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimRemove
-
-This event indicates that the SystemWim object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimStartSync
-
-This event indicates that a new set of SystemWimAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
-
-This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **WindowsIsLicensedApiValue**  The result from the API that's used to indicate if operating system is activated.
-- **WindowsNotActivatedDecision**  Is the current operating system activated?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusEndSync
-
-This event indicates that a full set of SystemWindowsActivationStatusAdd events has succeeded in being sent. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
-
-This event indicates that the SystemWindowsActivationStatus object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
-
-This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanAdd
-
-This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked because of an emulated WLAN driver?
-- **HasWlanBlock**  Does the emulated WLAN driver have an upgrade block?
-- **WlanEmulatedDriver**  Does the device have an emulated WLAN driver?
-- **WlanExists**  Does the device support WLAN at all?
-- **WlanModulePresent**  Are any WLAN modules present?
-- **WlanNativeDriver**  Does the device have a non-emulated WLAN driver?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanRemove
-
-This event indicates that the SystemWlan object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
-
-This event indicates that a new set of SystemWlanAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
-
-This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the version of Appraiser that is running was built.
-- **AppraiserDataVersion**  The version of the data files being used by the Appraiser diagnostic data run.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
-- **AuxFinal**  Obsolete, always set to false.
-- **AuxInitial**  Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
-- **DeadlineDate**  A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
-- **EnterpriseRun**  Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
-- **FullSync**  Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
-- **InboxDataVersion**  The original version of the data files before retrieving any newer version.
-- **IndicatorsWritten**  Indicates if all relevant UEX indicators were successfully written or updated.
-- **InventoryFullSync**  Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **PerfBackoff**  Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
-- **PerfBackoffInsurance**  Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
-- **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
-- **RunDate**  The date that the diagnostic data run was stated, expressed as a filetime.
-- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
-- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and therefore is making decisions using up-to-date driver coverage information.
-- **RunResult**  The result of the Appraiser diagnostic data run.
-- **SendingUtc**  Indicates whether the Appraiser client is sending events during the current diagnostic data run.
-- **StoreHandleIsNotNull**  Obsolete, always set to false
-- **TelementrySent**  Indicates whether diagnostic data was successfully sent.
-- **ThrottlingUtc**  Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
-- **Time**  The client time of the event.
-- **VerboseMode**  Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
-- **WhyFullSyncWithoutTablePrefix**  Indicates the reason or reasons that a full sync was generated.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmAdd
-
-This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Same as NeedsDismissAction.
-- **NeedsDismissAction**  Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
-- **WmdrmApiResult**  Raw value of the API used to gather DRM state.
-- **WmdrmCdRipped**  Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
-- **WmdrmIndicators**  WmdrmCdRipped OR WmdrmPurchased.
-- **WmdrmInUse**  WmdrmIndicators AND dismissible block in setup was not dismissed.
-- **WmdrmNonPermanent**  Indicates if the system has any files with non-permanent licenses.
-- **WmdrmPurchased**  Indicates if the system has any files with permanent licenses.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmRemove
-
-This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmStartSync
-
-The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-## Census events
-
-### Census.App
-
-This event sends version data about the Apps running on this device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserEnterpriseErrorCode**  The error code of the last Appraiser enterprise run.
-- **AppraiserErrorCode**  The error code of the last Appraiser run.
-- **AppraiserRunEndTimeStamp**  The end time of the last Appraiser run.
-- **AppraiserRunIsInProgressOrCrashed**  Flag that indicates if the Appraiser run is in progress or has crashed.
-- **AppraiserRunStartTimeStamp**  The start time of the last Appraiser run.
-- **AppraiserTaskEnabled**  Whether the Appraiser task is enabled.
-- **AppraiserTaskExitCode**  The Appraiser task exist code.
-- **AppraiserTaskLastRun**  The last runtime for the Appraiser task.
-- **CensusVersion**  The version of Census that generated the current data for this device.
-- **IEVersion**  The version of Internet Explorer that is running on the device.
-
-
-### Census.Azure
-
-This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **CloudCoreBuildEx**  The Azure CloudCore build number.
-- **CloudCoreSupportBuildEx**  The Azure CloudCore support build number.
-- **NodeID**  The node identifier on the device that indicates whether the device is part of the Azure fleet.
-- **PartA_PrivTags**  The privacy tags associated with the event.
-
-
-### Census.Battery
-
-This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalBatteryCapablities**  Represents information about what the battery is capable of doing.
-- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
-- **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
-- **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
-- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
-
-
-### Census.Enterprise
-
-This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AADDeviceId**  Azure Active Directory device ID.
-- **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
-- **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
-- **CDJType**  Represents the type of cloud domain joined for the machine.
-- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
-- **ContainerType**  The type of container, such as process or virtual machine hosted.
-- **EnrollmentType**  Defines the type of MDM enrollment on the device.
-- **HashedDomain**  The hashed representation of the user domain used for login.
-- **IsCloudDomainJoined**  Is this device joined to an Azure Active Directory (AAD) tenant? true/false
-- **IsDERequirementMet**  Represents if the device can do device encryption.
-- **IsDeviceProtected**  Represents if Device protected by BitLocker/Device Encryption
-- **IsDomainJoined**  Indicates whether a machine is joined to a domain.
-- **IsEDPEnabled**  Represents if Enterprise data protected on the device.
-- **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
-- **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
-- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
-- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
-
-
-### Census.Firmware
-
-This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FirmwareManufacturer**  Represents the manufacturer of the device's firmware (BIOS).
-- **FirmwareReleaseDate**  Represents the date the current firmware was released.
-- **FirmwareType**  Represents the firmware type. The various types can be unknown, BIOS, UEFI.
-- **FirmwareVersion**  Represents the version of the current firmware.
-
-
-### Census.Flighting
-
-This event sends Windows Insider data from customers participating in improvement testing and feedback programs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceSampleRate**  The telemetry sample rate assigned to the device.
-- **EnablePreviewBuilds**  Used to enable Windows Insider builds on a device.
-- **FlightIds**  A list of the different Windows Insider builds on this device.
-- **FlightingBranchName**  The name of the Windows Insider branch currently used by the device.
-- **IsFlightsDisabled**  Represents if the device is participating in the Windows Insider program.
-- **MSA_Accounts**  Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
-- **SSRK**  Retrieves the mobile targeting settings.
-
-
-### Census.Hardware
-
-This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActiveMicCount**  The number of active microphones attached to the device.
-- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
-- **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
-- **D3DMaxFeatureLevel**  Supported Direct3D version.
-- **DeviceColor**  Indicates a color of the device.
-- **DeviceForm**  Indicates the form as per the device classification.
-- **DeviceName**  The device name that is set by the user.
-- **DigitizerSupport**  Is a digitizer supported?
-- **DUID**  The device unique ID.
-- **Gyroscope**  Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
-- **InventoryId**  The device ID used for compatibility testing.
-- **Magnetometer**  Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
-- **NFCProximity**  Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
-- **OEMDigitalMarkerFileName**  The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
-- **OEMManufacturerName**  The device manufacturer name.  The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
-- **OEMModelBaseBoard**  The baseboard model used by the OEM.
-- **OEMModelBaseBoardVersion**  Differentiates between developer and retail devices.
-- **OEMModelName**  The device model name.
-- **OEMModelNumber**  The device model number.
-- **OEMModelSKU**  The device edition that is defined by the manufacturer.
-- **OEMModelSystemFamily**  The system family set on the device by an OEM.
-- **OEMModelSystemVersion**  The system model version set on the device by the OEM.
-- **OEMOptionalIdentifier**  A Microsoft assigned value that represents a specific OEM subsidiary.
-- **OEMSerialNumber**  The serial number of the device that is set by the manufacturer.
-- **PhoneManufacturer**  The friendly name of the phone manufacturer.
-- **PowerPlatformRole**  The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
-- **SoCName**  The firmware manufacturer of the device.
-- **StudyID**  Used to identify retail and non-retail device.
-- **TelemetryLevel**  The telemetry level the user has opted into, such as Basic or Enhanced.
-- **TelemetryLevelLimitEnhanced**  The telemetry level for Windows Analytics-based solutions.
-- **TelemetrySettingAuthority**  Determines who set the telemetry level, such as GP, MDM, or the user.
-- **TPMVersion**  The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
-- **VoiceSupported**  Does the device have a cellular radio capable of making voice calls?
-
-
-### Census.Memory
-
-This event sends data about the memory on the device, including ROM and RAM. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **TotalPhysicalRAM**  Represents the physical memory (in MB).
-- **TotalVisibleMemory**  Represents the memory that is not reserved by the system.
-
-
-### Census.Network
-
-This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors). The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **IMEI0**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **IMEI1**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **MCC0**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MCC1**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MEID**  Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
-- **MNC0**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MNC1**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MobileOperatorBilling**  Represents the telephone company that provides services for mobile phone users.
-- **MobileOperatorCommercialized**  Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
-- **MobileOperatorNetwork0**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **MobileOperatorNetwork1**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **NetworkAdapterGUID**  The GUID of the primary network adapter.
-- **NetworkCost**  Represents the network cost associated with a connection.
-- **SPN0**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-- **SPN1**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-
-
-### Census.OS
-
-This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActivationChannel**  Retrieves the retail license key or Volume license key for a machine.
-- **AssignedAccessStatus**  Kiosk configuration mode.
-- **CompactOS**  Indicates if the Compact OS feature from Win10 is enabled.
-- **DeveloperUnlockStatus**  Represents if a device has been developer unlocked by the user or Group Policy.
-- **DeviceTimeZone**  The time zone that is set on the device. Example: Pacific Standard Time
-- **GenuineState**  Retrieves the ID Value specifying the OS Genuine check.
-- **InstallationType**  Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
-- **InstallLanguage**  The first language installed on the user machine.
-- **IsDeviceRetailDemo**  Retrieves if the device is running in demo mode.
-- **IsEduData**  Returns Boolean if the education data policy is enabled.
-- **IsPortableOperatingSystem**  Retrieves whether OS is running Windows-To-Go
-- **IsSecureBootEnabled**  Retrieves whether Boot chain is signed under UEFI.
-- **LanguagePacks**  The list of language packages installed on the device.
-- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
-- **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
-- **OSEdition**  Retrieves the version of the current OS.
-- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc.
-- **OSOOBEDateTime**  Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
-- **OSSKU**  Retrieves the Friendly Name of OS Edition.
-- **OSSubscriptionStatus**  Represents the existing status for enterprise subscription feature for PRO machines.
-- **OSSubscriptionTypeId**  Returns boolean for enterprise subscription feature for selected PRO machines.
-- **OSTimeZoneBiasInMins**  Retrieves the time zone set on machine.
-- **OSUILocale**  Retrieves the locale of the UI that is currently used by the OS.
-- **ProductActivationResult**  Returns Boolean if the OS Activation was successful.
-- **ProductActivationTime**  Returns the OS Activation time for tracking piracy issues.
-- **ProductKeyID2**  Retrieves the License key if the machine is updated with a new license key.
-- **RACw7Id**  Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
-- **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
-- **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
-- **ServiceProductKeyID**  Retrieves the License key of the KMS
-- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.ration EnableSharedPCMode.
-- **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
-- **SLICStatus**  Whether a SLIC table exists on the device.
-- **SLICVersion**  Returns OS type/version from SLIC table.
-
-
-### Census.PrivacySettings
-
-This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values:  -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **Activity**  Current state of the activity history setting.
-- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
-- **ActivityHistoryCollection**  Current state of the activity history collection setting.
-- **AdvertisingId**  Current state of the advertising ID setting.
-- **AppDiagnostics**  Current state of the app diagnostics setting.
-- **Appointments**  Current state of the calendar setting.
-- **Bluetooth**  Current state of the Bluetooth capability setting.
-- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
-- **BroadFileSystemAccess**  Current state of the broad file system access setting.
-- **CellularData**  Current state of the cellular data capability setting.
-- **Chat**  Current state of the chat setting.
-- **Contacts**  Current state of the contacts setting.
-- **DocumentsLibrary**  Current state of the documents library setting.
-- **Email**  Current state of the email setting.
-- **FindMyDevice**  Current state of the "find my device" setting.
-- **GazeInput**  Current state of the gaze input setting.
-- **HumanInterfaceDevice**  Current state of the human interface device setting.
-- **InkTypeImprovement**  Current state of the improve inking and typing setting.
-- **Location**  Current state of the location setting.
-- **LocationHistory**  Current state of the location history setting.
-- **Microphone**  Current state of the microphone setting.
-- **PhoneCall**  Current state of the phone call setting.
-- **PhoneCallHistory**  Current state of the call history setting.
-- **PicturesLibrary**  Current state of the pictures library setting.
-- **Radios**  Current state of the radios setting.
-- **SensorsCustom**  Current state of the custom sensor setting.
-- **SerialCommunication**  Current state of the serial communication setting.
-- **Sms**  Current state of the text messaging setting.
-- **SpeechPersonalization**  Current state of the speech services setting.
-- **USB**  Current state of the USB setting.
-- **UserAccountInformation**  Current state of the account information setting.
-- **UserDataTasks**  Current state of the tasks setting.
-- **UserNotificationListener**  Current state of the notifications setting.
-- **VideosLibrary**  Current state of the videos library setting.
-- **Webcam**  Current state of the camera setting.
-- **WiFiDirect**  Current state of the Wi-Fi direct setting.
-
-
-### Census.Processor
-
-This event sends data about the processor. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **KvaShadow**  This is the micro code information of the processor.
-- **MMSettingOverride**  Microcode setting of the processor.
-- **MMSettingOverrideMask**  Microcode setting override of the processor.
-- **PreviousUpdateRevision**  Previous microcode revision.
-- **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system.
-- **ProcessorClockSpeed**  Clock speed of the processor in MHz.
-- **ProcessorCores**  Number of logical cores in the processor.
-- **ProcessorIdentifier**  Processor Identifier of a manufacturer.
-- **ProcessorManufacturer**  Name of the processor manufacturer.
-- **ProcessorModel**  Name of the processor model.
-- **ProcessorPhysicalCores**  Number of physical cores in the processor.
-- **ProcessorUpdateRevision**  The microcode revision.
-- **ProcessorUpdateStatus**  Enum value that represents the processor microcode load status.
-- **SocketCount**  Count of CPU sockets.
-- **SpeculationControl**  Indicates whether the system has enabled protections needed to validate the speculation control vulnerability.
-
-
-### Census.Security
-
-This event provides information about security settings. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AvailableSecurityProperties**  This field helps to enumerate and report state on the relevant security properties for Device Guard.
-- **CGRunning**  Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
-- **DGState**  This field summarizes the Device Guard state.
-- **HVCIRunning**  Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
-- **IsSawGuest**  Indicates whether the device is running as a Secure Admin Workstation Guest.
-- **IsSawHost**  Indicates whether the device is running as a Secure Admin Workstation Host.
-- **RequiredSecurityProperties**  Describes the required security properties to enable virtualization-based security.
-- **SecureBootCapable**  Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
-- **SModeState**  The Windows S mode trail state.
-- **VBSState**  Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation.  VBS has a tri-state that can be Disabled, Enabled, or Running.
-
-
-### Census.Speech
-
-This event is used to gather basic speech settings on the device. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AboveLockEnabled**  Cortana setting that represents if Cortana can be invoked when the device is locked.
-- **GPAllowInputPersonalization**  Indicates if a Group Policy setting has enabled speech functionalities.
-- **HolographicSpeechInputDisabled**  Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
-- **HolographicSpeechInputDisabledRemote**  Indicates if a remote policy has disabled speech functionalities for the HMD devices.
-- **KWSEnabled**  Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
-- **MDMAllowInputPersonalization**  Indicates if an MDM policy has enabled speech functionalities.
-- **RemotelyManaged**  Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
-- **SpeakerIdEnabled**  Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
-- **SpeechServicesEnabled**  Windows setting that represents whether a user is opted-in for speech services on the device.
-
-
-### Census.Storage
-
-This event sends data about the total capacity of the system volume and primary disk. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PrimaryDiskTotalCapacity**  Retrieves the amount of disk space on the primary disk of the device in MB.
-- **PrimaryDiskType**  Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
-- **SystemVolumeTotalCapacity**  Retrieves the size of the partition that the System volume is installed on in MB.
-
-
-### Census.Userdefault
-
-This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultApp**  The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
-- **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
-
-
-### Census.UserDisplay
-
-This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalPrimaryDisplayLogicalDPIX**  Retrieves the logical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayLogicalDPIY**  Retrieves the logical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIX**  Retrieves the physical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIY**  Retrieves the physical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayResolutionHorizontal**  Retrieves the number of pixels in the horizontal direction of the internal display.
-- **InternalPrimaryDisplayResolutionVertical**  Retrieves the number of pixels in the vertical direction of the internal display.
-- **InternalPrimaryDisplaySizePhysicalH**  Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches.
-- **InternalPrimaryDisplaySizePhysicalY**  Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
-- **NumberofExternalDisplays**  Retrieves the number of external displays connected to the machine
-- **NumberofInternalDisplays**  Retrieves the number of internal displays in a machine.
-- **VRAMDedicated**  Retrieves the video RAM in MB.
-- **VRAMDedicatedSystem**  Retrieves the amount of memory on the dedicated video card.
-- **VRAMSharedSystem**  Retrieves the amount of RAM memory that the video card can use.
-
-
-### Census.UserNLS
-
-This event sends data about the default app language, input, and display language preferences set by the user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultAppLanguage**  The current user Default App Language.
-- **DisplayLanguage**  The current user preferred Windows Display Language.
-- **HomeLocation**  The current user location, which is populated using GetUserGeoId() function.
-- **KeyboardInputLanguages**  The Keyboard input languages installed on the device.
-- **SpeechInputLanguages**  The Speech Input languages installed on the device.
-
-
-### Census.UserPrivacySettings
-
-This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **Activity**  Current state of the activity history setting.
-- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
-- **ActivityHistoryCollection**  Current state of the activity history collection setting.
-- **AdvertisingId**  Current state of the advertising ID setting.
-- **AppDiagnostics**  Current state of the app diagnostics setting.
-- **Appointments**  Current state of the calendar setting.
-- **Bluetooth**  Current state of the Bluetooth capability setting.
-- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
-- **BroadFileSystemAccess**  Current state of the broad file system access setting.
-- **CellularData**  Current state of the cellular data capability setting.
-- **Chat**  Current state of the chat setting.
-- **Contacts**  Current state of the contacts setting.
-- **DocumentsLibrary**  Current state of the documents library setting.
-- **Email**  Current state of the email setting.
-- **GazeInput**  Current state of the gaze input setting.
-- **HumanInterfaceDevice**  Current state of the human interface device setting.
-- **InkTypeImprovement**  Current state of the improve inking and typing setting.
-- **InkTypePersonalization**  Current state of the inking and typing personalization setting.
-- **Location**  Current state of the location setting.
-- **LocationHistory**  Current state of the location history setting.
-- **Microphone**  Current state of the microphone setting.
-- **PhoneCall**  Current state of the phone call setting.
-- **PhoneCallHistory**  Current state of the call history setting.
-- **PicturesLibrary**  Current state of the pictures library setting.
-- **Radios**  Current state of the radios setting.
-- **SensorsCustom**  Current state of the custom sensor setting.
-- **SerialCommunication**  Current state of the serial communication setting.
-- **Sms**  Current state of the text messaging setting.
-- **SpeechPersonalization**  Current state of the speech services setting.
-- **USB**  Current state of the USB setting.
-- **UserAccountInformation**  Current state of the account information setting.
-- **UserDataTasks**  Current state of the tasks setting.
-- **UserNotificationListener**  Current state of the notifications setting.
-- **VideosLibrary**  Current state of the videos library setting.
-- **Webcam**  Current state of the camera setting.
-- **WiFiDirect**  Current state of the Wi-Fi direct setting.
-
-
-### Census.VM
-
-This event sends data indicating whether virtualization is enabled on the device, and its various characteristics. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CloudService**  Indicates which cloud service, if any, that this virtual machine is running within.
-- **HyperVisor**  Retrieves whether the current OS is running on top of a Hypervisor.
-- **IOMMUPresent**  Represents if an input/output memory management unit (IOMMU) is present.
-- **IsVDI**  Is the device using Virtual Desktop Infrastructure?
-- **IsVirtualDevice**  Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
-- **SLATSupported**  Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
-- **VirtualizationFirmwareEnabled**  Represents whether virtualization is enabled in the firmware.
-
-
-### Census.WU
-
-This event sends data about the Windows update server and other App store policies. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserGatedStatus**  Indicates whether a device has been gated for upgrading.
-- **AppStoreAutoUpdate**  Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
-- **AppStoreAutoUpdateMDM**  Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
-- **AppStoreAutoUpdatePolicy**  Retrieves the Microsoft Store App Auto Update group policy setting
-- **DelayUpgrade**  Retrieves the Windows upgrade flag for delaying upgrades.
-- **OSAssessmentFeatureOutOfDate**  How many days has it been since the last feature update was released but the device did not install it?
-- **OSAssessmentForFeatureUpdate**  Is the device is on the latest feature update?
-- **OSAssessmentForQualityUpdate**  Is the device on the latest quality update?
-- **OSAssessmentForSecurityUpdate**  Is the device  on the latest security update?
-- **OSAssessmentQualityOutOfDate**  How many days has it been since a the last quality update was released but the device did not install it?
-- **OSAssessmentReleaseInfoTime**  The freshness of release information used to perform an assessment.
-- **OSRollbackCount**  The number of times feature updates have rolled back on the device.
-- **OSRolledBack**  A flag that represents when a feature update has rolled back during setup.
-- **OSUninstalled**  A flag that represents when a feature update is uninstalled on a device .
-- **OSWUAutoUpdateOptions**  Retrieves the auto update settings on the device.
-- **OSWUAutoUpdateOptionsSource**  The source of auto update setting that appears in the OSWUAutoUpdateOptions field.  For example: Group Policy (GP), Mobile Device Management (MDM), and Default.
-- **UninstallActive**  A flag that represents when a device has uninstalled a previous upgrade recently.
-- **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
-- **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
-- **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
-- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
-- **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
-- **WUPauseState**  Retrieves Windows Update setting to determine if updates are paused.
-- **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
-
-
-### Census.Xbox
-
-This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date.
-
-The following fields are available:
-
-- **XboxConsolePreferredLanguage**  Retrieves the preferred language selected by the user on Xbox console.
-- **XboxConsoleSerialNumber**  Retrieves the serial number of the Xbox console.
-- **XboxLiveDeviceId**  Retrieves the unique device ID of the console.
-- **XboxLiveSandboxId**  Retrieves the developer sandbox ID if the device is internal to Microsoft.
-
-
-## Common data extensions
-
-### Common Data Extensions.app
-
-Describes the properties of the running application. This extension could be populated by a client app or a web app.
-
-The following fields are available:
-
-- **asId**  An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
-- **env**  The environment from which the event was logged.
-- **expId**  Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
-- **id**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
-- **locale**  The locale of the app.
-- **name**  The name of the app.
-- **userId**  The userID as known by the application.
-- **ver**  Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
-
-
-### Common Data Extensions.container
-
-Describes the properties of the container for events logged within a container.
-
-The following fields are available:
-
-- **epoch**  An ID that's incremented for each SDK initialization.
-- **localId**  The device ID as known by the client.
-- **osVer**  The operating system version.
-- **seq**  An ID that's incremented for each event.
-- **type**  The container type. Examples: Process or VMHost
-
-
-### Common Data Extensions.cs
-
-Describes properties related to the schema of the event.
-
-The following fields are available:
-
-- **sig**  A common schema signature that identifies new and modified event schemas.
-
-
-### Common Data Extensions.device
-
-Describes the device-related fields.
-
-The following fields are available:
-
-- **deviceClass**  The device classification. For example, Desktop, Server, or Mobile.
-- **localId**  A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
-- **make**  Device manufacturer.
-- **model**  Device model.
-
-
-### Common Data Extensions.Envelope
-
-Represents an envelope that contains all of the common data extensions.
-
-The following fields are available:
-
-- **cV**  Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
-- **data**  Represents the optional unique diagnostic data for a particular event schema.
-- **ext_app**  Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
-- **ext_container**  Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
-- **ext_cs**  Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
-- **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
-- **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_sdk**  Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
-- **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
-- **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
-- **ext_xbl**  Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
-- **flags**  Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
-- **iKey**  Represents an ID for applications or other logical groupings of events.
-- **name**  Represents the uniquely qualified name for the event.
-- **popSample**  Represents the effective sample rate for this event at the time it was generated by a client.
-- **time**  Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
-- **ver**  Represents the major and minor version of the extension.
-
-
-### Common Data Extensions.os
-
-Describes some properties of the operating system.
-
-The following fields are available:
-
-- **bootId**  An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
-- **expId**  Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
-- **locale**  Represents the locale of the operating system.
-- **name**  Represents the operating system name.
-- **ver**  Represents the major and minor version of the extension.
-
-
-### Common Data Extensions.sdk
-
-Used by platform specific libraries to record fields that are required for a specific SDK.
-
-The following fields are available:
-
-- **epoch**  An ID that is incremented for each SDK initialization.
-- **installId**  An ID that's created during the initialization of the SDK for the first time.
-- **libVer**  The SDK version.
-- **seq**  An ID that is incremented for each event.
-
-
-### Common Data Extensions.user
-
-Describes the fields related to a user.
-
-The following fields are available:
-
-- **authId**  This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
-- **locale**  The language and region.
-- **localId**  Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
-
-
-### Common Data Extensions.utc
-
-Describes the properties that could be populated by a logging library on Windows.
-
-The following fields are available:
-
-- **aId**  Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
-- **bSeq**  Upload buffer sequence number in the format: buffer identifier:sequence number
-- **cat**  Represents a bitmask of the ETW Keywords associated with the event.
-- **cpId**  The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
-- **epoch**  Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
-- **flags**  Represents the bitmap that captures various Windows specific flags.
-- **mon**  Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
-- **op**  Represents the ETW Op Code.
-- **raId**  Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
-- **seq**  Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
-- **stId**  Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
-
-
-### Common Data Extensions.xbl
-
-Describes the fields that are related to XBOX Live.
-
-The following fields are available:
-
-- **claims**  Any additional claims whose short claim name hasn't been added to this structure.
-- **did**  XBOX device ID
-- **dty**  XBOX device type
-- **dvr**  The version of the operating system on the device.
-- **eid**  A unique ID that represents the developer entity.
-- **exp**  Expiration time
-- **ip**  The IP address of the client device.
-- **nbf**  Not before time
-- **pid**  A comma separated list of PUIDs listed as base10 numbers.
-- **sbx**  XBOX sandbox identifier
-- **sid**  The service instance ID.
-- **sty**  The service type.
-- **tid**  The XBOX Live title ID.
-- **tvr**  The XBOX Live title version.
-- **uts**  A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
-- **xid**  A list of base10-encoded XBOX User IDs.
-
-
-## Common data fields
-
-### Ms.Device.DeviceInventoryChange
-
-Describes the installation state for all hardware and software components available on a particular device.
-
-The following fields are available:
-
-- **action**  The change that was invoked on a device inventory object.
-- **inventoryId**  Device ID used for Compatibility testing
-- **objectInstanceId**  Object identity which is unique within the device scope.
-- **objectType**  Indicates the object type that the event applies to.
-- **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
-
-
-## Compatibility events
-
-### Microsoft.Windows.Compatibility.Apphelp.SdbFix
-
-Product instrumentation for helping debug/troubleshoot issues with inbox compatibility components. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AppName**  Name of the application impacted by SDB.
-- **FixID**  SDB GUID.
-- **Flags**  List of flags applied.
-- **ImageName**  Name of file.
-
-
-## Component-based Servicing events
-
-### CbsServicingProvider.CbsCapabilityEnumeration
-
-This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date.
-
-The following fields are available:
-
-- **architecture**  Indicates the scan was limited to the specified architecture.
-- **capabilityCount**  The number of optional content packages found during the scan.
-- **clientId**  The name of the application requesting the optional content.
-- **duration**  The amount of time it took to complete the scan.
-- **hrStatus**  The HReturn code of the scan.
-- **language**  Indicates the scan was limited to the specified language.
-- **majorVersion**  Indicates the scan was limited to the specified major version.
-- **minorVersion**  Indicates the scan was limited to the specified minor version.
-- **namespace**  Indicates the scan was limited to packages in the specified namespace.
-- **sourceFilter**  A bitmask indicating the scan checked for locally available optional content.
-- **stackBuild**  The build number of the servicing stack.
-- **stackMajorVersion**  The major version number of the servicing stack.
-- **stackMinorVersion**  The minor version number of the servicing stack.
-- **stackRevision**  The revision number of the servicing stack.
-
-
-### CbsServicingProvider.CbsCapabilitySessionFinalize
-
-This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **capabilities**  The names of the optional content packages that were installed.
-- **clientId**  The name of the application requesting the optional content.
-- **currentID**  The ID of the current install session.
-- **highestState**  The highest final install state of the optional content.
-- **hrLCUReservicingStatus**  Indicates whether the optional content was updated to the latest available version.
-- **hrStatus**  The HReturn code of the install operation.
-- **rebootCount**  The number of reboots required to complete the install.
-- **retryID**  The session ID that will be used to retry a failed operation.
-- **retryStatus**  Indicates whether the install will be retried in the event of failure.
-- **stackBuild**  The build number of the servicing stack.
-- **stackMajorVersion**  The major version number of the servicing stack.
-- **stackMinorVersion**  The minor version number of the servicing stack.
-- **stackRevision**  The revision number of the servicing stack.
-
-
-### CbsServicingProvider.CbsCapabilitySessionPended
-
-This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
-
-The following fields are available:
-
-- **clientId**  The name of the application requesting the optional content.
-- **pendingDecision**  Indicates the cause of reboot, if applicable.
-
-
-### CbsServicingProvider.CbsPackageRemoval
-
-This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
-
-The following fields are available:
-
-- **buildVersion**  The build number of the security update being uninstalled.
-- **clientId**  The name of the application requesting the uninstall.
-- **currentStateEnd**  The final state of the update after the operation.
-- **failureDetails**  Information about the cause of a failure, if applicable.
-- **failureSourceEnd**  The stage during the uninstall where the failure occurred.
-- **hrStatusEnd**  The overall exit code of the operation.
-- **initiatedOffline**  Indicates if the uninstall was initiated for a mounted Windows image.
-- **majorVersion**  The major version number of the security update being uninstalled.
-- **minorVersion**  The minor version number of the security update being uninstalled.
-- **originalState**  The starting state of the update before the operation.
-- **pendingDecision**  Indicates the cause of reboot, if applicable.
-- **primitiveExecutionContext**  The state during system startup when the uninstall was completed.
-- **revisionVersion**  The revision number of the security update being uninstalled.
-- **transactionCanceled**  Indicates whether the uninstall was canceled.
-
-
-### CbsServicingProvider.CbsQualityUpdateInstall
-
-This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
-
-The following fields are available:
-
-- **buildVersion**  The build version number of the update package.
-- **clientId**  The name of the application requesting the optional content.
-- **corruptionHistoryFlags**  A bitmask of the types of component store corruption that have caused update failures on the device.
-- **corruptionType**  An enumeration listing the type of data corruption responsible for the current update failure.
-- **currentStateEnd**  The final state of the package after the operation has completed.
-- **doqTimeSeconds**  The time in seconds spent updating drivers.
-- **executeTimeSeconds**  The number of seconds required to execute the install.
-- **failureDetails**  The driver or installer that caused the update to fail.
-- **failureSourceEnd**  An enumeration indicating at what phase of the update a failure occurred.
-- **hrStatusEnd**  The return code of the install operation.
-- **initiatedOffline**  A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
-- **majorVersion**  The major version number of the update package.
-- **minorVersion**  The minor version number of the update package.
-- **originalState**  The starting state of the package.
-- **overallTimeSeconds**  The time (in seconds) to perform the overall servicing operation.
-- **PartA_PrivTags**  The privacy tags associated with the event.
-- **planTimeSeconds**  The time in seconds required to plan the update operations.
-- **poqTimeSeconds**  The time in seconds processing file and registry operations.
-- **postRebootTimeSeconds**  The time (in seconds) to do startup processing for the update.
-- **preRebootTimeSeconds**  The time (in seconds) between execution of the installation and the reboot.
-- **primitiveExecutionContext**  An enumeration indicating at what phase of shutdown or startup the update was installed.
-- **rebootCount**  The number of reboots required to install the update.
-- **rebootTimeSeconds**  The time (in seconds) before startup processing begins for the update.
-- **resolveTimeSeconds**  The time in seconds required to resolve the packages that are part of the update.
-- **revisionVersion**  The revision version number of the update package.
-- **rptTimeSeconds**  The time in seconds spent executing installer plugins.
-- **shutdownTimeSeconds**  The time (in seconds) required to do shutdown processing for the update.
-- **stackRevision**  The revision number of the servicing stack.
-- **stageTimeSeconds**  The time (in seconds) required to stage all files that are part of the update.
-
-
-### CbsServicingProvider.CbsSelectableUpdateChangeV2
-
-This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
-
-The following fields are available:
-
-- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
-- **buildVersion**  The build version of the package being installed.
-- **clientId**  The name of the application requesting the optional content change.
-- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
-- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
-- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
-- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
-- **hrDownloadResult**  The return code of the download operation.
-- **hrStatusUpdate**  The return code of the servicing operation.
-- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
-- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
-- **majorVersion**  The major version of the package being installed.
-- **minorVersion**  The minor version of the package being installed.
-- **packageArchitecture**  The architecture of the package being installed.
-- **packageLanguage**  The language of the package being installed.
-- **packageName**  The name of the package being installed.
-- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
-- **revisionVersion**  The revision number of the package being installed.
-- **stackBuild**  The build number of the servicing stack binary performing the installation.
-- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
-- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
-- **stackRevision**  The revision number of the servicing stack binary performing the installation.
-- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
-- **updateStartState**  A value indicating the state of the optional content before the operation started.
-- **updateTargetState**  A value indicating the desired state of the optional content.
-
-
-## Deployment extensions
-
-### DeploymentTelemetry.Deployment_End
-
-This event indicates that a Deployment 360 API has completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of the user utilizing the D360 API.
-- **ErrorCode**  Error code of action.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Mode**  Phase in upgrade.
-- **RelatedCV**  The correction vector (CV) of any other related events
-- **Result**  End result of the action.
-
-
-### DeploymentTelemetry.Deployment_Initialize
-
-This event indicates that the Deployment 360 APIs have been initialized for use. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of user utilizing the D360 API.
-- **ErrorCode**  Error code of the action.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **RelatedCV**  The correlation vector of any other related events.
-- **Result**  End result of the action.
-
-
-### DeploymentTelemetry.Deployment_SetupBoxLaunch
-
-This event indicates that the Deployment 360 APIs have launched Setup Box. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The client ID of the user utilizing the D360 API.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Quiet**  Whether Setup will run in quiet mode or full mode.
-- **RelatedCV**  The correlation vector (CV) of any other related events.
-- **SetupMode**  The current setup phase.
-
-
-### DeploymentTelemetry.Deployment_SetupBoxResult
-
-This event indicates that the Deployment 360 APIs have received a return from Setup Box. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of the user utilizing the D360 API.
-- **ErrorCode**  Error code of the action.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Quiet**  Indicates whether Setup will run in quiet mode or full mode.
-- **RelatedCV**  The correlation vector (CV) of any other related events.
-- **SetupMode**  The current Setup phase.
-
-
-### DeploymentTelemetry.Deployment_Start
-
-This event indicates that a Deployment 360 API has been called. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of the user utilizing the D360 API.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Mode**  The current phase of the upgrade.
-- **RelatedCV**  The correlation vector (CV) of any other related events.
-
-
-## Diagnostic data events
-
-### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
-
-This event is fired by UTC at state transitions to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if we can add MSA PUID and CID to telemetry, false otherwise.
-- **CanCollectAnyTelemetry**  True if we are allowed to collect partner telemetry, false otherwise.
-- **CanCollectCoreTelemetry**  True if we can collect CORE/Basic telemetry, false otherwise.
-- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
-- **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
-- **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
-- **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
-- **CanPerformTraceEscalations**  True if we can perform trace escalation collection, false otherwise.
-- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
-- **PreviousPermissions**  Bitmask of previous telemetry state.
-- **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
-
-
-### TelClientSynthetic.AuthorizationInfo_Startup
-
-This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if we can add MSA PUID and CID to telemetry, false otherwise.
-- **CanCollectAnyTelemetry**  True if we are allowed to collect partner telemetry, false otherwise.
-- **CanCollectCoreTelemetry**  True if we can collect CORE/Basic telemetry, false otherwise.
-- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
-- **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
-- **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
-- **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
-- **CanPerformTraceEscalations**  True if we can perform trace escalation collection, false otherwise.
-- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
-- **PreviousPermissions**  Bitmask of previous telemetry state.
-- **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
-
-
-### TelClientSynthetic.ConnectivityHeartBeat_0
-
-This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network. This event is fired by UTC during periods of no network as a heartbeat signal, to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CensusExitCode**  Last exit code of the Census task.
-- **CensusStartTime**  Time of last Census run.
-- **CensusTaskEnabled**  True if Census is enabled, false otherwise.
-- **LastConnectivityLossTime**  The FILETIME at which the last free network loss occurred.
-- **NetworkState**  The network state of the device.
-- **NoNetworkTime**  Retrieves the time spent with no network (since the last time) in seconds.
-- **RestrictedNetworkTime**  The total number of seconds with restricted network during this heartbeat period.
-
-
-### TelClientSynthetic.HeartBeat_5
-
-This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
-
-The following fields are available:
-
-- **AgentConnectionErrorsCount**  Number of non-timeout errors associated with the host/agent channel.
-- **CensusExitCode**  The last exit code of the Census task.
-- **CensusStartTime**  Time of last Census run.
-- **CensusTaskEnabled**  True if Census is enabled, false otherwise.
-- **CompressedBytesUploaded**  Number of compressed bytes uploaded.
-- **ConsumerDroppedCount**  Number of events dropped at consumer layer of telemetry client.
-- **CriticalDataDbDroppedCount**  Number of critical data sampled events dropped at the database layer.
-- **CriticalDataThrottleDroppedCount**  The number of critical data sampled events that were dropped because of throttling.
-- **CriticalOverflowEntersCounter**  Number of times critical overflow mode was entered in event DB.
-- **DbCriticalDroppedCount**  Total number of dropped critical events in event DB.
-- **DbDroppedCount**  Number of events dropped due to DB fullness.
-- **DbDroppedFailureCount**  Number of events dropped due to DB failures.
-- **DbDroppedFullCount**  Number of events dropped due to DB fullness.
-- **DecodingDroppedCount**  Number of events dropped due to decoding failures.
-- **EnteringCriticalOverflowDroppedCounter**  Number of events dropped due to critical overflow mode being initiated.
-- **EtwDroppedBufferCount**  Number of buffers dropped in the UTC ETW session.
-- **EtwDroppedCount**  Number of events dropped at ETW layer of telemetry client.
-- **EventsPersistedCount**  Number of events that reached the PersistEvent stage.
-- **EventSubStoreResetCounter**  Number of times event DB was reset.
-- **EventSubStoreResetSizeSum**  Total size of event DB across all resets reports in this instance.
-- **EventsUploaded**  Number of events uploaded.
-- **Flags**  Flags indicating device state such as network state, battery state, and opt-in state.
-- **FullTriggerBufferDroppedCount**  Number of events dropped due to trigger buffer being full.
-- **HeartBeatSequenceNumber**  The sequence number of this heartbeat.
-- **InvalidHttpCodeCount**  Number of invalid HTTP codes received from contacting Vortex.
-- **LastAgentConnectionError**  Last non-timeout error encountered in the host/agent channel.
-- **LastEventSizeOffender**  Event name of last event which exceeded max event size.
-- **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
-- **MaxActiveAgentConnectionCount**  The maximum number of active agents during this heartbeat timeframe.
-- **MaxInUseScenarioCounter**  Soft maximum number of scenarios loaded by UTC.
-- **PreviousHeartBeatTime**  Time of last heartbeat event (allows chaining of events).
-- **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
-- **SettingsHttpFailures**  The number of failures from contacting the OneSettings service.
-- **ThrottledDroppedCount**  Number of events dropped due to throttling of noisy providers.
-- **UploaderDroppedCount**  Number of events dropped at the uploader layer of telemetry client.
-- **VortexFailuresTimeout**  The number of timeout failures received from Vortex.
-- **VortexHttpAttempts**  Number of attempts to contact Vortex.
-- **VortexHttpFailures4xx**  Number of 400-499 error codes received from Vortex.
-- **VortexHttpFailures5xx**  Number of 500-599 error codes received from Vortex.
-- **VortexHttpResponseFailures**  Number of Vortex responses that are not 2XX or 400.
-- **VortexHttpResponsesWithDroppedEvents**  Number of Vortex responses containing at least 1 dropped event.
-
-
-### TelClientSynthetic.HeartBeat_Aria_5
-
-This event is the telemetry client ARIA heartbeat.
-
-The following fields are available:
-
-- **CompressedBytesUploaded**  Number of compressed bytes uploaded.
-- **CriticalDataDbDroppedCount**  Number of critical data sampled events dropped at the database layer.
-- **CriticalOverflowEntersCounter**  Number of times critical overflow mode was entered in event database.
-- **DbCriticalDroppedCount**  Total number of dropped critical events in event database.
-- **DbDroppedCount**  Number of events dropped at the database layer.
-- **DbDroppedFailureCount**  Number of events dropped due to database failures.
-- **DbDroppedFullCount**  Number of events dropped due to database being full.
-- **EnteringCriticalOverflowDroppedCounter**  Number of events dropped due to critical overflow mode being initiated.
-- **EventsPersistedCount**  Number of events that reached the PersistEvent stage.
-- **EventSubStoreResetCounter**  Number of times event database was reset.
-- **EventSubStoreResetSizeSum**  Total size of event database across all resets reports in this instance.
-- **EventsUploaded**  Number of events uploaded.
-- **HeartBeatSequenceNumber**  The sequence number of this heartbeat.
-- **InvalidHttpCodeCount**  Number of invalid HTTP codes received from contacting Vortex.
-- **LastEventSizeOffender**  Event name of last event which exceeded max event size.
-- **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
-- **PreviousHeartBeatTime**  The FILETIME of the previous heartbeat fire.
-- **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
-- **SettingsHttpFailures**  Number of failures from contacting OneSettings service.
-- **UploaderDroppedCount**  Number of events dropped at the uploader layer of telemetry client.
-- **VortexFailuresTimeout**  Number of time out failures received from Vortex.
-- **VortexHttpAttempts**  Number of attempts to contact Vortex.
-- **VortexHttpFailures4xx**  Number of 400-499 error codes received from Vortex.
-- **VortexHttpFailures5xx**  Number of 500-599 error codes received from Vortex.
-- **VortexHttpResponseFailures**  Number of Vortex responses that are not 2XX or 400.
-- **VortexHttpResponsesWithDroppedEvents**  Number of Vortex responses containing at least 1 dropped event.
-
-
-## Direct to update events
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability
-
-This event indicates that the Coordinator CheckApplicability call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicabilityResult**  Result of CheckApplicability function.
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess
-
-This event indicates that the Coordinator Cleanup call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess
-
-This event indicates that the Coordinator Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure
-
-This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Download call that will be ignored. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess
-
-This event indicates that the Coordinator Download call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator HandleShutdown call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinate version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownSuccess
-
-This event indicates that the Coordinator HandleShutdown call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Initialize call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess
-
-This event indicates that the Coordinator Initialize call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Install call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure
-
-This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess
-
-This event indicates that the Coordinator Install call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack
-
-This event indicates that the Coordinator's progress callback has been called. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **DeployPhase**  Current Deploy Phase.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadyGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator SetCommitReady call.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess
-
-This event indicates that the Coordinator SetCommitReady call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator WaitForRebootUi call.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiNotShown
-
-This event indicates that the Coordinator WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection
-
-This event indicates that the user selected an option on the Reboot UI. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **rebootUiSelection**  Selection on the Reboot UI.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess
-
-This event indicates that the Coordinator WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicability call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-- **CV_new**  New correlation vector
-- **hResult**  HRESULT of the failure
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicabilityInternal call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess
-
-This event indicates that the Handler CheckApplicabilityInternal call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicabilityResult**  The result of the applicability check.
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess
-
-This event indicates that the Handler CheckApplicability call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicabilityResult**  The result code indicating whether the update is applicable.
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **CV_new**  New correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckIfCoordinatorMinApplicableVersion call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-- **hResult**  HRESULT of the failure
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess
-
-This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **CheckIfCoordinatorMinApplicableVersionResult**  Result of CheckIfCoordinatorMinApplicableVersion function.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **CV_new**  New correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess
-
-This event indicates that the Handler Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **CV_new**  New correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabAlreadyDownloaded
-
-This event indicates that the Handler Download and Extract cab returned a value indicating that the cab has already been downloaded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure
-
-This event indicates that the Handler Download and Extract cab call failed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **DownloadAndExtractCabFunction_failureReason**  Reason why the update download and extract process failed.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess
-
-This event indicates that the Handler Download and Extract cab call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess
-
-This event indicates that the Handler Download call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **DownloadAndExtractCabFunction_hResult**  HRESULT of the download and extract.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess
-
-This event indicates that the Handler Initialize call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **DownloadAndExtractCabFunction_hResult**  HRESULT of the download and extraction.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess
-
-This event indicates that the Coordinator Install call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadyGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler SetCommitReady call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-- **hResult**  HRESULT of the failure
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess
-
-This event indicates that the Handler SetCommitReady call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaigning being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  The HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess
-
-This event indicates that the Handler WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-## DxgKernelTelemetry events
-
-### DxgKrnlTelemetry.GPUAdapterInventoryV2
-
-This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
-
-The following fields are available:
-
-- **AdapterTypeValue**  The numeric value indicating the type of Graphics adapter.
-- **aiSeqId**  The event sequence ID.
-- **bootId**  The system boot ID.
-- **BrightnessVersionViaDDI**  The version of the Display Brightness Interface.
-- **ComputePreemptionLevel**  The maximum preemption level supported by GPU for compute payload.
-- **DedicatedSystemMemoryB**  The amount of system memory dedicated for GPU use (in bytes).
-- **DedicatedVideoMemoryB**  The amount of dedicated VRAM of the GPU (in bytes).
-- **DisplayAdapterLuid**  The display adapter LUID.
-- **DriverDate**  The date of the display driver.
-- **DriverRank**  The rank of the display driver.
-- **DriverVersion**  The display driver version.
-- **DX10UMDFilePath**  The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
-- **DX11UMDFilePath**  The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
-- **DX12UMDFilePath**  The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
-- **DX9UMDFilePath**  The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
-- **GPUDeviceID**  The GPU device ID.
-- **GPUPreemptionLevel**  The maximum preemption level supported by GPU for graphics payload.
-- **GPURevisionID**  The GPU revision ID.
-- **GPUVendorID**  The GPU vendor ID.
-- **InterfaceId**  The GPU interface ID.
-- **IsDisplayDevice**  Does the GPU have displaying capabilities?
-- **IsHybridDiscrete**  Does the GPU have discrete GPU capabilities in a hybrid device?
-- **IsHybridIntegrated**  Does the GPU have integrated GPU capabilities in a hybrid device?
-- **IsLDA**  Is the GPU comprised of Linked Display Adapters?
-- **IsMiracastSupported**  Does the GPU support Miracast?
-- **IsMismatchLDA**  Is at least one device in the Linked Display Adapters chain from a different vendor?
-- **IsMPOSupported**  Does the GPU support Multi-Plane Overlays?
-- **IsMsMiracastSupported**  Are the GPU Miracast capabilities driven by a Microsoft solution?
-- **IsPostAdapter**  Is this GPU the POST GPU in the device?
-- **IsRemovable**  TRUE if the adapter supports being disabled or removed.
-- **IsRenderDevice**  Does the GPU have rendering capabilities?
-- **IsSoftwareDevice**  Is this a software implementation of the GPU?
-- **KMDFilePath**  The file path to the location of the Display Kernel Mode Driver in the Driver Store.
-- **MeasureEnabled**  Is the device listening to MICROSOFT_KEYWORD_MEASURES?
-- **NumVidPnSources**  The number of supported display output sources.
-- **NumVidPnTargets**  The number of supported display output targets.
-- **SharedSystemMemoryB**  The amount of system memory shared by GPU and CPU (in bytes).
-- **SubSystemID**  The subsystem ID.
-- **SubVendorID**  The GPU sub vendor ID.
-- **TelemetryEnabled**  Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
-- **TelInvEvntTrigger**  What triggered this event to be logged?  Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
-- **version**  The event version.
-- **WDDMVersion**  The Windows Display Driver Model version.
-
-
-### DxgKrnlTelemetry.GPUAdapterStop
-
-This event collects information about an adapter when it stops. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **AdapterLuid**  Local Identifier for the adapter.
-- **AdapterTypeValue**  Numeric value indicating the type of the adapter.
-- **DriverDate**  Date of the driver.
-- **DriverVersion**  Version of the driver.
-- **GPUDeviceID**  Device identifier for the adapter.
-- **GPUVendorID**  Vendor identifier for the adapter.
-- **InterfaceId**  Identifier for the adapter.
-- **IsDetachable**  Boolean value indicating whether the adapter is removable or detachable.
-- **IsDisplayDevice**  Boolean value indicating whether the adapter has display capabilities.
-- **IsHybridDiscrete**  Boolean value indicating whether the adapter is a discrete adapter in a hybrid configuration.
-- **IsHybridIntegrated**  Boolean value indicating whether the adapter is an integrated adapter in a hybrid configuration.
-- **IsRenderDevice**  Boolean value indicating whether the adapter has rendering capabilities.
-- **IsSoftwareDevice**  Boolean value indicating whether the adapter is implemented in software.
-- **IsSurpriseRemoved**  Boolean value indicating whether the adapter was surprise removed.
-- **SubSystemID**  Subsystem identifier for the adapter.
-- **SubVendorID**  Sub-vendor identifier for the adapter.
-- **version**  Version of the schema for this event.
-- **WDDMVersion**  Display driver model version for the driver.
-
-
-## Failover Clustering events
-
-### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
-
-This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
-
-The following fields are available:
-
-- **autoAssignSite**  The cluster parameter: auto site.
-- **autoBalancerLevel**  The cluster parameter: auto balancer level.
-- **autoBalancerMode**  The cluster parameter: auto balancer mode.
-- **blockCacheSize**  The configured size of the block cache.
-- **ClusterAdConfiguration**  The ad configuration of the cluster.
-- **clusterAdType**  The cluster parameter: mgmt_point_type.
-- **clusterDumpPolicy**  The cluster configured dump policy.
-- **clusterFunctionalLevel**  The current cluster functional level.
-- **clusterGuid**  The unique identifier for the cluster.
-- **clusterWitnessType**  The witness type the cluster is configured for.
-- **countNodesInSite**  The number of nodes in the cluster.
-- **crossSiteDelay**  The cluster parameter: CrossSiteDelay.
-- **crossSiteThreshold**  The cluster parameter: CrossSiteThreshold.
-- **crossSubnetDelay**  The cluster parameter: CrossSubnetDelay.
-- **crossSubnetThreshold**  The cluster parameter: CrossSubnetThreshold.
-- **csvCompatibleFilters**  The cluster parameter: ClusterCsvCompatibleFilters.
-- **csvIncompatibleFilters**  The cluster parameter: ClusterCsvIncompatibleFilters.
-- **csvResourceCount**  The number of resources in the cluster.
-- **currentNodeSite**  The name configured for the current site for the cluster.
-- **dasModeBusType**  The direct storage bus type of the storage spaces.
-- **downLevelNodeCount**  The number of nodes in the cluster that are running down-level.
-- **drainOnShutdown**  Specifies whether a node should be drained when it is shut down.
-- **dynamicQuorumEnabled**  Specifies whether dynamic Quorum has been enabled.
-- **enforcedAntiAffinity**  The cluster parameter: enforced anti affinity.
-- **genAppNames**  The win32 service name of a clustered service.
-- **genSvcNames**  The command line of a clustered genapp.
-- **hangRecoveryAction**  The cluster parameter: hang recovery action.
-- **hangTimeOut**  Specifies the “hang time out” parameter for the cluster.
-- **isCalabria**  Specifies whether storage spaces direct is enabled.
-- **isMixedMode**  Identifies if the cluster is running with different version of OS for nodes.
-- **isRunningDownLevel**  Identifies if the current node is running down-level.
-- **logLevel**  Specifies the granularity that is logged in the cluster log.
-- **logSize**  Specifies the size of the cluster log.
-- **lowerQuorumPriorityNodeId**  The cluster parameter: lower quorum priority node ID.
-- **minNeverPreempt**  The cluster parameter: minimum never preempt.
-- **minPreemptor**  The cluster parameter: minimum preemptor priority.
-- **netftIpsecEnabled**  The parameter: netftIpsecEnabled.
-- **NodeCount**  The number of nodes in the cluster.
-- **nodeId**  The current node number in the cluster.
-- **nodeResourceCounts**  Specifies the number of node resources.
-- **nodeResourceOnlineCounts**  Specifies the number of node resources that are online.
-- **numberOfSites**  The number of different sites.
-- **numNodesInNoSite**  The number of nodes not belonging to a site.
-- **plumbAllCrossSubnetRoutes**  The cluster parameter: plumb all cross subnet routes.
-- **preferredSite**  The preferred site location.
-- **privateCloudWitness**  Specifies whether a private cloud witness exists for this cluster.
-- **quarantineDuration**  The quarantine duration.
-- **quarantineThreshold**  The quarantine threshold.
-- **quorumArbitrationTimeout**  In the event of an arbitration event, this specifies the quorum timeout period.
-- **resiliencyLevel**  Specifies the level of resiliency.
-- **resourceCounts**  Specifies the number of resources.
-- **resourceTypeCounts**  Specifies the number of resource types in the cluster.
-- **resourceTypes**  Data representative of each resource type.
-- **resourceTypesPath**  Data representative of the DLL path for each resource type.
-- **sameSubnetDelay**  The cluster parameter: same subnet delay.
-- **sameSubnetThreshold**  The cluster parameter: same subnet threshold.
-- **secondsInMixedMode**  The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
-- **securityLevel**  The cluster parameter: security level.
-- **securityLevelForStorage**  The cluster parameter: security level for storage.
-- **sharedVolumeBlockCacheSize**  Specifies the block cache size shared volumes.
-- **shutdownTimeoutMinutes**  Specifies the amount of time it takes to time out when shutting down.
-- **upNodeCount**  Specifies the number of nodes that are up (online).
-- **useClientAccessNetworksForCsv**  The cluster parameter: use client access networks for CSV.
-- **vmIsolationTime**  The cluster parameter: VM isolation time.
-- **witnessDatabaseWriteTimeout**  Specifies the timeout period for writing to the quorum witness database.
-
-
-## Fault Reporting events
-
-### Microsoft.Windows.FaultReporting.AppCrashEvent
-
-This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has crashed.
-- **AppSessionGuid**  GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
-- **AppTimeStamp**  The date/time stamp of the app.
-- **AppVersion**  The version of the app that has crashed.
-- **ExceptionCode**  The exception code returned by the process that has crashed.
-- **ExceptionOffset**  The address where the exception had occurred.
-- **Flags**  Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
-- **FriendlyAppName**  The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
-- **IsCrashFatal**  (Deprecated) True/False to indicate whether the crash resulted in process termination.
-- **IsFatal**  True/False to indicate whether the crash resulted in process termination.
-- **ModName**  Exception module name (e.g. bar.dll).
-- **ModTimeStamp**  The date/time stamp of the module.
-- **ModVersion**  The version of the module that has crashed.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has crashed.
-- **ProcessId**  The ID of the process that has crashed.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported
-- **TargetAsId**  The sequence number for the hanging process.
-
-
-## Feature update events
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
-
-This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **failureReason**  Provides data about the uninstall initialization operation failure.
-- **hr**  Provides the Win32 error code for the operation failure.
-
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered
-
-This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked
-
-This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems.
-
-
-
-## Hang Reporting events
-
-### Microsoft.Windows.HangReporting.AppHangEvent
-
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has hung.
-- **AppSessionGuid**  GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
-- **AppVersion**  The version of the app that has hung.
-- **IsFatal**  True/False based on whether the hung application caused the creation of a Fatal Hang Report.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has hung.
-- **ProcessId**  The ID of the process that has hung.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported.
-- **TargetAsId**  The sequence number for the hanging process.
-- **TypeCode**  Bitmap describing the hang type.
-- **WaitingOnAppName**  If this is a cross process hang waiting for an application, this has the name of the application.
-- **WaitingOnAppVersion**  If this is a cross process hang, this has the version of the application for which it is waiting.
-- **WaitingOnPackageFullName**  If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
-- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application id of the package.
-
-
-## Inventory events
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
-
-This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **DeviceCensus**  A count of device census objects in cache.
-- **DriverPackageExtended**  A count of driverpackageextended objects in cache.
-- **FileSigningInfo**  A count of file signing objects in cache.
-- **InventoryApplication**  A count of application objects in cache.
-- **InventoryApplicationAppV**  A count of application AppV objects in cache.
-- **InventoryApplicationDriver**  A count of application driver objects in cache.
-- **InventoryApplicationFile**  A count of application file objects in cache.
-- **InventoryApplicationFramework**  A count of application framework objects in cache.
-- **InventoryApplicationShortcut**  A count of application shortcut objects in cache.
-- **InventoryDeviceContainer**  A count of device container objects in cache.
-- **InventoryDeviceInterface**  A count of Plug and Play device interface objects in cache.
-- **InventoryDeviceMediaClass**  A count of device media objects in cache.
-- **InventoryDevicePnp**  A count of device Plug and Play objects in cache.
-- **InventoryDeviceUsbHubClass**  A count of device USB objects in cache
-- **InventoryDriverBinary**  A count of driver binary objects in cache.
-- **InventoryDriverPackage**  A count of device objects in cache.
-- **InventoryMiscellaneousOfficeAddIn**  A count of office add-in objects in cache.
-- **InventoryMiscellaneousOfficeAddInUsage**  A count of office add-in usage objects in cache.
-- **InventoryMiscellaneousOfficeIdentifiers**  A count of office identifier objects in cache.
-- **InventoryMiscellaneousOfficeIESettings**  A count of office IE settings objects in cache.
-- **InventoryMiscellaneousOfficeInsights**  A count of office insights objects in cache.
-- **InventoryMiscellaneousOfficeProducts**  A count of office products objects in cache.
-- **InventoryMiscellaneousOfficeSettings**  A count of office settings objects in cache.
-- **InventoryMiscellaneousOfficeVBA**  A count of office VBA objects in cache.
-- **InventoryMiscellaneousOfficeVBARuleViolations**  A count of office VBA rule violations objects in cache.
-- **InventoryMiscellaneousUUPInfo**  A count of UUP info objects in cache.
-
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
-
-This event sends inventory component versions for the Device Inventory data. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **aeinv**  The version of the App inventory component.
-- **devinv**  The file version of the Device inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
-
-This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **HiddenArp**  Indicates whether a program hides itself from showing up in ARP.
-- **InstallDate**  The date the application was installed (a best guess based on folder creation date heuristics).
-- **InstallDateArpLastModified**  The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015  00:00:00
-- **InstallDateFromLinkFile**  The estimated date of install based on the links to the files.  Passed as an array.
-- **InstallDateMsi**  The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Language**  The language code of the program.
-- **MsiPackageCode**  A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
-- **MsiProductCode**  A GUID that describe the MSI Product.
-- **Name**  The name of the application.
-- **OSVersionAtInstallTime**  The four octets from the OS version at the time of the application's install.
-- **PackageFullName**  The package full name for a Store application.
-- **ProgramInstanceId**  A hash of the file IDs in an app.
-- **Publisher**  The Publisher of the application. Location pulled from depends on the 'Source' field.
-- **RootDirPath**  The path to the root directory where the program was installed.
-- **Source**  How the program was installed (for example, ARP, MSI, Appx).
-- **StoreAppType**  A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
-- **Type**  One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
-- **Version**  The version number of the program.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
-
-This event represents what drivers an application installs. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory component.
-- **ProgramIds**  The unique program identifier the driver is associated with.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
-
-The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
-
-This event provides the basic metadata about the frameworks an application may depend on. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **FileId**  A hash that uniquely identifies a file.
-- **Frameworks**  The list of frameworks this file depends on.
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
-
-This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
-
-This event indicates that a new set of InventoryApplicationAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
-
-This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device). The data collected with this event is used to help keep Windows up to date and to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Categories**  A comma separated list of functional categories in which the container belongs.
-- **DiscoveryMethod**  The discovery method for the device container.
-- **FriendlyName**  The name of the device container.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **IsActive**  Is the device connected, or has it been seen in the last 14 days?
-- **IsConnected**  For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
-- **IsMachineContainer**  Is the container the root device itself?
-- **IsNetworked**  Is this a networked device?
-- **IsPaired**  Does the device container require pairing?
-- **Manufacturer**  The manufacturer name for the device container.
-- **ModelId**  A unique model ID.
-- **ModelName**  The model name.
-- **ModelNumber**  The model number for the device container.
-- **PrimaryCategory**  The primary category for the device container.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
-
-This event indicates that the InventoryDeviceContainer object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
-
-This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
-
-This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Accelerometer3D**  Indicates if an Accelerator3D sensor is found.
-- **ActivityDetection**  Indicates if an Activity Detection sensor is found.
-- **AmbientLight**  Indicates if an Ambient Light sensor is found.
-- **Barometer**  Indicates if a Barometer sensor is found.
-- **Custom**  Indicates if a Custom sensor is found.
-- **EnergyMeter**  Indicates if an Energy sensor is found.
-- **FloorElevation**  Indicates if a Floor Elevation sensor is found.
-- **GeomagneticOrientation**  Indicates if a Geo Magnetic Orientation sensor is found.
-- **GravityVector**  Indicates if a Gravity Detector sensor is found.
-- **Gyrometer3D**  Indicates if a Gyrometer3D sensor is found.
-- **Humidity**  Indicates if a Humidity sensor is found.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **LinearAccelerometer**  Indicates if a Linear Accelerometer sensor is found.
-- **Magnetometer3D**  Indicates if a Magnetometer3D sensor is found.
-- **Orientation**  Indicates if an Orientation sensor is found.
-- **Pedometer**  Indicates if a Pedometer sensor is found.
-- **Proximity**  Indicates if a Proximity sensor is found.
-- **RelativeOrientation**  Indicates if a Relative Orientation sensor is found.
-- **SimpleDeviceOrientation**  Indicates if a Simple Device Orientation sensor is found.
-- **Temperature**  Indicates if a Temperature sensor is found.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
-
-This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
-
-This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Audio_CaptureDriver**  The Audio device capture driver endpoint.
-- **Audio_RenderDriver**  The Audio device render driver endpoint.
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
-
-This event indicates that the InventoryDeviceMediaClass object represented by the objectInstanceId is no longer present. This event is used to understand a PNP device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
-
-This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
-
-This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **BusReportedDescription**  The description of the device reported by the bus.
-- **Class**  The device setup class of the driver loaded for the device.
-- **ClassGuid**  The device class unique identifier of the driver package loaded on the device.
-- **COMPID**  The list of “Compatible IDs” for this device.
-- **ContainerId**  The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to.
-- **Description**  The description of the device.
-- **DeviceState**  Identifies the current state of the parent (main) device.
-- **DriverId**  The unique identifier for the installed driver.
-- **DriverName**  The name of the driver image file.
-- **DriverPackageStrongName**  The immediate parent directory name in the Directory field of InventoryDriverPackage.
-- **DriverVerDate**  The date associated with the driver loaded on the device.
-- **DriverVerVersion**  The immediate parent directory name in the Directory field of InventoryDriverPackage.
-- **Enumerator**  Identifies the bus that enumerated the device.
-- **HWID**  A list of hardware IDs for the device.
-- **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
-- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
-- **InventoryVersion**  The version number of the inventory process generating the events.
-- **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
-- **LowerFilters**  The identifiers of the Lower filters installed for the device.
-- **Manufacturer**  The manufacturer of the device.
-- **MatchingID**  The Hardware ID or Compatible ID that Windows uses to install a device instance.
-- **Model**  Identifies the model of the device.
-- **ParentId**  The Device Instance ID of the parent of the device.
-- **ProblemCode**  The error code currently returned by the device, if applicable.
-- **Provider**  Identifies the device provider.
-- **Service**  The name of the device service.
-- **STACKID**  The list of hardware IDs for the stack.
-- **UpperClassFilters**  The identifiers of the Upper Class filters installed for the device.
-- **UpperFilters**  The identifiers of the Upper filters installed for the device.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
-
-This event indicates that the InventoryDevicePnpRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
-
-This event sends basic metadata about the USB hubs on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **TotalUserConnectablePorts**  Total number of connectable USB ports.
-- **TotalUserConnectableTypeCPorts**  Total number of connectable USB Type C ports.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
-
-This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
-
-This event sends basic metadata about driver binaries running on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **DriverCheckSum**  The checksum of the driver file.
-- **DriverCompany**  The company name that developed the driver.
-- **DriverInBox**  Is the driver included with the operating system?
-- **DriverIsKernelMode**  Is it a kernel mode driver?
-- **DriverName**  The file name of the driver.
-- **DriverPackageStrongName**  The strong name of the driver package
-- **DriverSigned**  Is the driver signed?
-- **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
-- **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
-- **DriverVersion**  The version of the driver file.
-- **ImageSize**  The size of the driver file.
-- **Inf**  The name of the INF file.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Product**  The product name that is included in the driver file.
-- **ProductVersion**  The product version that is included in the driver file.
-- **Service**  The name of the service that is installed for the device.
-- **WdfVersion**  The Windows Driver Framework version.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
-
-This event indicates that the InventoryDriverBinary object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
-
-This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
-
-This event sends basic metadata about drive packages installed on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Class**  The class name for the device driver.
-- **ClassGuid**  The class GUID for the device driver.
-- **Date**  The driver package date.
-- **Directory**  The path to the driver package.
-- **DriverInBox**  Is the driver included with the operating system?
-- **Inf**  The INF name of the driver package.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Provider**  The provider for the driver package.
-- **SubmissionId**  The HLK submission ID for the driver package.
-- **Version**  The version of the driver package.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
-
-This event indicates that the InventoryDriverPackageRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
-
-This event indicates that a new set of InventoryDriverPackageAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.General. InventoryMiscellaneousMemorySlotArrayInfoRemove
-
-This event indicates that this particular data object represented by the ObjectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
-
-This event sends details collected for a specific application on the source device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AhaVersion**  The binary version of the App Health Analyzer tool.
-- **ApplicationErrors**  The count of application errors from the event log.
-- **Bitness**  The architecture type of the application (16 Bit or 32 bit or 64 bit).
-- **device_level**  Various JRE/JAVA versions installed on a particular device.
-- **ExtendedProperties**  Attribute used for aggregating all other attributes under this event type.
-- **Jar**  Flag to determine if an app has a Java JAR file dependency.
-- **Jre**  Flag to determine if an app has JRE framework dependency.
-- **Jre_version**  JRE versions an app has declared framework dependency for.
-- **Name**  Name of the application.
-- **NonDPIAware**  Flag to determine if an app is non-DPI aware
-- **NumBinaries**  Count of all binaries (.sys,.dll,.ini) from application install location.
-- **ProgramId**  The ID of the associated program.
-- **RequiresAdmin**  Flag to determine if an app requests admin privileges for execution.
-- **RequiresAdminv2**  Additional flag to determine if an app requests admin privileges for execution.
-- **RequiresUIAccess**  Flag to determine if an app is based on UI features for accessibility.
-- **VB6**  Flag to determine if an app is based on VB6 framework.
-- **VB6v2**  Additional flag to determine if an app is based on VB6 framework.
-- **Version**  Version of the application.
-- **VersionCheck**  Flag to determine if an app has a static dependency on OS version.
-- **VersionCheckv2**  Additional flag to determine if an app has a static dependency on OS version.
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
-
-This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AllowTelemetry**  Indicates the presence of the 'allowtelemetry' command line argument.
-- **CommandLineArgs**  Command line arguments passed when launching the App Health Analyzer executable.
-- **Enhanced**  Indicates the presence of the 'enhanced' command line argument.
-- **StartTime**  UTC date and time at which this event was sent.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
-
-This event provides basic information about active memory slots on the device.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Capacity**  Memory size in bytes
-- **Manufacturer**  Name of the DRAM manufacturer
-- **Model**  Model and sub-model of the memory
-- **Slot**  Slot to which the DRAM is plugged into the motherboard.
-- **Speed**  The configured memory slot speed in MHz.
-- **Type**  Reports DDR as an enumeration value as per the DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails**  Reports Non-volatile as a bit flag enumeration as per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
-
-This diagnostic event indicates a new sync is being generated for this object type.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
-
-This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Identifier**  UUP identifier
-- **LastActivatedVersion**  Last activated version
-- **PreviousVersion**  Previous version
-- **Source**  UUP source
-- **Version**  UUP version
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
-
-This is a diagnostic event that indicates a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.Checksum
-
-This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **ChecksumDictionary**  A count of each operating system indicator.
-- **PCFP**  Equivalent to the InventoryId field that is found in other core events.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
-
-This event represents the basic metadata about the OS indicators installed on the system. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **IndicatorValue**  The indicator value.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-## Kernel events
-
-### IO
-
-This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
-
-The following fields are available:
-
-- **BytesRead**  The total number of bytes read from or read by the OS upon system startup.
-- **BytesWritten**  The total number of bytes written to or written by the OS upon system startup.
-
-
-### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
-
-This event includes basic data about the Operating System, collected during Boot and used to evaluate the success of the upgrade process. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BootApplicationId**  This field tells us what the OS Loader Application Identifier is.
-- **BootAttemptCount**  The number of consecutive times the boot manager has attempted to boot into this operating system.
-- **BootSequence**  The current Boot ID, used to correlate events related to a particular boot session.
-- **BootStatusPolicy**  Identifies the applicable Boot Status Policy.
-- **BootType**  Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
-- **EventTimestamp**  Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
-- **FirmwareResetReasonEmbeddedController**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonEmbeddedControllerAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonPch**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonPchAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonSupplied**  Flag indicating that a reason for system reset was provided by firmware.
-- **IO**  Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
-- **LastBootSucceeded**  Flag indicating whether the last boot was successful.
-- **LastShutdownSucceeded**  Flag indicating whether the last shutdown was successful.
-- **MaxAbove4GbFreeRange**  This field describes the largest memory range available above 4Gb.
-- **MaxBelow4GbFreeRange**  This field describes the largest memory range available below 4Gb.
-- **MeasuredLaunchPrepared**  This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement).
-- **MenuPolicy**  Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
-- **RecoveryEnabled**  Indicates whether recovery is enabled.
-- **SecureLaunchPrepared**  This field indicates if DRTM was prepared during boot.
-- **UserInputTime**  The amount of time the loader application spent waiting for user input.
-
-
-### Microsoft.Windows.Kernel.Power.OSStateChange
-
-This event indicates an OS state change. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AcPowerOnline**  If "TRUE," the device is using AC power. If "FALSE," the device is using battery power.
-- **ActualTransitions**  The number of transitions between operating system states since the last system boot
-- **BatteryCapacity**  Maximum battery capacity in mWh
-- **BatteryCharge**  Current battery charge as a percentage of total capacity
-- **BatteryDischarging**  Flag indicating whether the battery is discharging or charging
-- **BootId**  Total boot count since the operating system was installed
-- **BootTimeUTC**  Date and time of a particular boot event (identified by BootId)
-- **EnergyChangeV2**  A snapshot value in mWh reflecting a change in power usage
-- **EnergyChangeV2Flags**  Flags for disambiguating EnergyChangeV2 context
-- **EventSequence**  Indicates the sequence order for this event instance, relative to previous instances of OSStateChange events that have occurred since boot
-- **LastStateTransition**  ID of the last operating system state transition
-- **LastStateTransitionSub**  ID of the last operating system sub-state transition
-- **StateDurationMS**  Number of milliseconds spent in the last operating system state
-- **StateTransition**  ID of the operating system state the system is transitioning to
-- **StateTransitionSub**  ID of the operating system sub-state the system is transitioning to
-- **TotalDurationMS**  Total time (in milliseconds) spent in all states since the last boot
-- **TotalUptimeMS**  Total time (in milliseconds) the device was in Up or Running states since the last boot
-- **TransitionsToOn**  Number of transitions to the Powered On state since the last boot
-- **UptimeDeltaMS**  Total time (in milliseconds) added to Uptime since the last event
-
-
-## Microsoft Edge events
-
-### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-
-
-### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-
-
-### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-
-
-### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-
-
-### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
-
-This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **appAp**  Any additional parameters for the specified application. Default: ''.
-- **appAppId**  The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined.
-- **appBrandCode**  The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
-- **appChannel**  An integer indicating the channel of the installation (i.e. Canary or Dev).
-- **appClientId**  A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
-- **appCohort**  A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortHint**  A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortName**  A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appConsentState**  Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall**  The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
-- **appExperiments**  A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
-- **appIid**  A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete.
-- **appInstallTimeDiffSec**  The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
-- **appLang**  The language of the product install, in IETF BCP 47 representation. Default: ''.
-- **appNextVersion**  The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
-- **appPingEventAppSize**  The total number of bytes of all downloaded packages. Default: '0'.
-- **appPingEventDownloadMetricsCdnCCC**  ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
-- **appPingEventDownloadMetricsCdnCID**  Numeric value used to internally track the origins of the updated binaries. For example, 2.
-- **appPingEventDownloadMetricsDownloadedBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsDownloader**  A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
-- **appPingEventDownloadMetricsDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventDownloadMetricsError**  The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
-- **appPingEventDownloadMetricsServerIpHint**  For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadMetricsTotalBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsUrl**  For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventErrorCode**  The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult**  An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'.
-- **appPingEventEventType**  An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information.
-- **appPingEventExtraCode1**  Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventInstallTimeMs**  For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appPingEventNumBytesDownloaded**  The number of bytes downloaded for the specified application. Default: '0'.
-- **appPingEventSequenceId**  An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
-- **appPingEventSourceUrlIndex**  For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
-- **appPingEventUpdateCheckTimeMs**  For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appUpdateCheckIsUpdateDisabled**  The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
-- **appUpdateCheckTargetVersionPrefix**  A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
-- **appUpdateCheckTtToken**  An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
-- **appVersion**  The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
-- **eventType**  A string indicating the type of the event. Please see the wiki for additional information.
-- **hwHasAvx**  '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse**  '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse2**  '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse3**  '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse41**  '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse42**  '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSsse3**  '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwPhysmemory**  The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
-- **isMsftDomainJoined**  '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
-- **osArch**  The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
-- **osPlatform**  The operating system family within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''.
-- **osServicePack**  The secondary version of the operating system. '' if unknown. Default: ''.
-- **osVersion**  The primary version of the operating system. '' if unknown. Default: ''.
-- **requestCheckPeriodSec**  The update interval in seconds. The value is read from the registry. Default: '-1'.
-- **requestDlpref**  A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
-- **requestDomainJoined**  '1' if the machine is part of a managed enterprise domain. Otherwise '0'.
-- **requestInstallSource**  A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
-- **requestIsMachine**  '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
-- **requestOmahaShellVersion**  The version of the Omaha installation folder. Default: ''.
-- **requestOmahaVersion**  The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
-- **requestProtocolVersion**  The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined.
-- **requestRequestId**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''.
-- **requestSessionCorrelationVectorBase**  A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
-- **requestSessionId**  A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''.
-- **requestTestSource**  Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
-- **requestUid**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
-
-
-### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-
-
-### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
-
-This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **appAp**  Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''."
-- **appAppId**  The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update.
-- **appBrandCode**  The 4-digit brand code under which the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown).
-- **appChannel**  An integer indicating the channel of the installation (e.g. Canary or Dev).
-- **appClientId**  A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
-- **appCohort**  A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortHint**  A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortName**  A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appConsentState**  Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall**  The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown).
-- **appExperiments**  A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''.
-- **appIid**  A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete.
-- **appInstallTimeDiffSec**  The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
-- **appLang**  The language of the product install, in IETF BCP 47 representation. Default: ''.
-- **appNextVersion**  The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
-- **appPingEventAppSize**  The total number of bytes of all downloaded packages. Default: '0'.
-- **appPingEventDownloadMetricsCdnCCC**  ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
-- **appPingEventDownloadMetricsCdnCID**  Numeric value used to internally track the origins of the updated binaries. For example, 2.
-- **appPingEventDownloadMetricsDownloadedBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsDownloader**  A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
-- **appPingEventDownloadMetricsDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventDownloadMetricsError**  The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
-- **appPingEventDownloadMetricsServerIpHint**  For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadMetricsTotalBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsUrl**  For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventErrorCode**  The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult**  An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error).
-- **appPingEventEventType**  An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown).
-- **appPingEventExtraCode1**  Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventInstallTimeMs**  For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appPingEventNumBytesDownloaded**  The number of bytes downloaded for the specified application. Default: '0'.
-- **appPingEventSequenceId**  An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
-- **appPingEventSourceUrlIndex**  For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag.
-- **appPingEventUpdateCheckTimeMs**  For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appUpdateCheckIsUpdateDisabled**  The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
-- **appUpdateCheckTargetVersionPrefix**  A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''.
-- **appUpdateCheckTtToken**  An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''.
-- **appVersion**  The version of the product install. Default: '0.0.0.0'.
-- **eventType**  A string representation of appPingEventEventType indicating the type of the event.
-- **hwHasAvx**  '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse**  '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse2**  '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse3**  '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse41**  '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse42**  '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSsse3**  '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwPhysmemory**  The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
-- **isMsftDomainJoined**  '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
-- **osArch**  The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
-- **osPlatform**  The operating system family within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''.
-- **osServicePack**  The secondary version of the operating system. '' if unknown. Default: ''.
-- **osVersion**  The primary version of the operating system. '' if unknown. Default: ''.
-- **requestCheckPeriodSec**  The update interval in seconds. The value is read from the registry. Default: '-1'.
-- **requestDlpref**  A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
-- **requestDomainJoined**  '1' if the device is part of a managed enterprise domain. Otherwise '0'.
-- **requestInstallSource**  A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
-- **requestIsMachine**  '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
-- **requestOmahaShellVersion**  The version of the Omaha installation folder. Default: ''.
-- **requestOmahaVersion**  The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
-- **requestProtocolVersion**  The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined.
-- **requestRequestId**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
-- **requestSessionCorrelationVectorBase**  A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
-- **requestSessionId**  A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''.
-- **requestTestSource**  Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
-- **requestUid**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
-
-
-## Migration events
-
-### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
-
-This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-
-
-## Miracast events
-
-### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
-
-This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AudioChannelCount**  The number of audio channels.
-- **AudioSampleRate**  The sample rate of audio in terms of samples per second.
-- **AudioSubtype**  The unique subtype identifier of the audio codec (encoding method) used for audio encoding.
-- **AverageBitrate**  The average video bitrate used during the Miracast session, in bits per second.
-- **AverageDataRate**  The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second.
-- **AveragePacketSendTimeInMs**  The average time required for the network to send a sample, in milliseconds.
-- **ConnectorType**  The type of connector used during the Miracast session.
-- **EncodeAverageTimeMS**  The average time to encode a frame of video, in milliseconds.
-- **EncodeCount**  The count of total frames encoded in the session.
-- **EncodeMaxTimeMS**  The maximum time to encode a frame, in milliseconds.
-- **EncodeMinTimeMS**  The minimum time to encode a frame, in milliseconds.
-- **EncoderCreationTimeInMs**  The time required to create the video encoder, in milliseconds.
-- **ErrorSource**  Identifies the component that encountered an error that caused a disconnect, if applicable.
-- **FirstFrameTime**  The time (tick count) when the first frame is sent.
-- **FirstLatencyMode**  The first latency mode.
-- **FrameAverageTimeMS**  Average time to process an entire frame, in milliseconds.
-- **FrameCount**  The total number of frames processed.
-- **FrameMaxTimeMS**  The maximum time required to process an entire frame, in milliseconds.
-- **FrameMinTimeMS**  The minimum time required to process an entire frame, in milliseconds.
-- **Glitches**  The number of frames that failed to be delivered on time.
-- **HardwareCursorEnabled**  Indicates if hardware cursor was enabled when the connection ended.
-- **HDCPState**  The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended.
-- **HighestBitrate**  The highest video bitrate used during the Miracast session, in bits per second.
-- **HighestDataRate**  The highest available bandwidth reported by the WiFi driver, in bits per second.
-- **LastLatencyMode**  The last reported latency mode.
-- **LastLatencyTime**  The last reported latency time.
-- **LogTimeReference**  The reference time, in tick counts.
-- **LowestBitrate**  The lowest video bitrate used during the Miracast session, in bits per second.
-- **LowestDataRate**  The lowest video bitrate used during the Miracast session, in bits per second.
-- **MediaErrorCode**  The error code reported by the media session, if applicable.
-- **MiracastEntry**  The time (tick count) when the Miracast driver was first loaded.
-- **MiracastM1**  The time (tick count) when the M1 request was sent.
-- **MiracastM2**  The time (tick count) when the M2 request was sent.
-- **MiracastM3**  The time (tick count) when the M3 request was sent.
-- **MiracastM4**  The time (tick count) when the M4 request was sent.
-- **MiracastM5**  The time (tick count) when the M5 request was sent.
-- **MiracastM6**  The time (tick count) when the M6 request was sent.
-- **MiracastM7**  The time (tick count) when the M7 request was sent.
-- **MiracastSessionState**  The state of the Miracast session when the connection ended.
-- **MiracastStreaming**  The time (tick count) when the Miracast session first started processing frames.
-- **ProfileCount**  The count of profiles generated from the receiver M4 response.
-- **ProfileCountAfterFiltering**  The count of profiles after filtering based on available bandwidth and encoder capabilities.
-- **RefreshRate**  The refresh rate set on the remote display.
-- **RotationSupported**  Indicates if the Miracast receiver supports display rotation.
-- **RTSPSessionId**  The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session.
-- **SessionGuid**  The unique identifier of to correlate various Miracast events from a session.
-- **SinkHadEdid**  Indicates if the Miracast receiver reported an EDID.
-- **SupportMicrosoftColorSpaceConversion**  Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver.
-- **SupportsMicrosoftDiagnostics**  Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension.
-- **SupportsMicrosoftFormatChange**  Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension.
-- **SupportsMicrosoftLatencyManagement**  Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension.
-- **SupportsMicrosoftRTCP**  Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension.
-- **SupportsMicrosoftVideoFormats**  Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution.
-- **SupportsWiDi**  Indicates whether Miracast receiver supports Intel WiDi extensions.
-- **TeardownErrorCode**  The error code reason for teardown provided by the receiver, if applicable.
-- **TeardownErrorReason**  The text string reason for teardown provided by the receiver, if applicable.
-- **UIBCEndState**  Indicates whether UIBC was enabled when the connection ended.
-- **UIBCEverEnabled**  Indicates whether UIBC was ever enabled.
-- **UIBCStatus**  The result code reported by the UIBC setup process.
-- **VideoBitrate**  The starting bitrate for the video encoder.
-- **VideoCodecLevel**  The encoding level used for encoding, specific to the video subtype.
-- **VideoHeight**  The height of encoded video frames.
-- **VideoSubtype**  The unique subtype identifier of the video codec (encoding method) used for video encoding.
-- **VideoWidth**  The width of encoded video frames.
-- **WFD2Supported**  Indicates if the Miracast receiver supports WFD2 protocol.
-
-
-## OneDrive events
-
-### Microsoft.OneDrive.Sync.Setup.APIOperation
-
-This event includes basic data about install and uninstall OneDrive API operations. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **Duration**  How long the operation took.
-- **IsSuccess**  Was the operation successful?
-- **ResultCode**  The result code.
-- **ScenarioName**  The name of the scenario.
-
-
-### Microsoft.OneDrive.Sync.Setup.EndExperience
-
-This event includes a success or failure summary of the installation. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **HResult**  HResult of the operation
-- **IsSuccess**  Whether the operation is successful or not
-- **ScenarioName**  The name of the scenario.
-
-
-### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
-
-This event is related to the OS version when the OS is upgraded with OneDrive installed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CurrentOneDriveVersion**  The current version of OneDrive.
-- **CurrentOSBuildBranch**  The current branch of the operating system.
-- **CurrentOSBuildNumber**  The current build number of the operating system.
-- **CurrentOSVersion**  The current version of the operating system.
-- **HResult**  The HResult of the operation.
-- **SourceOSBuildBranch**  The source branch of the operating system.
-- **SourceOSBuildNumber**  The source build number of the operating system.
-- **SourceOSVersion**  The source version of the operating system.
-
-
-### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation
-
-This event is related to registering or unregistering the OneDrive update task. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **APIName**  The name of the API.
-- **IsSuccess**  Was the operation successful?
-- **RegisterNewTaskResult**  The HResult of the RegisterNewTask operation.
-- **ScenarioName**  The name of the scenario.
-- **UnregisterOldTaskResult**  The HResult of the UnregisterOldTask operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
-
-This event includes basic data about the installation state of dependent OneDrive components. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ComponentName**  The name of the dependent component.
-- **isInstalled**  Is the dependent component installed?
-
-
-### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus
-
-This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **32bit**  The status of the OneDrive overlay icon on a 32-bit operating system.
-- **64bit**  The status of the OneDrive overlay icon on a 64-bit operating system.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
-
-This event sends information describing the result of the update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-- **IsLoggingEnabled**  Indicates whether logging is enabled for the updater.
-- **UpdaterVersion**  The version of the updater.
-
-
-### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult
-
-This event determines the status when downloading the OneDrive update configuration file. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **hr**  The HResult of the operation.
-
-
-### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus
-
-This event determines the error code that was returned when verifying Internet connectivity. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **winInetError**  The HResult of the operation.
-
-
-## Privacy consent logging events
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
-
-This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **presentationVersion**  Which display version of the privacy consent experience the user completed
-- **privacyConsentState**  The current state of the privacy consent experience
-- **settingsVersion**  Which setting version of the privacy consent experience the user completed
-- **userOobeExitReason**  The exit reason of the privacy consent experience
-
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentPrep
-
-This event is used to determine whether the user needs to see the privacy consent experience or not. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **s0**  Indicates the error level encountered during Privacy Consent Preparation. See [Microsoft.Windows.Shell.PrivacyConsentLogging.wilActivity](#microsoftwindowsshellprivacyconsentloggingwilactivity).
-- **wilActivity**  Information of the thread where the error occurred (thread ID). See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
-
-This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **isAdmin**  whether the person who is logging in is an admin
-- **isLaunching**  Whether or not the privacy consent experience will be launched
-- **isSilentElevation**  whether the user has most restrictive UAC controls
-- **privacyConsentState**  whether the user has completed privacy experience
-- **userRegionCode**  The current user's region setting
-
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.wilActivity
-
-This event returns information if an error is encountered while computing whether the user needs to complete privacy consents in certain upgrade scenarios. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  A list of Windows Diagnostic activities/events containing this error.
-- **currentContextId**  The ID for the newest activity/event containing this error.
-- **currentContextMessage**  Any custom message for the activity context.
-- **currentContextName**  The name of the newest activity/event context containing this error.
-- **failureType**  The type of failure observed: exception, returned error, etc.
-- **fileName**  The name of the fine in which the error was encountered.
-- **hresult**  The Result Code of the error.
-- **lineNumber**  The line number where the error was encountered.
-- **message**  Any message associated with the error.
-- **module**  The name of the binary module where the error was encountered.
-- **originatingContextId**  The ID of the oldest telemetry activity containing this error.
-- **originatingContextMessage**  Any custom message associated with the oldest Windows Diagnostic activity/event containing this error.
-- **originatingContextName**  The name associated with the oldest Windows Diagnostic activity/event containing this error.
-- **threadId**  The ID of the thread the activity was run on.
-
-
-## Privacy logging notification events
-
-### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
-
-This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cleanupTask**  Indicates whether the task that launched the dialog should be cleaned up.
-- **cleanupTaskResult**  The return code of the attempt to clean up the task used to show the dialog.
-- **deviceEvaluated**  Indicates whether the device was eligible for evaluation of a known issue.
-- **deviceImpacted**  Indicates whether the device was impacted by a known issue.
-- **modalAction**  The action the user took on the dialog that was presented to them.
-- **modalResult**  The return code of the attempt to show a dialog to the user explaining the issue.
-- **resetSettingsResult**  The return code of the action to correct the known issue.
-
-
-## Quality Update Assistant events
-
-### Microsoft.Windows.QualityUpdateAssistant.Applicability
-
-This event sends basic info on whether the device should be updated to the latest cumulative update. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Applicability check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck
-
-This event sends basic info on whether the device is ready to download the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Device readiness check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Download
-
-This event sends basic info when download of the latest cumulative update begins. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Download of latest cumulative update payload.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Install
-
-This event sends basic info on the result of the installation of the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Result**  Install of latest cumulative update payload.
-
-
-## Remediation events
-
-### Microsoft.Windows.Remediation.Applicable
-
-This event indicates whether Windows Update sediment remediations need to be applied to the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **ActionName**  The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
-- **AppraiserDetectCondition**  Indicates whether the plug-in passed the appraiser's check.
-- **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
-- **AppraiserTaskDisabled**  Indicates the appraiser task is disabled.
-- **AppraiserTaskValidFailed**  Indicates the Appraiser task did not function and requires intervention.
-- **CV**  Correlation vector
-- **DateTimeDifference**  The difference between local and reference clock times.
-- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
-- **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
-- **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
-- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
-- **EvalAndReportAppraiserBinariesFailed**  Indicates the EvalAndReportAppraiserBinaries event failed.
-- **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **EvalAndReportAppraiserRegEntriesFailed**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by the remediation system.
-- **HResult**  The HRESULT for detection or perform action phases of the plugin.
-- **IsAppraiserLatestResult**  The HRESULT from the appraiser task.
-- **IsConfigurationCorrected**  Indicates whether the configuration of SIH task was successfully corrected.
-- **LastHresult**  The HRESULT for detection or perform action phases of the plugin.
-- **LastRun**  The date of the most recent SIH run.
-- **NextRun**  Date of the next scheduled SIH run.
-- **PackageVersion**  The version of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Reload**  True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
-- **RemediationNoisyHammerAutoStartCount**  The number of times Auto UA auto-started.
-- **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
-- **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
-- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the Auto UA ran.
-- **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
-- **RemediationNoisyHammerIsInstalled**  TRUE if the Auto UA is installed.
-- **RemediationNoisyHammerLastTaskRunResult**  The result from the last Auto UA task run.
-- **RemediationNoisyHammerMeteredNetwork**  TRUE if the machine is on a metered network.
-- **RemediationNoisyHammerTaskEnabled**  TRUE if the Auto UA task is enabled.
-- **RemediationNoisyHammerTaskExists**  TRUE if the Auto UA task exists.
-- **RemediationNoisyHammerTaskTriggerEnabledCount**  Indicates whether the task has the count trigger enabled.
-- **RemediationNoisyHammerUAExitCode**  The exit code of the Update Assistant.
-- **RemediationNoisyHammerUAExitState**  The exit code of the Update Assistant.
-- **RemediationNoisyHammerUserLoggedIn**  TRUE if there is a user logged in.
-- **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
-- **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
-- **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
-- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
-- **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
-- **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
-- **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
-- **RemediationTaskHealthChkdskProactiveScan**  True/False based on the health of the Check Disk task.
-- **RemediationTaskHealthDiskCleanup_SilentCleanup**  True/False based on the health of the Disk Cleanup task.
-- **RemediationTaskHealthMaintenance_WinSAT**  True/False based on the health of the Health Maintenance task.
-- **RemediationTaskHealthServicing_ComponentCleanupTask**  True/False based on the health of the Health Servicing Component task.
-- **RemediationTaskHealthUSO_ScheduleScanTask**  True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
-- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask**  True/False based on the health of the Windows Update Scheduled Start task.
-- **RemediationTaskHealthWindowsUpdate_SihbootTask**  True/False based on the health of the Sihboot task.
-- **RemediationUHServiceBitsServiceEnabled**  Indicates whether BITS service is enabled.
-- **RemediationUHServiceDeviceInstallEnabled**  Indicates whether Device Install service is enabled.
-- **RemediationUHServiceDoSvcServiceEnabled**  Indicates whether DO service is enabled.
-- **RemediationUHServiceDsmsvcEnabled**  Indicates whether DSMSVC service is enabled.
-- **RemediationUHServiceLicensemanagerEnabled**  Indicates whether License Manager service is enabled.
-- **RemediationUHServiceMpssvcEnabled**  Indicates whether MPSSVC service is enabled.
-- **RemediationUHServiceTokenBrokerEnabled**  Indicates whether Token Broker service is enabled.
-- **RemediationUHServiceTrustedInstallerServiceEnabled**  Indicates whether Trusted Installer service is enabled.
-- **RemediationUHServiceUsoServiceEnabled**  Indicates whether USO (Update Session Orchestrator) service is enabled.
-- **RemediationUHServicew32timeServiceEnabled**  Indicates whether W32 Time service is enabled.
-- **RemediationUHServiceWecsvcEnabled**  Indicates whether WECSVC service is enabled.
-- **RemediationUHServiceWinmgmtEnabled**  Indicates whether WMI service is enabled.
-- **RemediationUHServiceWpnServiceEnabled**  Indicates whether WPN service is enabled.
-- **RemediationUHServiceWuauservServiceEnabled**  Indicates whether WUAUSERV service is enabled.
-- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
-- **RunAppraiserFailed**  Indicates RunAppraiser failed to run correctly.
-- **RunTask**  TRUE if SIH task should be run by the plug-in.
-- **TimeServiceNTPServer**  The URL for the NTP time server used by device.
-- **TimeServiceStartType**  The startup type for the NTP time service.
-- **TimeServiceSyncDomainJoined**  True if device domain joined and hence uses DC for clock.
-- **TimeServiceSyncType**  Type of sync behavior for Date & Time service on device.
-
-
-### Microsoft.Windows.Remediation.ChangePowerProfileDetection
-
-This event indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates, to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActionName**  A descriptive name for the plugin action
-- **CurrentPowerPlanGUID**  The ID of the current power plan configured on the device
-- **CV**  Correlation vector
-- **GlobalEventCounter**  Counter that indicates the ordering of events on the device
-- **PackageVersion**  Current package version of remediation service
-- **RemediationBatteryPowerBatteryLevel**  Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0)
-- **RemediationFUInProcess**  Result that shows whether the device is currently installing a feature update
-- **RemediationFURebootRequred**  Indicates that a feature update reboot required was detected so the plugin will exit.
-- **RemediationScanInProcess**  Result that shows whether the device is currently scanning for updates
-- **RemediationTargetMachine**  Result that shows whether this device is a candidate for remediation(s) that will fix update issues
-- **SetupMutexAvailable**  Result that shows whether setup mutex is available or not
-- **SysPowerStatusAC**  Result that shows whether system is on AC power or not
-
-
-### Microsoft.Windows.Remediation.Completed
-
-This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **ActionName**  Name of the action to be completed by the plug-in.
-- **AppraiserTaskCreationFailed**  TRUE if the appraiser task creation failed to complete successfully.
-- **AppraiserTaskDeleteFailed**  TRUE if deletion of appraiser task failed to complete successfully.
-- **AppraiserTaskExistFailed**  TRUE if detection of the appraiser task failed to complete successfully.
-- **AppraiserTaskLoadXmlFailed**  TRUE if the Appraiser XML Loader failed to complete successfully.
-- **AppraiserTaskMissing**  TRUE if the Appraiser task is missing.
-- **AppraiserTaskTimeTriggerUpdateFailedId**  TRUE if the Appraiser Task Time Trigger failed to update successfully.
-- **AppraiserTaskValidateTaskXmlFailed**  TRUE if the Appraiser Task XML failed to complete successfully.
-- **branchReadinessLevel**  Branch readiness level policy.
-- **cloudControlState**  Value indicating whether the shell is enabled on the cloud control settings.
-- **CrossedDiskSpaceThreshold**  Indicates if cleanup resulted in hard drive usage threshold required for feature update to be exceeded.
-- **CV**  The Correlation Vector.
-- **DateTimeDifference**  The difference between the local and reference clocks.
-- **DaysSinceOsInstallation**  The number of days since the installation of the Operating System.
-- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in megabytes.
-- **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
-- **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
-- **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
-- **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
-- **hasRolledBack**  Indicates whether the client machine has rolled back.
-- **hasUninstalled**  Indicates whether the client machine has uninstalled a later version of the OS.
-- **hResult**  The result of the event execution.
-- **HResult**  The result of the event execution.
-- **installDate**  The value of installDate registry key. Indicates the install date.
-- **isNetworkMetered**  Indicates whether the client machine has uninstalled a later version of the OS.
-- **LatestState**  The final state of the plug-in component.
-- **MicrosoftCompatibilityAppraiser**  The name of the component targeted by the Appraiser plug-in.
-- **PackageVersion**  The package version for the current Remediation.
-- **PageFileCount**  The number of Windows Page files.
-- **PageFileCurrentSize**  The size of the Windows Page file, measured in Megabytes.
-- **PageFileLocation**  The storage location (directory path) of the Windows Page file.
-- **PageFilePeakSize**  The maximum amount of hard disk space used by the Windows Page file, measured in Megabytes.
-- **PluginName**  The name of the plug-in specified for each generic plug-in event.
-- **RanCleanup**  TRUE if the plug-in ran disk cleanup.
-- **RemediationBatteryPowerBatteryLevel**  Indicates the battery level at which it is acceptable to continue operation.
-- **RemediationBatteryPowerExitDueToLowBattery**  True when we exit due to low battery power.
-- **RemediationBatteryPowerOnBattery**  True if we allow execution on battery.
-- **RemediationConfigurationTroubleshooterExecuted**  True/False based on whether the Remediation Configuration Troubleshooter executed successfully.
-- **RemediationConfigurationTroubleshooterIpconfigFix**  TRUE if IPConfig Fix completed successfully.
-- **RemediationConfigurationTroubleshooterNetShFix**  TRUE if network card cache reset ran successfully.
-- **RemediationDiskCleanSizeBtWindowsFolderInMegabytes**  The size of the Windows BT folder (used to store Windows upgrade files), measured in Megabytes.
-- **RemediationDiskCleanupBTFolderEsdSizeInMB**  The size of the Windows BT folder (used to store Windows upgrade files) ESD (Electronic Software Delivery), measured in Megabytes.
-- **RemediationDiskCleanupGetCurrentEsdSizeInMB**  The size of any existing ESD (Electronic Software Delivery) folder, measured in Megabytes.
-- **RemediationDiskCleanupSearchFileSizeInMegabytes**  The size of the Cleanup Search index file, measured in Megabytes.
-- **RemediationDiskCleanupUpdateAssistantSizeInMB**  The size of the Update Assistant folder, measured in Megabytes.
-- **RemediationDoorstopChangeSucceeded**  TRUE if Doorstop registry key was successfully modified.
-- **RemediationDoorstopExists**  TRUE if there is a One Settings Doorstop value.
-- **RemediationDoorstopRegkeyError**  TRUE if an error occurred accessing the Doorstop registry key.
-- **RemediationDRFKeyDeleteSucceeded**  TRUE if the RecoveredFrom (Doorstop) registry key was successfully deleted.
-- **RemediationDUABuildNumber**  The build number of the DUA.
-- **RemediationDUAKeyDeleteSucceeded**  TRUE if the UninstallActive registry key was successfully deleted.
-- **RemediationDuplicateTokenSucceeded**  TRUE if the user token was successfully duplicated.
-- **remediationExecution**  Remediation shell is in "applying remediation" state.
-- **RemediationHibernationMigrated**  TRUE if hibernation was migrated.
-- **RemediationHibernationMigrationSucceeded**  TRUE if hibernation migration succeeded.
-- **RemediationImpersonateUserSucceeded**  TRUE if the user was successfully impersonated.
-- **RemediationNoisyHammerTaskFixSuccessId**  Indicates whether the Update Assistant task fix was successful.
-- **RemediationNoisyHammerTaskKickOffIsSuccess**  TRUE if the Auto UA task started successfully.
-- **RemediationQueryTokenSucceeded**  TRUE if the user token was successfully queried.
-- **RemediationRanHibernation**  TRUE if the system entered Hibernation.
-- **RemediationRevertToSystemSucceeded**  TRUE if reversion to the system context succeeded.
-- **RemediationShellHasUpgraded**  TRUE if the device upgraded.
-- **RemediationShellMinimumTimeBetweenShellRuns**  Indicates the time between shell runs exceeded the minimum required to execute plugins.
-- **RemediationShellRunFromService**  TRUE if the shell driver was run from the service.
-- **RemediationShellSessionIdentifier**  Unique identifier tracking a shell session.
-- **RemediationShellSessionTimeInSeconds**  Indicates the time the shell session took in seconds.
-- **RemediationShellTaskDeleted**  Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation.
-- **RemediationUpdateServiceHealthRemediationResult**  The result of the Update Service Health plug-in.
-- **RemediationUpdateTaskHealthRemediationResult**  The result of the Update Task Health plug-in.
-- **RemediationUpdateTaskHealthTaskList**  A list of tasks fixed by the Update Task Health plug-in.
-- **RemediationWindowsLogSpaceFound**  The size of the Windows log files found, measured in Megabytes.
-- **RemediationWindowsLogSpaceFreed**  The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
-- **RemediationWindowsSecondaryDriveFreeSpace**  The amount of free space on the secondary drive, measured in Megabytes.
-- **RemediationWindowsSecondaryDriveLetter**  The letter designation of the first secondary drive with a total capacity of 10GB or more.
-- **RemediationWindowsSecondaryDriveTotalSpace**  The total storage capacity of the secondary drive, measured in Megabytes.
-- **RemediationWindowsTotalSystemDiskSize**  The total storage capacity of the System Disk Drive, measured in Megabytes.
-- **Result**  The HRESULT for Detection or Perform Action phases of the plug-in.
-- **RunResult**  The HRESULT for Detection or Perform Action phases of the plug-in.
-- **ServiceHardeningExitCode**  The exit code returned by Windows Service Repair.
-- **ServiceHealthEnabledBitMap**  List of services updated by the plugin.
-- **ServiceHealthInstalledBitMap**  List of services installed by the plugin.
-- **ServiceHealthPlugin**  The nae of the Service Health plug-in.
-- **StartComponentCleanupTask**  TRUE if the Component Cleanup task started successfully.
-- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive, in megabytes.
-- **systemUptimeInHours**  Indicates the amount of time the system in hours has been on since the last boot.
-- **TotalSizeofOrphanedInstallerFilesInMegabytes**  The size of any orphaned Windows Installer files, measured in Megabytes.
-- **TotalSizeofStoreCacheAfterCleanupInMegabytes**  The size of the Microsoft Store cache after cleanup, measured in Megabytes.
-- **TotalSizeofStoreCacheBeforeCleanupInMegabytes**  The size of the Microsoft Store cache (prior to cleanup), measured in Megabytes.
-- **uninstallActive**  TRUE if previous uninstall has occurred for current OS
-- **usoScanDaysSinceLastScan**  The number of days since the last USO (Update Session Orchestrator) scan.
-- **usoScanInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
-- **usoScanIsAllowAutoUpdateKeyPresent**  TRUE if the AllowAutoUpdate registry key is set.
-- **usoScanIsAllowAutoUpdateProviderSetKeyPresent**  TRUE if AllowAutoUpdateProviderSet registry key is set.
-- **usoScanIsAuOptionsPresent**  TRUE if Auto Update Options registry key is set.
-- **usoScanIsFeatureUpdateInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
-- **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
-- **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
-- **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
-- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
-- **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
-- **windows10UpgraderBlockWuUpdates**  Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
-- **windowsEditionId**  Event to report the value of Windows Edition ID.
-- **WindowsHyberFilSysSizeInMegabytes**  The size of the Windows Hibernation file, measured in Megabytes.
-- **WindowsInstallerFolderSizeInMegabytes**  The size of the Windows Installer folder, measured in Megabytes.
-- **WindowsOldFolderSizeInMegabytes**  The size of the Windows.OLD folder, measured in Megabytes.
-- **WindowsOldSpaceCleanedInMB**  The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
-- **WindowsPageFileSysSizeInMegabytes**  The size of the Windows Page file, measured in Megabytes.
-- **WindowsSoftwareDistributionFolderSizeInMegabytes**  The size of the SoftwareDistribution folder, measured in Megabytes.
-- **WindowsSwapFileSysSizeInMegabytes**  The size of the Windows Swap file, measured in Megabytes.
-- **WindowsSxsFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) folder, measured in Megabytes.
-- **WindowsSxsTempFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes.
-- **windowsUpgradeRecoveredFromRs4**  Event to report the value of the Windows Upgrade Recovered key.
-
-
-### Microsoft.Windows.Remediation.RemediationShellMainExeEventId
-
-This event enables tracking of completion of process that remediates issues preventing security and quality updates keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Client side counter which indicates ordering of events sent by the remediation system.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by the remediation system.
-- **PackageVersion**  Current package version of Remediation.
-- **RemediationShellCanAcquireSedimentMutex**  True if the remediation was able to acquire the sediment mutex. False if it is already running.
-- **RemediationShellExecuteShellResult**  Indicates if the remediation system completed without errors.
-- **RemediationShellFoundDriverDll**  Result whether the remediation system found its component files to run properly.
-- **RemediationShellLoadedShellDriver**  Result whether the remediation system loaded its component files to run properly.
-- **RemediationShellLoadedShellFunction**  Result whether the remediation system loaded the functions from its component files to run properly.
-
-
-### Microsoft.Windows.Remediation.Started
-
-This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  The version of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **RunCount**  The number of times the remediation event started (whether it completed successfully or not).
-
-
-## Sediment events
-
-### Microsoft.Windows.Sediment.Info.DetailedState
-
-This event is sent when detailed state information is needed from an update trial run. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **Data**  Data relevant to the state, such as what percent of disk space the directory takes up.
-- **Id**  Identifies the trial being run, such as a disk related trial.
-- **ReleaseVer**  The version of the component.
-- **State**  The state of the reporting data from the trial, such as the top-level directory analysis.
-- **Time**  The time the event was fired.
-
-
-### Microsoft.Windows.Sediment.Info.Error
-
-This event indicates an error in the updater payload. This information assists in keeping Windows up to date.
-
-
-
-### Microsoft.Windows.Sediment.Info.PhaseChange
-
-The event indicates progress made by the updater. This information assists in keeping Windows up to date.
-
-The following fields are available:
-
-- **NewPhase**  The phase of progress made.
-- **ReleaseVer**  The version information for the component in which the change occurred.
-- **Time**  The system time at which the phase chance occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.AttemptingUpdate
-
-This event indicates the Operating System Remediation System Service (OSRSS) installer is attempting an update to itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.BinaryUpdated
-
-This event indicates the Operating System Remediation System Service (OSRSS) updated installer binaries with new binaries as part of its self-update process. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceRestarted
-
-This event indicates the Operating System Remediation System Service (OSRSS) has restarted after installing an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStopped
-
-This event indicates the Operating System Remediation System Service (OSRSS) was stopped by a self-updated to install an updated version of itself. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterCompleted
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully completed the self-update operation. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterLaunched
-
-This event indicates the Operating System Remediation System Service (OSRSS) successfully launched the self-updater after downloading it. This information helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **InstallerVersion**  The version information of the Installer component.
-- **Time**  The system time at which the event occurred.
-
-
-### Microsoft.Windows.SedimentLauncher.Applicable
-
-This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DetectedCondition**  Boolean true if detect condition is true and perform action will be run.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **IsSelfUpdateEnabledInOneSettings**  True if self update enabled in Settings.
-- **IsSelfUpdateNeeded**  True if self update needed by device.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentLauncher.Completed
-
-This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **FailedReasons**  Concatenated list of failure reasons.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **SedLauncherExecutionResult**  HRESULT for one execution of the Sediment Launcher.
-
-
-### Microsoft.Windows.SedimentLauncher.Started
-
-This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentService.Applicable
-
-This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DetectedCondition**  Determine whether action needs to run based on device properties.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **IsSelfUpdateEnabledInOneSettings**  Indicates if self update is enabled in One Settings.
-- **IsSelfUpdateNeeded**  Indicates if self update is needed.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-
-
-### Microsoft.Windows.SedimentService.Completed
-
-This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **FailedReasons**  List of reasons when the plugin action failed.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
-- **SedimentServiceCheckTaskFunctional**  True/False if scheduled task check succeeded.
-- **SedimentServiceCurrentBytes**  Number of current private bytes of memory consumed by sedsvc.exe.
-- **SedimentServiceKillService**  True/False if service is marked for kill (Shell.KillService).
-- **SedimentServiceMaximumBytes**  Maximum bytes allowed for the service.
-- **SedimentServiceRetrievedKillService**  True/False if result of One Settings check for kill succeeded - we only send back one of these indicators (not for each call).
-- **SedimentServiceStopping**  True/False indicating whether the service is stopping.
-- **SedimentServiceTaskFunctional**  True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
-- **SedimentServiceTotalIterations**  Number of 5 second iterations service will wait before running again.
-
-
-### Microsoft.Windows.SedimentService.Started
-
-This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The Correlation Vector.
-- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
-- **PackageVersion**  The version number of the current remediation package.
-- **PluginName**  Name of the plugin specified for each generic plugin event.
-- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
-
-
-## Setup events
-
-### SetupPlatformTel.SetupPlatformTelActivityEvent
-
-This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **Value**  Value associated with the corresponding event name. For example, time-related events will include the system time
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStarted
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-The following fields are available:
-
-- **Name**  The name of the dynamic update type. Example: GDR driver
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStopped
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-
-
-### SetupPlatformTel.SetupPlatformTelEvent
-
-This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **Value**  Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
-
-
-## Shared PC events
-
-### Microsoft.Windows.SharedPC.AccountManager.DeleteUserAccount
-
-Activity for deletion of a user account for devices set up for Shared PC mode as part of the Transient Account Manager to help keep Windows up to date. Deleting un-used user accounts on Education/Shared PCs frees up disk space to improve Windows Update success rates.
-
-The following fields are available:
-
-- **accountType**  The type of account that was deleted. Example: AD, Azure Active Directory (Azure AD), or Local
-- **deleteState**  Whether the attempted deletion of the user account was successful.
-- **userSid**  The security identifier of the account.
-- **wilActivity**  Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.SharedPC.AccountManager.SinglePolicyEvaluation
-
-Activity for run of the Transient Account Manager that determines if any user accounts should be deleted for devices set up for Shared PC mode to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates
-
-The following fields are available:
-
-- **evaluationTrigger**  When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours
-- **totalAccountCount**  The number of accounts on a device after running the Transient Account Manager policies.
-- **wilActivity**  Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity).
-
-
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The function where the failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-### wilResult
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The call context stack where failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-## SIH events
-
-### SIHEngineTelemetry.EvalApplicability
-
-This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActionReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
-- **AdditionalReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed.
-- **HandlerReasons**  If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
-- **IsExecutingAction**  If the action is presently being executed.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **SihclientVersion**  The client version that is being used.
-- **StandardReasons**  If an action has been assessed as inapplicable, the standard logic the prevented it.
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID**  A unique identifier for the action being acted upon.
-- **WuapiVersion**  The Windows Update API version that is currently installed.
-- **WuaucltVersion**  The Windows Update client version that is currently installed.
-- **WuauengVersion**  The Windows Update engine version that is currently installed.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-### SIHEngineTelemetry.ExecuteAction
-
-This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### SIHEngineTelemetry.PostRebootReport
-
-This event reports the status of an action following a reboot, should one have been required. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### SIHEngineTelemetry.SLSActionData
-
-This event reports if the SIH client was able to successfully parse the manifest describing the actions to be evaluated. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed.
-- **FailedParseActions**  The list of actions that were not successfully parsed.
-- **ParsedActions**  The list of actions that were successfully parsed.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **SihclientVersion**  The client version that is being used.
-- **WuapiVersion**  The Windows Update API version that is currently installed.
-- **WuaucltVersion**  The Windows Update client version that is currently installed.
-- **WuauengVersion**  The Windows Update engine version that is currently installed.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-## Software update events
-
-### SoftwareUpdateClientTelemetry.CheckForUpdates
-
-This event sends tracking data about the software distribution client check for content that is applicable to a device, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActivityMatchingId**  Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults**  Indicates if the scan allowed using cached results.
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BranchReadinessLevel**  The servicing branch configured on the device.
-- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CapabilityDetectoidGuid**  The GUID for a hardware applicability detectoid that could not be evaluated.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-- **ClientVersion**  The version number of the software distribution client.
-- **Context**  Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeferralPolicySources**  Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
-- **DeferredUpdates**  Update IDs which are currently being deferred until a later time
-- **DeviceModel**  What is the device model.
-- **DriverError**  The error code hit during a driver scan. This is 0 if no error was encountered.
-- **DriverExclusionPolicy**  Indicates if the policy for not including drivers with Windows Update is enabled.
-- **DriverSyncPassPerformed**  Were drivers scanned this time?
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed.
-- **ExtendedMetadataCabUrl**  Hostname that is used to download an update.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FailedUpdateGuids**  The GUIDs for the updates that failed to be evaluated during the scan.
-- **FailedUpdatesCount**  The number of updates that failed to be evaluated during the scan.
-- **FeatureUpdateDeferral**  The deferral period configured for feature OS updates on the device (in days).
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FeatureUpdatePausePeriod**  The pause duration configured for feature OS updates on the device (in days).
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
-- **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
-- **MSIError**  The last error that was encountered during a scan for updates.
-- **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
-- **NumberOfApplicableUpdates**  The number of updates which were ultimately deemed applicable to the system after the detection process is complete
-- **NumberOfApplicationsCategoryScanEvaluated**  The number of categories (apps) for which an app update scan checked
-- **NumberOfLoop**  The number of round trips the scan required
-- **NumberOfNewUpdatesFromServiceSync**  The number of updates which were seen for the first time in this scan
-- **NumberOfUpdatesEvaluated**  The total number of updates which were evaluated as a part of the scan
-- **NumFailedMetadataSignatures**  The number of metadata signatures checks which failed for new metadata synced down.
-- **Online**  Indicates if this was an online scan.
-- **PausedUpdates**  A list of UpdateIds which that currently being paused.
-- **PauseFeatureUpdatesEndTime**  If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseFeatureUpdatesStartTime**  If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PauseQualityUpdatesEndTime**  If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseQualityUpdatesStartTime**  If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdateDeferral**  The deferral period configured for quality OS updates on the device (in days).
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **QualityUpdatePausePeriod**  The pause duration configured for quality OS updates on the device (in days).
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **ScanDurationInSeconds**  The number of seconds a scan took
-- **ScanEnqueueTime**  The number of seconds it took to initialize a scan
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
-- **ServiceUrl**  The environment URL a device is configured to scan with
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
-- **SyncType**  Describes the type of scan the event was
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetMetadataVersion**  For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
-- **TotalNumMetadataSignatures**  The total number of metadata signatures checks done for new metadata that was synced down.
-- **WebServiceRetryMethods**  Web service method requests that needed to be retried to complete operation.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.Commit
-
-This event sends data on whether the Update Service has been called to execute an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  Device family as defined in the system BIOS
-- **BiosName**  Name of the system BIOS
-- **BiosReleaseDate**  Release date of the system BIOS
-- **BiosSKUNumber**  Device SKU as defined in the system BIOS
-- **BIOSVendor**  Vendor of the system BIOS
-- **BiosVersion**  Version of the system BIOS
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle
-- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  Version number of the software distribution client
-- **DeviceModel**  Device model as defined in the system bios
-- **EventInstanceID**  A globally unique identifier for event instance
-- **EventScenario**  Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
-- **EventType**  Possible values are &quot;Child&quot;, &quot;Bundle&quot;, &quot;Release&quot; or &quot;Driver&quot;.
-- **FlightId**  The specific id of the flight the device is getting
-- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
-- **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **SystemBIOSMajorRelease**  Major release version of the system bios
-- **SystemBIOSMinorRelease**  Minor release version of the system bios
-- **UpdateId**  Identifier associated with the specific piece of content
-- **WUDeviceID**  Unique device id controlled by the software distribution client
-
-
-### SoftwareUpdateClientTelemetry.Download
-
-This event sends tracking data about the software distribution client download of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActiveDownloadTime**  How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.
-- **AppXBlockHashValidationFailureCount**  A count of the number of blocks that have failed validation after being downloaded.
-- **AppXDownloadScope**  Indicates the scope of the download for application content.
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The SKU number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleBytesDownloaded**  Number of bytes downloaded for the specific content bundle.
-- **BundleId**  Identifier associated with the specific content bundle.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to download.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **BytesDownloaded**  Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
-- **CallerApplicationName**  The name provided by the application that initiated API calls into the software distribution client.
-- **CbsDownloadMethod**  The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  ID which defines which CDN the software distribution client downloaded the content from.
-- **ClientVersion**  The version number of the software distribution client.
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeviceModel**  The model of the device.
-- **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
-- **DownloadScenarioId**  A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was canceled, succeeded, or failed.
-- **EventType**  Identifies the type of the event (Child, Bundle, or Driver).
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightBuildNumber**  If this download was for a flight (pre-release build), this indicates the build number of that flight.
-- **FlightId**  The specific ID of the flight (pre-release build) the device is getting.
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HandlerType**  Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
-- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **HostName**  The parent URL the content is downloading from.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6.
-- **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **NetworkCostBitMask**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
-- **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
-- **PackageFullName**  The package name of the content.
-- **PhonePreviewEnabled**  Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
-- **ProcessName**  The process name of the application that initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RegulationReason**  The reason that the update is regulated
-- **RelatedCV**  The Correlation Vector that was used before the most recent change to a new Correlation Vector.
-- **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
-- **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
-- **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
-- **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **ThrottlingServiceHResult**  Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
-- **TimeToEstablishConnection**  Time (in milliseconds) it took to establish the connection prior to beginning downloaded.
-- **TotalExpectedBytes**  The total size (in Bytes) expected to be downloaded.
-- **UpdateId**  An identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates whether the content was marked as Important, Recommended, or Optional.
-- **UsedDO**  Whether the download used the Delivery Optimization (DO) service.
-- **UsedSystemVolume**  Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.DownloadCheckpoint
-
-This event provides a checkpoint between each of the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed
-- **EventType**  Possible values are "Child", "Bundle", "Release" or "Driver"
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough
-- **FileId**  A hash that uniquely identifies a file
-- **FileName**  Name of the downloaded file
-- **FlightId**  The unique identifier for each flight
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RevisionNumber**  Unique revision number of Update
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
-- **UpdateId**  Unique Update ID
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### SoftwareUpdateClientTelemetry.DownloadHeartbeat
-
-This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BytesTotal**  Total bytes to transfer for this content
-- **BytesTransferred**  Total bytes transferred for this content at the time of heartbeat
-- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **ConnectionStatus**  Indicates the connectivity state of the device at the time of heartbeat
-- **CurrentError**  Last (transient) error encountered by the active download
-- **DownloadFlags**  Flags indicating if power state is ignored
-- **DownloadState**  Current state of the active download for this content (queued, suspended, or progressing)
-- **EventType**  Possible values are "Child", "Bundle", or "Driver"
-- **FlightId**  The unique identifier for each flight
-- **IsNetworkMetered**  Indicates whether Windows considered the current network to be ?metered"
-- **MOAppDownloadLimit**  Mobile operator cap on size of application downloads, if any
-- **MOUpdateDownloadLimit**  Mobile operator cap on size of operating system update downloads, if any
-- **PowerState**  Indicates the power state of the device at the time of heartbeat (DC, AC, Battery Saver, or Connected Standby)
-- **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one
-- **ResumeCount**  Number of times this active download has resumed from a suspended state
-- **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
-- **SuspendCount**  Number of times this active download has entered a suspended state
-- **SuspendReason**  Last reason for why this active download entered a suspended state
-- **UpdateId**  Identifier associated with the specific piece of content
-- **WUDeviceID**  Unique device id controlled by the software distribution client
-
-
-### SoftwareUpdateClientTelemetry.Install
-
-This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to install.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **ClientVersion**  The version number of the software distribution client.
-- **CSIErrorType**  The stage of CBS installation where it failed.
-- **CurrentMobileOperator**  The mobile operator to which the device is currently connected.
-- **DeviceModel**  The device model.
-- **DriverPingBack**  Contains information about the previous driver and system state.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was canceled, succeeded, or failed.
-- **EventType**  Possible values are Child, Bundle, or Driver.
-- **ExtendedErrorCode**  The extended error code.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in the Windows Insider Program.
-- **FlightBuildNumber**  If this installation was for a Windows Insider build, this is the build number of that build.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **FlightRing**  The ring that a device is on if participating in the Windows Insider Program.
-- **HandlerType**  Indicates what kind of content is being installed (for example, app, driver, Windows update).
-- **HardwareId**  If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IsDependentSet**  Indicates whether the driver is part of a larger System Hardware/Firmware update.
-- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware**  Indicates whether this update is a firmware update.
-- **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
-- **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
-- **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
-- **MsiAction**  The stage of MSI installation where it failed.
-- **MsiProductCode**  The unique identifier of the MSI installer.
-- **PackageFullName**  The package name of the content being installed.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailFlag**  Indicates whether this specific piece of content previously failed to install.
-- **RevisionNumber**  The revision number of this specific piece of content.
-- **ServiceGuid**  An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
-- **Setup360Phase**  If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of an installation event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode**  The ID that represents a given MSI installation.
-- **UpdateId**  Unique update ID.
-- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedSystemVolume**  Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.UpdateDetected
-
-This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **NumberOfApplicableUpdates**  The number of updates ultimately deemed applicable to the system after the detection process is complete.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
-- **ServiceGuid**  An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
-- **WUDeviceID**  The unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl**  The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
-- **EventScenario**  The purpose of this event, such as scan started, scan succeeded, or scan failed.
-- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
-- **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode**  The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
-- **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
-- **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
-- **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
-- **RevisionId**  The revision ID for a specific piece of content.
-- **RevisionNumber**  The revision number for a specific piece of content.
-- **ServiceGuid**  Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
-- **SHA256OfLeafCerData**  A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfTimestampToken**  An encoded string of the timestamp token.
-- **SignatureAlgorithm**  The hash algorithm for the metadata signature.
-- **SLSPrograms**  A test program to which a device may have opted in. Example: Insider Fast
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
-- **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
-- **UpdateId**  The update ID for a specific piece of content.
-- **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
-
-
-## Surface events
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **pszBatteryDataXml**  Battery performance data.
-- **szBatteryInfo**  Battery performance data.
-
-
-## Update Assistant events
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.BlockingEventId
-
-The event sends basic info on the reason that Windows 10 was not updated due to compatibility issues, previous rollbacks, or admin policies. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ApplicabilityBlockedReason**  Blocked due to an applicability issue.
-- **BlockWuUpgrades**  The upgrade assistant is currently blocked.
-- **clientID**  An identification of the current release of Update Assistant.
-- **CloverTrail**  This device is Clovertrail.
-- **DeviceIsMdmManaged**  This device is MDM managed.
-- **IsNetworkAvailable**  If the device network is not available.
-- **IsNetworkMetered**  If network is metered.
-- **IsSccmManaged**  This device is managed by Configuration Manager.
-- **NewlyInstalledOs**  OS is newly installed quiet period.
-- **PausedByPolicy**  Updates are paused by policy.
-- **RecoveredFromRS3**  Previously recovered from RS3.
-- **RS1UninstallActive**  Blocked due to an active RS1 uninstall.
-- **RS3RollBacks**  Exceeded number of allowable RS3 rollbacks.
-- **triggerTaskSource**  Describe which task launches this instance.
-- **WsusManaged**  This device is WSUS managed.
-- **ZeroExhaust**  This device is zero exhaust.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.DeniedLaunchEventId
-
-The event sends basic info when a device was blocked or prevented from updating to the latest Windows 10 version. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **denyReason**  All the reasons why the Update Assistant was prevented from launching. Bitmask with values from UpdateAssistant.cpp eUpgradeModeReason.
-- **triggerTaskSource**  Describe which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedLaunchEventId
-
-This event indicates that Update Assistant Orchestrator failed to launch Update Assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **calendarRun**  Standard time-based triggered task.
-- **clientID**  An identification of the current release of Update Assistant.
-- **hResult**  Error code of the Update Assistant Orchestrator failure.
-- **triggerTaskSource**  Describe which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedOneSettingsQueryEventId
-
-This event indicates that One Settings was not queried by update assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  An identification of the current release of Update Assistant.
-- **hResult**  Error code of One Settings query failure.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.LaunchEventId
-
-This event sends basic information on whether the device should be updated to the latest Windows 10 version. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **autoStartRunCount**  The auto start run count of Update Assistant.
-- **clientID**  The ID of the current release of Update Assistant.
-- **launchMode**  Indicates the type of launch performed.
-- **launchTypeReason**  A bitmask of all the reasons for type of launch.
-- **triggerTaskSource**  Indicates which task launches this instance.
-
-
-### Microsoft.Windows.UpdateAssistant.Orchestrator.RestoreEventId
-
-The event sends basic info on whether the Windows 10 update notification has previously launched. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **clientID**  ID of the current release of Update Assistant.
-- **restoreReason**  All the reasons for the restore.
-- **triggerTaskSource**  Indicates which task launches this instance.
-
-
-## Update events
-
-### Update360Telemetry.Revert
-
-This event sends data relating to the Revert phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the Revert phase.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RebootRequired**  Indicates reboot is required.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-
-
-### Update360Telemetry.UpdateAgentCommit
-
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentDownloadRequest
-
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
-- **DownloadRequests**  Number of times a download was retried.
-- **ErrorCode**  The error code returned for the current download request phase.
-- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
-- **FlightId**  Unique ID for each flight.
-- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
-- **ObjectId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **PackageCategoriesSkipped**  Indicates package categories that were skipped, if applicable.
-- **PackageCountOptional**  Number of optional packages requested.
-- **PackageCountRequired**  Number of required packages requested.
-- **PackageCountTotal**  Total number of packages needed.
-- **PackageCountTotalCanonical**  Total number of canonical packages.
-- **PackageCountTotalDiff**  Total number of diff packages.
-- **PackageCountTotalExpress**  Total number of express packages.
-- **PackageExpressType**  Type of express package.
-- **PackageSizeCanonical**  Size of canonical packages in bytes.
-- **PackageSizeDiff**  Size of diff packages in bytes.
-- **PackageSizeExpress**  Size of express packages in bytes.
-- **RangeRequestState**  Indicates the range request type used.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the download request phase of update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt (same value for initialize, download, install commit phases).
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentExpand
-
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ElapsedTickCount**  Time taken for expand phase.
-- **EndFreeSpace**  Free space after expand phase.
-- **EndSandboxSize**  Sandbox size after expand phase.
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **StartFreeSpace**  Free space before expand phase.
-- **StartSandboxSize**  Sandbox size after expand phase.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentFellBackToCanonical
-
-This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PackageCount**  Number of packages that feel back to canonical.
-- **PackageList**  PackageIds which fell back to canonical.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInitialize
-
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **FlightMetadata**  Contains the FlightId and the build being flighted.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionData**  String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInstall
-
-This event sends data for the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
-- **FlightId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
-- **ObjectId**  Correlation vector value generated from the latest USO scan.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  The result for the current install phase.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentMerge
-
-The UpdateAgentMerge event sends data on the merge phase when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current merge phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Related correlation vector value.
-- **Result**  Outcome of the merge phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentMitigationResult
-
-This event sends data indicating the result of each update agent mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  Indicates whether the mitigation is applicable for the current update.
-- **CommandCount**  The number of command operations in the mitigation entry.
-- **CustomCount**  The number of custom operations in the mitigation entry.
-- **FileCount**  The number of file operations in the mitigation entry.
-- **FlightId**  Unique identifier for each flight.
-- **Index**  The mitigation index of this particular mitigation.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **Name**  The friendly name of the mitigation.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **OperationIndex**  The mitigation operation index (in the event of a failure).
-- **OperationName**  The friendly name of the mitigation operation (in the event of failure).
-- **RegistryCount**  The number of registry operations in the mitigation entry.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentMitigationSummary
-
-This event sends a summary of all the update agent mitigations available for this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  The count of mitigations that were applicable to the system and scenario.
-- **Failed**  The count of mitigations that failed.
-- **FlightId**  Unique identifier for each flight.
-- **MitigationScenario**  The update scenario in which the mitigations were attempted.
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing all mitigations (in 100-nanosecond increments).
-- **Total**  Total number of mitigations that were available.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **Mode**  Indicates the mode that has started.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **Version**  Version of update
-
-
-### Update360Telemetry.UpdateAgentOneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Count**  The count of applicable OneSettings for the device.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-- **Values**  The values sent back to the device, if applicable.
-
-
-### Update360Telemetry.UpdateAgentPostRebootResult
-
-This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current post reboot phase.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PostRebootResult**  Indicates the Hresult.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentReboot
-
-This event sends information indicating that a request has been sent to suspend an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Update360Telemetry.UpdateAgentSetupBoxLaunch
-
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ContainsExpressPackage**  Indicates whether the download package is express.
-- **FlightId**  Unique ID for each flight.
-- **FreeSpace**  Free space on OS partition.
-- **InstallCount**  Number of install attempts using the same sandbox.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **Quiet**  Indicates whether setup is running in quiet mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **SandboxSize**  Size of the sandbox.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **SetupMode**  Mode of setup to be launched.
-- **UpdateId**  Unique ID for each Update.
-- **UserSession**  Indicates whether install was invoked by user actions.
-
-
-## Update notification events
-
-### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage
-
-This event indicates that Javascript is reporting a schema and a set of values for critical telemetry. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version of the current campaign.
-- **CampaignID**  ID of the currently running campaign.
-- **ConfigCatalogVersion**  Current catalog version of the update notification.
-- **ContentVersion**  Content version of the current update notification campaign.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign.
-- **GlobalEventCounter**  Client side counter that indicates the ordering of events sent by this user.
-- **key1**  UI interaction data.
-- **key10**  UI interaction data.
-- **key11**  UI interaction data.
-- **key12**  UI interaction data.
-- **key13**  UI interaction data.
-- **key14**  UI interaction data.
-- **key15**  UI interaction data.
-- **key16**  UI interaction data.
-- **key17**  UI interaction data.
-- **key18**  UI interaction data.
-- **key19**  UI interaction data.
-- **key2**  UI interaction data.
-- **key20**  UI interaction data.
-- **key21**  UI interaction data.
-- **key22**  UI interaction data.
-- **key23**  UI interaction data.
-- **key24**  UI interaction data.
-- **key25**  UI interaction data.
-- **key26**  The interaction data for the user interface.
-- **key27**  UI interaction data.
-- **key28**  UI interaction data.
-- **key29**  UI interaction data.
-- **key3**  UI interaction data.
-- **key30**  UI interaction data.
-- **key4**  UI interaction data.
-- **key5**  UI interaction data.
-- **key6**  UI interaction data.
-- **key7**  UI interaction data.
-- **key8**  UI interaction data.
-- **key9**  UI interaction data.
-- **PackageVersion**  Current package version of the update notification.
-- **schema**  UI interaction type.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat
-
-This event is sent at the start of each campaign, to be used as a heartbeat. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Current campaign that is running on Update Notification Pipeline.
-- **ConfigCatalogVersion**  Current catalog version of Update Notification Pipeline.
-- **ContentVersion**  Content version for the current campaign on Update Notification Pipeline.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on Update Notification Pipeline.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current package version for Update Notification Pipeline.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerCleaningCampaign
-
-This event indicates that the Campaign Manager is cleaning up the campaign content. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  The current campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  The current catalog version of the Update Notification Pipeline (UNP).
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current UNP package version.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerGetIsCamppaignCompleteFailed
-
-This event is sent when a campaign completion status query fails. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Current campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **hresult**  HRESULT of the failure.
-- **PackageVersion**  Current UNP package version.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat
-
-This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Currently campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current UNP package version.
-
-
-### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerRunCampaignFailed
-
-This event is sent when the Campaign Manager encounters an unexpected error while running the campaign. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Currently campaign that's running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **hresult**  HRESULT of the failure.
-- **PackageVersion**  Current UNP package version.
-
-
-## Upgrade events
-
-### FacilitatorTelemetry.DCATDownload
-
-This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **DownloadSize**  Download size of payload.
-- **ElapsedTime**  Time taken to download payload.
-- **MediaFallbackUsed**  Used to determine if we used Media CompDBs to figure out package requirements for the upgrade.
-- **ResultCode**  Result returned by the Facilitator DCAT call.
-- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
-- **Type**  Type of package that was downloaded.
-
-
-### FacilitatorTelemetry.DUDownload
-
-This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PackageCategoriesFailed**  Lists the categories of packages that failed to download.
-- **PackageCategoriesSkipped**  Lists the categories of package downloads that were skipped.
-
-
-### FacilitatorTelemetry.InitializeDU
-
-This event determines whether devices received additional or critical supplemental content during an OS upgrade. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DCATUrl**  The Delivery Catalog (DCAT) URL we send the request to.
-- **DownloadRequestAttributes**  The attributes we send to DCAT.
-- **ResultCode**  The result returned from the initialization of Facilitator with the URL/attributes.
-- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
-- **Url**  The Delivery Catalog (DCAT) URL we send the request to.
-- **Version**  Version of Facilitator.
-
-
-### Setup360Telemetry.Downlevel
-
-This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ClientId**  If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the downlevel OS.
-- **HostOsSkuName**  The operating system edition which is running Setup360 instance (downlevel OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
-- **Setup360Result**  The result of Setup360 (HRESULT used to diagnose errors).
-- **Setup360Scenario**  The Setup360 flow type (for example, Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  An ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
-
-
-### Setup360Telemetry.Finalize
-
-This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.OsUninstall
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase or action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PostRebootInstall
-
-This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
-
-
-### Setup360Telemetry.PreDownloadQuiet
-
-This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous operating system).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreDownloadUX
-
-This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous operating system.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous operating system).
-- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PreInstallQuiet
-
-This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  Setup360 flow type (Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreInstallUX
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date.  Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type, Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.Setup360
-
-This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FieldName**  Retrieves the data point.
-- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
-- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **ReportId**  Retrieves the report ID.
-- **ScenarioId**  Retrieves the deployment scenario.
-- **Value**  Retrieves the value associated with the corresponding FieldName.
-
-
-### Setup360Telemetry.Setup360DynamicUpdate
-
-This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
-- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **Operation**  Facilitator’s last known operation (scan, download, etc.).
-- **ReportId**  ID for tying together events stream side.
-- **ResultCode**  Result returned for the entire setup operation.
-- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
-- **ScenarioId**  Identifies the update scenario.
-- **TargetBranch**  Branch of the target OS.
-- **TargetBuild**  Build of the target OS.
-
-
-### Setup360Telemetry.Setup360MitigationResult
-
-This event sends data indicating the result of each setup mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  TRUE if the mitigation is applicable for the current update.
-- **ClientId**  In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **CommandCount**  The number of command operations in the mitigation entry.
-- **CustomCount**  The number of custom operations in the mitigation entry.
-- **FileCount**  The number of file operations in the mitigation entry.
-- **FlightData**  The unique identifier for each flight (test release).
-- **Index**  The mitigation index of this particular mitigation.
-- **InstanceId**  The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **Name**  The friendly (descriptive) name of the mitigation.
-- **OperationIndex**  The mitigation operation index (in the event of a failure).
-- **OperationName**  The friendly (descriptive) name of the mitigation operation (in the event of failure).
-- **RegistryCount**  The number of registry operations in the mitigation entry.
-- **ReportId**  In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
-- **Result**  HResult of this operation.
-- **ScenarioId**  Setup360 flow type.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-
-
-### Setup360Telemetry.Setup360MitigationSummary
-
-This event sends a summary of all the setup mitigations available for this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  The count of mitigations that were applicable to the system and scenario.
-- **ClientId**  The Windows Update client ID passed to Setup.
-- **Failed**  The count of mitigations that failed.
-- **FlightData**  The unique identifier for each flight (test release).
-- **InstanceId**  The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
-- **MitigationScenario**  The update scenario in which the mitigations were attempted.
-- **ReportId**  In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
-- **Result**  HResult of this operation.
-- **ScenarioId**  Setup360 flow type.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-- **Total**  The total number of mitigations that were available.
-
-
-### Setup360Telemetry.Setup360OneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The Windows Update client ID passed to Setup.
-- **Count**  The count of applicable OneSettings for the device.
-- **FlightData**  The ID for the flight (test instance version).
-- **InstanceId**  The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
-- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
-- **ReportId**  The Update ID passed to Setup.
-- **Result**  The HResult of the event error.
-- **ScenarioId**  The update scenario ID.
-- **Values**  Values sent back to the device, if applicable.
-
-
-### Setup360Telemetry.UnexpectedEvent
-
-This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-## Windows as a Service diagnostic events
-
-### Microsoft.Windows.WaaSMedic.DetectionFailed
-
-This event is sent when WaaSMedic fails to apply the named diagnostic. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **diagnostic**  Parameter where the diagnostic failed.
-- **hResult**  Error code from attempting the diagnostic.
-- **isDetected**  Flag indicating whether the condition was detected.
-- **pluginName**  Name of the attempted diagnostic.
-- **versionString**  The version number of the remediation engine.
-
-
-### Microsoft.Windows.WaaSMedic.EngineFailed
-
-This event indicates failure during medic engine execution. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **hResult**  Error code from the execution.
-- **versionString**  Version of Medic engine.
-
-
-### Microsoft.Windows.WaaSMedic.RemediationFailed
-
-This event is sent when the WaaS Medic update stack remediation tool fails to apply a described resolution to a problem that is blocking Windows Update from operating correctly on a target device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **diagnostic**  Parameter where the resolution failed.
-- **hResult**  Error code that resulted from attempting the resolution.
-- **isRemediated**  Indicates whether the condition was remediated.
-- **pluginName**  Name of the attempted resolution.
-- **versionString**  Version of the engine.
-
-
-### Microsoft.Windows.WaaSMedic.SummaryEvent
-
-This event provides the result of the WaaSMedic operation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **detectionSummary**  Result of each applicable detection that was run.
-- **featureAssessmentImpact**  WaaS Assessment impact for feature updates.
-- **hrEngineResult**  Error code from the engine operation.
-- **insufficientSessions**  Device not eligible for diagnostics.
-- **isManaged**  Device is managed for updates.
-- **isWUConnected**  Device is connected to Windows Update.
-- **noMoreActions**  No more applicable diagnostics.
-- **qualityAssessmentImpact**  WaaS Assessment impact for quality updates.
-- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
-- **usingBackupFeatureAssessment**  Relying on backup feature assessment.
-- **usingBackupQualityAssessment**  Relying on backup quality assessment.
-- **usingCachedFeatureAssessment**  WaaS Medic run did not get OS build age from the network on the previous run.
-- **usingCachedQualityAssessment**  WaaS Medic run did not get OS revision age from the network on the previous run.
-- **versionString**  Version of the WaaSMedic engine.
-
-
-## Windows Error Reporting events
-
-### Microsoft.Windows.WERVertical.OSCrash
-
-This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
-
-The following fields are available:
-
-- **BootId**  Uint32 identifying the boot number for this device.
-- **BugCheckCode**  Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
-- **BugCheckParameter1**  Uint64 parameter providing additional information.
-- **BugCheckParameter2**  Uint64 parameter providing additional information.
-- **BugCheckParameter3**  Uint64 parameter providing additional information.
-- **BugCheckParameter4**  Uint64 parameter providing additional information.
-- **DumpFileAttributes**  Codes that identify the type of data contained in the dump file
-- **DumpFileSize**  Size of the dump file
-- **IsValidDumpFile**  True if the dump file is valid for the debugger, false otherwise
-- **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
-
-
-## Windows Error Reporting MTT events
-
-### Microsoft.Windows.WER.MTT.Denominator
-
-This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date.
-
-The following fields are available:
-
-- **Value**  Standard UTC emitted DP value structure See [Microsoft.Windows.WER.MTT.Value](#microsoftwindowswermttvalue).
-
-
-### Microsoft.Windows.WER.MTT.Value
-
-This event is used for differential privacy to help keep Windows up to date.
-
-The following fields are available:
-
-- **Algorithm**  Privacy protecting algorithm used for randomization.
-- **DPRange**  Maximum mean value range.
-- **DPValue**  Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate mean.
-- **Epsilon**  Constant used in algorithm for randomization.
-- **HistType**  Histogram type.
-- **PertProb**  Constant used in algorithm for randomization.
-
-
-## Windows Store events
-
-### Microsoft.Windows.Store.StoreActivating
-
-This event sends tracking data about when the Store app activation via protocol URI is in progress, to help keep Windows up to date.
-
-The following fields are available:
-
-- **correlationVectorRoot**  Identifies multiple events within a session/sequence. Initial value before incrementation or extension.
-- **protocolUri**  Protocol URI used to activate the store.
-- **reason**  The reason for activating the store.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
-
-This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The Item Bundle ID.
-- **CategoryId**  The Item Category ID.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Was this a mandatory update?
-- **IsRemediation**  Was this a remediation install?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Flag indicating if this is an update.
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The product family name of the product being installed.
-- **ProductId**  The identity of the package or packages being installed.
-- **SystemAttemptNumber**  The total number of automatic attempts at installation before it was canceled.
-- **UserAttemptNumber**  The total number of user attempts at installation before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
-
-This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
-
-This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
-
-This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all package or packages to be downloaded and installed.
-- **AttemptNumber**  Total number of installation attempts.
-- **BundleId**  The identity of the Windows Insider build that is associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this an automatic restore of a previously acquired product?
-- **IsUpdate**  Is this a product update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of all packages to be downloaded and installed.
-- **PreviousHResult**  The previous HResult code.
-- **PreviousInstallState**  Previous installation state before it was canceled.
-- **ProductId**  The name of the package or packages requested for installation.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  Total number of automatic attempts to install before it was canceled.
-- **UserAttemptNumber**  Total number of user attempts to install before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
-
-This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The Store Product ID of the app being installed.
-- **HResult**  HResult code of the action being performed.
-- **IsBundle**  Is this a bundle?
-- **PackageFamilyName**  The name of the package being installed.
-- **ProductId**  The Store Product ID of the product being installed.
-- **SkuId**  Specific edition of the item being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
-
-This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  Includes a set of package full names for each app that is part of an atomic set.
-- **AttemptNumber**  The total number of attempts to acquire this product.
-- **BundleId**  The bundle ID
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  HResult code to show the result of the operation (success/failure).
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Did the user initiate the installation?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this happening after a device restore?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to acquire this product.
-- **UserAttemptNumber**  The number of attempts by the user to acquire this product
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
-
-This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The identity of the Windows Insider build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **DownloadSize**  The total size of the download.
-- **ExtendedHResult**  Any extended HResult error codes.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this initiated by the user?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this a restore of a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  The Product Family Name of the app being download.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to download.
-- **UserAttemptNumber**  The number of attempts by the user to download.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
-
-This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
-
-This event is sent after sending the inventory of the products installed to determine whether updates for those products are available.  It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
-
-This event is sent after a product has been installed to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **ExtendedHResult**  The extended HResult error code.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this an interactive installation?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  Licensing identity of this package.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
-
-This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsApplicability**  Is this request to only check if there are any applicable packages to install?
-- **IsInteractive**  Is this user requested?
-- **IsOnline**  Is the request doing an online check?
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
-
-This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
-
-This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of system attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
-
-This event is sent after a scan for available app updates to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
-
-This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The name of the product catalog from which this app was chosen.
-- **FailedRetry**  Indicates whether the installation or update retry was successful.
-- **HResult**  Resulting HResult error/success code of this call
-- **PFN**  Package Family Name of the app that being installed or updated
-- **ProductId**  Product Id of the app that is being updated or installed
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
-
-This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The name of the product catalog from which this app was chosen.
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **ProductId**  The product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
-
-This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **BundleId**  The identity of the build associated with this product.
-- **CatalogId**  If this product is from a private catalog, the Store Product ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specific edition ID being installed.
-- **VolumePath**  The disk path of the installation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
-
-This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The Product Full Name.
-- **PreviousHResult**  The result code of the last action performed before this operation.
-- **PreviousInstallState**  Previous state before the installation or update was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
-
-This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **IsUserRetry**  Did the user initiate the retry?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **PreviousHResult**  The previous HResult error code.
-- **PreviousInstallState**  Previous state before the installation was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector for the original install before it was resumed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
-
-This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ProductId**  The Store Product ID for the product being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
-
-This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The Store Catalog ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specific edition of the app being updated.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
-
-This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **PFamN**  The name of the app that is requested for update.
-
-
-## Windows Update CSP events
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed
-
-This event sends basic telemetry on the failure of the Feature Rollback. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **hResult**  Failure error code.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable
-
-This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted
-
-This event sends basic information indicating that Feature Rollback has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureSucceeded
-
-This event sends basic telemetry on the success of the rollback of feature updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityFailed
-
-This event sends basic telemetry on the failure of the rollback of the Quality/LCU builds. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **hResult**  Failure error code.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityNotApplicable
-
-This event informs you whether a rollback of Quality updates is applicable to the devices that you are attempting to rollback. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityStarted
-
-This event indicates that the Quality Rollback process has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualitySucceeded
-
-This event sends basic telemetry on the success of the rollback of the Quality/LCU builds. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-## Windows Update Delivery Optimization events
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
-
-This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download being done in the background?
-- **bytesFromCacheServer**  Bytes received from a cache host.
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same group.
-- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **callerName**  Name of the API caller.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **gCurMemoryStreamBytes**  Current usage for memory streaming.
-- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
-- **isVpn**  Indicates whether the device is connected to a VPN (Virtual Private Network).
-- **jobID**  Identifier for the Windows Update job.
-- **predefinedCallerName**  The name of the API Caller.
-- **reasonCode**  Reason the action or event occurred.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the file download session.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
-
-This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **bytesFromCacheServer**  Bytes received from a cache host.
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same domain group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same domain group.
-- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **bytesRequested**  The total number of bytes requested for download.
-- **cacheServerConnectionCount**  Number of connections made to cache hosts.
-- **callerName**  Name of the API caller.
-- **cdnConnectionCount**  The total number of connections made to the CDN.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp**  The IP address of the source CDN.
-- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downlinkBps**  The maximum measured available download bandwidth (in bytes per second).
-- **downlinkUsageBps**  The download speed (in bytes per second).
-- **downloadMode**  The download mode used for this file download session.
-- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **fileSize**  The size of the file being downloaded.
-- **gCurMemoryStreamBytes**  Current usage for memory streaming.
-- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
-- **groupConnectionCount**  The total number of connections made to peers in the same group.
-- **internetConnectionCount**  The total number of connections made to peers not in the same LAN or the same group.
-- **isEncrypted**  TRUE if the file is encrypted and will be decrypted after download.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **lanConnectionCount**  The total number of connections made to peers in the same LAN.
-- **numPeers**  The total number of peers used for this download.
-- **predefinedCallerName**  The name of the API Caller.
-- **restrictedUpload**  Is the upload restricted?
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the download session.
-- **totalTimeMs**  Duration of the download (in seconds).
-- **updateID**  The ID of the update being downloaded.
-- **uplinkBps**  The maximum measured available upload bandwidth (in bytes per second).
-- **uplinkUsageBps**  The upload speed (in bytes per second).
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
-
-This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **callerName**  The name of the API caller.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being paused.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **predefinedCallerName**  The name of the API Caller object.
-- **reasonCode**  The reason for pausing the download.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID of the download session.
-- **updateID**  The ID of the update being paused.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
-
-This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Indicates whether the download is happening in the background.
-- **bytesRequested**  Number of bytes requested for the download.
-- **callerName**  Name of the API caller.
-- **cdnUrl**  The URL of the source Content Distribution Network (CDN).
-- **costFlags**  A set of flags representing network cost.
-- **deviceProfile**  Identifies the usage or form factor (such as Desktop, Xbox, or VM).
-- **diceRoll**  Random number used for determining if a client will use peering.
-- **doClientVersion**  The version of the Delivery Optimization client.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downloadMode**  The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
-- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **errorCode**  The error code that was returned.
-- **experimentId**  ID used to correlate client/services calls that are part of the same test during A/B testing.
-- **fileID**  The ID of the file being downloaded.
-- **filePath**  The path to where the downloaded file will be written.
-- **fileSize**  Total file size of the file that was downloaded.
-- **fileSizeCaller**  Value for total file size provided by our caller.
-- **groupID**  ID for the group.
-- **isEncrypted**  Indicates whether the download is encrypted.
-- **isVpn**  Indicates whether the device is connected to a Virtual Private Network.
-- **jobID**  The ID of the Windows Update job.
-- **minDiskSizeGB**  The minimum disk size (in GB) policy set for the device to allow peering with delivery optimization.
-- **minDiskSizePolicyEnforced**  Indicates whether there is an enforced minimum disk size requirement for peering.
-- **minFileSizePolicy**  The minimum content file size policy to allow the download using peering with delivery optimization.
-- **peerID**  The ID for this delivery optimization client.
-- **predefinedCallerName**  Name of the API caller.
-- **scenarioID**  The ID of the scenario.
-- **sessionID**  The ID for the file download session.
-- **setConfigs**  A JSON representation of the configurations that have been set, and their sources.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  Indicates whether the download used memory streaming.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
-
-This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cdnHeaders**  The HTTP headers returned by the CDN.
-- **cdnIp**  The IP address of the CDN.
-- **cdnUrl**  The URL of the CDN.
-- **errorCode**  The error code that was returned.
-- **errorCount**  The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **httpStatusCode**  The HTTP status code returned by the CDN.
-- **isHeadRequest**  The type of  HTTP request that was sent to the CDN. Example: HEAD or GET
-- **peerType**  The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
-- **requestOffset**  The byte offset within the file in the sent request.
-- **requestSize**  The size of the range requested from the CDN.
-- **responseSize**  The size of the range response received from the CDN.
-- **sessionID**  The ID of the download session.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.JobError
-
-This event represents a Windows Update job error. It allows for investigation of top errors. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cdnIp**  The IP Address of the source CDN (Content Delivery Network).
-- **doErrorCode**  Error code returned for delivery optimization.
-- **errorCode**  The error code returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **jobID**  The Windows Update job ID.
-
-
-## Windows Update events
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
-
-This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activated**  Whether the entire device manifest update is considered activated and in use.
-- **analysisErrorCount**  The number of driver packages that could not be analyzed because errors occurred during analysis.
-- **flightId**  Unique ID for each flight.
-- **missingDriverCount**  The number of driver packages delivered by the device manifest that are missing from the system.
-- **missingUpdateCount**  The number of updates in the device manifest that are missing from the system.
-- **objectId**  Unique value for each diagnostics session.
-- **publishedCount**  The number of drivers packages delivered by the device manifest that are published and available to be used on devices.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **scenarioId**  Indicates the update scenario.
-- **sessionId**  Unique value for each update session.
-- **summary**  A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
-- **summaryAppendError**  A Boolean indicating if there was an error appending more information to the summary string.
-- **truncatedDeviceCount**  The number of devices missing from the summary string because there is not enough room in the string.
-- **truncatedDriverCount**  The number of driver packages missing from the summary string because there is not enough room in the string.
-- **unpublishedCount**  How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices.
-- **updateId**  The unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit
-
-This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  The unique GUID for each diagnostics session.
-- **relatedCV**  A correlation vector value generated from the latest USO scan.
-- **result**  Outcome of the initialization of the session.
-- **scenarioId**  Identifies the Update scenario.
-- **sessionId**  The unique value for each update session.
-- **updateId**  The unique identifier for each Update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest
-
-This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deletedCorruptFiles**  Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  Unique value for each Update Agent mode.
-- **packageCountOptional**  Number of optional packages requested.
-- **packageCountRequired**  Number of required packages requested.
-- **packageCountTotal**  Total number of packages needed.
-- **packageCountTotalCanonical**  Total number of canonical packages.
-- **packageCountTotalDiff**  Total number of diff packages.
-- **packageCountTotalExpress**  Total number of express packages.
-- **packageSizeCanonical**  Size of canonical packages in bytes.
-- **packageSizeDiff**  Size of diff packages in bytes.
-- **packageSizeExpress**  Size of express packages in bytes.
-- **rangeRequestState**  Represents the state of the download range request.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Result of the download request phase of update.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
-
-This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **flightMetadata**  Contains the FlightId and the build being flighted.
-- **objectId**  Unique value for each Update Agent mode.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCanceled.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall
-
-This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current install phase.
-- **flightId**  The unique identifier for each flight (pre-release builds).
-- **objectId**  Unique value for each diagnostics session.
-- **relatedCV**  Correlation vector value generated from the latest scan.
-- **result**  Outcome of the install phase of the update.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **sessionId**  Unique value for each update session.
-- **updateId**  Unique ID for each Update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightId**  The unique identifier for each flight (pre-release builds).
-- **mode**  Indicates the active Update Agent mode.
-- **objectId**  Unique value for each diagnostics session.
-- **relatedCV**  Correlation vector value generated from the latest scan.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **sessionId**  The unique identifier for each update session.
-- **updateId**  The unique identifier for each Update.
-
-
-### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
-
-This event indicates that a notification dialog box is about to be displayed to user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown.
-- **DaysSinceRebootRequired**  Number of days since restart was required.
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **EngagedModeLimit**  The number of days to switch between DTE dialog boxes.
-- **EnterAutoModeLimit**  The maximum number of days for a device to enter Auto Reboot mode.
-- **ETag**  OneSettings versioning value.
-- **IsForcedEnabled**  Indicates whether Forced Reboot mode is enabled for this device.
-- **IsUltimateForcedEnabled**  Indicates whether Ultimate Forced Reboot mode is enabled for this device.
-- **NotificationUxState**  Indicates which dialog box is shown.
-- **NotificationUxStateString**  Indicates which dialog box is shown.
-- **RebootUxState**  Indicates  the state of the restart (Engaged, Auto, Forced, or UltimateForced).
-- **RebootUxStateString**  Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
-- **RebootVersion**  Version of DTE.
-- **SkipToAutoModeLimit**  The minimum length of time to pass in restart pending before a device can be put into auto mode.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UtcTime**  The time the dialog box notification will be displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog
-
-This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose on this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog
-
-This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose in this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootForcedPrecursorDialog
-
-This event indicates that the Enhanced Engaged restart "forced precursor" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-- **UtcTime**  The time the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootForcedWarningDialog
-
-This event indicates that the Enhanced Engaged "forced warning" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
-
-This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time of the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
-
-This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  Time the dialog box was shown on the local device.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose in this dialog box.
-- **UtcTime**  The time that dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog
-
-This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The time at which the reboot reminder dialog was shown (based on the local device time settings).
-- **ETag**  The OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the reboot reminder dialog box.
-- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
-- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
-- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
-- **UserResponseString**  The option chosen by the user on the reboot dialog box.
-- **UtcTime**  The time at which the reboot reminder dialog was shown (in UTC).
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootSecondReminderDialog
-
-This event indicates that the second reminder dialog box was displayed for Enhanced Engaged restart. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The time the dialog box was shown on the local device.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootThirdReminderDialog
-
-This event indicates that the third reminder dialog box for Enhanced Engaged restart was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The time the dialog box was shown on the local device.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedSecondRebootReminderDialog
-
-This event is sent when a second reminder dialog is displayed during Enhanced Engaged Reboot.
-
-
-
-### Microsoft.Windows.Update.NotificationUx.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows secure and up-to-date by indicating when a reboot is scheduled by the system or a user for a security, quality, or feature update.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether an Active Hours policy is present on the device.
-- **IsEnhancedEngagedReboot**  Indicates whether this is an Enhanced Engaged reboot.
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  Indicates whether a restart is scheduled outside of active hours.
-- **rebootScheduledByUser**  Indicates whether the restart was scheduled by user (if not, it was scheduled automatically).
-- **rebootState**  The current state of the restart.
-- **revisionNumber**  Revision number of the update that is getting installed with this restart.
-- **scheduledRebootTime**  Time of the scheduled restart.
-- **scheduledRebootTimeInUTC**  Time of the scheduled restart in Coordinated Universal Time.
-- **updateId**  ID of the update that is getting installed with this restart.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
-
-This event indicates a policy is present that may restrict update activity to outside of active hours. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursEnd**  The end of the active hours window.
-- **activeHoursStart**  The start of the active hours window.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours
-
-This event indicates that update activity was blocked because it is within the active hours window. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursEnd**  The end of the active hours window.
-- **activeHoursStart**  The start of the active hours window.
-- **blockReason**  Reason for stopping the update activity.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel
-
-This event indicates that Windows Update activity was blocked due to low battery level. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  The current battery charge capacity.
-- **batteryLevelThreshold**  The battery capacity threshold to stop update activity.
-- **blockReason**  Reason for stopping Windows Update activity.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.CommitFailed
-
-This event indicates that a device was unable to restart after an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code that was returned.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.Update.Orchestrator.DeferRestart
-
-This event indicates that a restart required for installing updates was postponed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **displayNeededReason**  List of reasons for needing display.
-- **eventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **filteredDeferReason**  Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
-- **gameModeReason**  Name of the executable that caused the game mode state check to start.
-- **ignoredReason**  List of reasons that were intentionally ignored.
-- **raisedDeferReason**  Indicates all potential reasons for postponing restart (such as user active, or low battery).
-- **revisionNumber**  Update ID revision number.
-- **systemNeededReason**  List of reasons why system is needed.
-- **updateId**  Update ID.
-- **updateScenarioType**  Update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Detection
-
-This event sends launch data for a Windows Update scan to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  The reason why the device could not check for updates.
-- **detectionBlockingPolicy**  The Policy that blocked detection.
-- **detectionBlockreason**  The reason detection did not complete.
-- **detectionRetryMode**  Indicates whether we will try to scan again.
-- **errorCode**  The error code returned for the current process.
-- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was canceled, succeeded, or failed.
-- **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
-- **interactive**  Indicates whether the user initiated the session.
-- **networkStatus**  Indicates if the device is connected to the internet.
-- **revisionNumber**  The Update revision number.
-- **scanTriggerSource**  The source of the triggered scan.
-- **updateId**  The unique identifier of the Update.
-- **updateScenarioType**  Identifies the type of update session being performed.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DetectionResult
-
-This event runs when an update is detected. This helps ensure Windows is secure and kept up to date.
-
-The following fields are available:
-
-- **applicableUpdateIdList**  A list of applicable update IDs.
-- **applicableUpdateList**  A list of applicable update names.
-- **seekerUpdateIdList**  A list of optional update IDs.
-- **seekerUpdateList**  A list of optional update names.
-- **wuDeviceid**  The Windows Update device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
-
-This event indicates the reboot was postponed due to needing a display. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **displayNeededReason**  Reason the display is needed.
-- **eventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### Microsoft.Windows.Update.Orchestrator.Download
-
-This event sends launch data for a Windows Update download to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  Reason for download not completing.
-- **errorCode**  An error code represented as a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the session is user initiated.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit
-
-This event indicates that DTU completed installation of the electronic software delivery (ESD), when Windows Update was already in Pending Commit phase of the feature update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DTUEnabled
-
-This event indicates that Inbox DTU functionality was enabled. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DTUInitiated
-
-This event indicates that Inbox DTU functionality was initiated. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **dtuErrorCode**  Return code from creating the DTU Com Server.
-- **isDtuApplicable**  Determination of whether DTU is applicable to the machine it is running on.
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Escalation
-
-This event is sent when USO takes an Escalation action on a device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configVersion**  Escalation config version on device.
-- **escalationAction**  Indicate the specific escalation action that took place on device.
-- **updateClassificationGUID**  GUID of the update the device is offered.
-- **updateId**  ID of the update the device is offered.
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels
-
-This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configVersion**  The escalation configuration version on the device.
-- **downloadElapsedTime**  Indicates how long since the download is required on device.
-- **downloadRiskLevel**  At-risk level of download phase.
-- **installElapsedTime**  Indicates how long since the install is required on device.
-- **installRiskLevel**  The at-risk level of install phase.
-- **isSediment**  Assessment of whether is device is at risk.
-- **scanElapsedTime**  Indicates how long since the scan is required on device.
-- **scanRiskLevel**  At-risk level of the scan phase.
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.EscalationsRefreshFailed
-
-USO has a set of escalation actions to prevent a device from becoming out-of-date, and the actions are triggered based on the Escalation configuration that USO obtains from OneSettings. This event is sent when USO fails to refresh the escalation configuration from OneSettings. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configVersion**  Current escalation config version on device.
-- **errorCode**  Error code for the refresh failure.
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
-
-This event sends data on whether the update was applicable to the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time when this event was generated.
-- **flightID**  The specific ID of the Windows Insider build.
-- **revisionNumber**  Update revision number.
-- **updateId**  Unique Windows Update ID.
-- **updateScenarioType**  Update session type.
-- **UpdateStatus**  Last status of update.
-- **UUPFallBackConfigured**  Indicates whether UUP fallback is configured.
-- **wuDeviceid**  Unique Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.GameActive
-
-This event indicates that an enabled GameMode process prevented the device from restarting to complete an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed.
-- **gameModeReason**  Name of the enabled GameMode process that prevented the device from restarting to complete an update.
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
-
-This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time of the event.
-- **flightID**  Unique update ID
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Install
-
-This event sends launch data for a Windows Update install to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **errorCode**  The error code reppresented by a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The ID of the Windows Insider build the device is getting.
-- **flightUpdate**  Indicates whether the update is a Windows Insider build.
-- **ForcedRebootReminderSet**  A boolean value that indicates if a forced reboot will happen for updates.
-- **installCommitfailedtime**  The time it took for a reboot to happen but the upgrade failed to progress.
-- **installRebootinitiatetime**  The time it took for a reboot to be attempted.
-- **interactive**  Identifies if session is user initiated.
-- **minutesToCommit**  The time it took to install updates.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.LowUptimes
-
-This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **isLowUptimeMachine**  Is the machine considered low uptime or not.
-- **lowUptimeMinHours**  Current setting for the minimum number of hours needed to not be considered low uptime.
-- **lowUptimeQueryDays**  Current setting for the number of recent days to check for uptime.
-- **uptimeMinutes**  Number of minutes of uptime measured.
-- **wuDeviceid**  Unique device ID for Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
-
-This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **externalOneshotupdate**  The last time a task-triggered scan was completed.
-- **interactiveOneshotupdate**  The last time an interactive scan was completed.
-- **oldlastscanOneshotupdate**  The last time a scan completed successfully.
-- **wuDeviceid**  The Windows Update Device GUID (Globally-Unique ID).
-
-
-### Microsoft.Windows.Update.Orchestrator.OobeUpdate
-
-This event sends data to device when Oobe Update download is in progress. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  A flight ID.
-- **revisionNumber**  A revision number.
-- **updateId**  An update ID.
-- **updateScenarioType**  A type of update scenario.
-- **wuDeviceid**  A device ID associated with Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.PostInstall
-
-This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in megawatt-hours (mWh) or percentage left.
-- **bundleId**  The unique identifier associated with the specific content bundle.
-- **bundleRevisionnumber**  Identifies the revision number of the content bundle.
-- **errorCode**  The error code returned for the current phase.
-- **eventScenario**  State of update action.
-- **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
-- **sessionType**  The Windows Update session type (Interactive or Background).
-- **updateScenarioType**  Identifies the type of Update session being performed.
-- **wuDeviceid**  The unique device identifier used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged
-
-This event is sent when the options in power menu changed, usually due to an update pending reboot, or after an update is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **powermenuNewOptions**  The new options after the power menu changed.
-- **powermenuOldOptions**  The old options before the power menu changed.
-- **rebootPendingMinutes**  If the power menu changed because a reboot is pending due to an update, this indicates how long that reboot has been pending.
-- **wuDeviceid**  The device ID recorded by Windows Update if the power menu changed because a reboot is pending due to an update.
-
-
-### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
-
-This event is generated before the shutdown and commit operations. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### Microsoft.Windows.Update.Orchestrator.Progress
-
-This event is sent when the download of a update reaches a milestone change, such as a change in network cost policy, completion of an internal phase, or change in a transient state. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  Error code returned.
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Identifies whether the session is user initiated.
-- **networkCostPolicy**  The current network cost policy on device.
-- **revisionNumber**  Update ID revision number.
-- **updateId**  Unique ID for each update.
-- **updateScenarioType**  Update Session type.
-- **updateState**  Subphase of the download.
-- **UpdateStatus**  Subphase of the update.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RebootFailed
-
-This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **EventPublishedTime**  The time that the reboot failure occurred.
-- **flightID**  Unique update ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot was scheduled outside of active hours.
-- **RebootResults**  Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RefreshSettings
-
-This event sends basic data about the version of upgrade settings applied to the system to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  Hex code for the error message, to allow lookup of the specific error.
-- **settingsDownloadTime**  Timestamp of the last attempt to acquire settings.
-- **settingsETag**  Version identifier for the settings.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
-
-This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **RebootTaskRestoredTime**  Time at which this reboot task was restored.
-- **wuDeviceid**  Device ID for the device on which the reboot is restored.
-
-
-### Microsoft.Windows.Update.Orchestrator.ScanTriggered
-
-This event indicates that Update Orchestrator has started a scan operation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current scan operation.
-- **eventScenario**  Indicates the purpose of sending this event.
-- **interactive**  Indicates whether the scan is interactive.
-- **isScanPastSla**  Indicates whether the SLA has elapsed for scanning.
-- **isScanPastTriggerSla**  Indicates whether the SLA has elapsed for triggering a scan.
-- **minutesOverScanSla**  Indicates how many minutes the scan exceeded the scan SLA.
-- **minutesOverScanTriggerSla**  Indicates how many minutes the scan exceeded the scan trigger SLA.
-- **scanTriggerSource**  Indicates what caused the scan.
-- **updateScenarioType**  The update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.SeekerUpdateAvailable
-
-This event defines when an optional update is available for the device to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The unique identifier of the Windows Insider build on this device.
-- **isFeatureUpdate**  Indicates whether the update is a Feature Update.
-- **revisionNumber**  The revision number of the update.
-- **updateId**  The GUID (Globally Unique Identifier) of the update.
-- **wuDeviceid**  The Windows Update device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.SeekUpdate
-
-This event occurs when user initiates "seeker" scan. This helps keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The ID of the Windows Insider builds on the device.
-- **isFeatureUpdate**  Indicates that the target of the Seek is a feature update.
-- **revisionNumber**  The revision number of the update.
-- **updateId**  The identifier of the update.
-- **wuDeviceid**  The Windows Update device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.SystemNeeded
-
-This event sends data about why a device is unable to reboot, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  End-to-end update session ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **systemNeededReason**  List of apps or tasks that are preventing the system from restarting.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours
-
-This event indicates that update activity was stopped due to active hours starting. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursEnd**  The end of the active hours window.
-- **activeHoursStart**  The start of the active hours window.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  The device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel
-
-This event is sent when update activity was stopped due to a low battery level. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  The current battery charge capacity.
-- **batteryLevelThreshold**  The battery capacity threshold to stop update activity.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  The device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateInstallPause
-
-This event sends data when a device pauses an in-progress update, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updateClassificationGUID**  The classification GUID for the update that was paused.
-- **updateId**  An update ID for the update that was paused.
-- **wuDeviceid**  A unique Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
-
-This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configuredPoliciescount**  Number of policies on the device.
-- **policiesNamevaluesource**  Policy name and source of policy (group policy, MDM or flight).
-- **policyCacherefreshtime**  Time when policy cache was refreshed.
-- **updateInstalluxsetting**  Indicates whether a user has set policies via a user experience option.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
-
-This event sends data about whether an update required a reboot to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
-
-This event sends information about an update that encountered problems and was not able to complete. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code encountered.
-- **wuDeviceid**  The ID of the device in which the error occurred.
-
-
-### Microsoft.Windows.Update.Orchestrator.USODiagnostics
-
-This event sends data on whether the state of the update attempt, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **LastApplicableUpdateFoundTime**  The time when the last applicable update was found.
-- **LastDownloadDeferredReason**  The last reason download was deferred.
-- **LastDownloadDeferredTime**  The time of the download deferral.
-- **LastDownloadFailureError**  The last download failure.
-- **LastDownloadFailureTime**  The time of the last download failure.
-- **LastInstallCompletedTime**  The time when the last successful install completed.
-- **LastInstallDeferredReason**  The reason the last install was deferred.
-- **LastInstallDeferredTime**  The time when the last install was deferred.
-- **LastInstallFailureError**  The error code associated with the last install failure.
-- **LastInstallFailureTime**  The time when the last install failed to complete.
-- **LastRebootDeferredReason**  The reason the last reboot was deferred.
-- **LastRebootDeferredTime**  The time when the last reboot was deferred.
-- **LastRebootPendingTime**  The time when the last reboot state was set to “Pending”.
-- **LastScanDeferredReason**  The reason the last scan was deferred.
-- **LastScanDeferredTime**  The time when the last scan was deferred.
-- **LastScanFailureError**  The error code for the last scan failure.
-- **LastScanFailureTime**  The time when the last scan failed.
-- **LastUpdateCheckTime**  The time of the last update check.
-- **LastUpdateDownloadTime**  The time when the last update was downloaded.
-- **LastUpgradeInstallFailureError**  The error code for the last upgrade install failure.
-- **LastUpgradeInstallFailureTime**  The time of the last upgrade install failure.
-- **LowUpTimeDetectTime**  The last time “low up-time” was detected.
-- **NoLowUpTimeDetectTime**  The last time no “low up-time” was detected.
-- **RebootRequired**  Indicates reboot is required.
-- **UpgradeInProgressTime**  The amount of time a feature update has been in progress.
-- **WaaSFeatureAssessmentDays**  The number of days Feature Update Assessment has been out of date.
-- **WaaSFeatureAssessmentImpact**  The impact of the Feature Update Assessment.
-- **WaaSUpToDateAssessmentDays**  The number of days Quality Update Assessment has been out of date.
-- **WaaSUpToDateAssessmentImpact**  The impact of Quality Update Assessment.
-- **wuDeviceid**  Unique ID for Device
-
-
-### Microsoft.Windows.Update.Orchestrator.UUPFallBack
-
-This event sends data when UUP needs to fall back, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  The current event time.
-- **UUPFallBackConfigured**  The fall back error code.
-- **UUPFallBackErrorReason**  The reason for fall back error.
-- **wuDeviceid**  A Windows Update device ID.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
-
-This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
-- **DeviceLocalTime**  The date and time (based on the device date/time settings) the reboot mode changed.
-- **EngagedModeLimit**  The number of days to switch between DTE (Direct-to-Engaged) dialogs.
-- **EnterAutoModeLimit**  The maximum number of days a device can enter Auto Reboot mode.
-- **ETag**  The Entity Tag that represents the OneSettings version.
-- **IsForcedEnabled**  Identifies whether Forced Reboot mode is enabled for the device.
-- **IsUltimateForcedEnabled**  Identifies whether Ultimate Forced Reboot mode is enabled for the device.
-- **OldestUpdateLocalTime**  The date and time (based on the device date/time settings) this update’s reboot began pending.
-- **RebootUxState**  Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
-- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
-- **SkipToAutoModeLimit**  The maximum number of days to switch to start while in Auto Reboot mode.
-- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
-- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
-
-This event is sent when a security update has successfully completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **UtcTime**  The Coordinated Universal Time that the restart was no longer needed.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootRequestReasonsToIgnore
-
-This event is sent when the reboot can be deferred based on some reasons, before reboot attempts. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Reason**  The reason sent which will cause the reboot to defer.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
-
-This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether Active Hours applies on this device.
-- **IsEnhancedEngagedReboot**  Indicates whether Enhanced reboot was enabled.
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  True, if a reboot is scheduled outside of active hours. False, otherwise.
-- **rebootScheduledByUser**  True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
-- **rebootState**  Current state of the reboot.
-- **revisionNumber**  Revision number of the OS.
-- **scheduledRebootTime**  Time scheduled for the reboot.
-- **scheduledRebootTimeInUTC**  Time scheduled for the reboot, in UTC.
-- **updateId**  Identifies which update is being scheduled.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot
-
-This event is fired the first time when the reboot is required. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask
-
-This event is sent when MUSE broker schedules a task. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **TaskArgument**  The arguments with which the task is scheduled.
-- **TaskName**  Name of the task.
-
-
-### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Is the restart respecting Active Hours?
-- **IsEnhancedEngagedReboot**  TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE.
-- **rebootArgument**  The arguments that are passed to the OS for the restarted.
-- **rebootOutsideOfActiveHours**  Was the restart scheduled outside of Active Hours?
-- **rebootScheduledByUser**  Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
-- **rebootState**  The state of the restart.
-- **revisionNumber**  The revision number of the OS being updated.
-- **scheduledRebootTime**  Time of the scheduled reboot
-- **scheduledRebootTimeInUTC**  Time of the scheduled restart, in Coordinated Universal Time.
-- **updateId**  The Windows Update device GUID.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICOInteractionCampaignComplete
-
-This event is generated whenever a RUXIM user interaction campaign becomes complete. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that became complete.
-- **ResultId**  The final result of the interaction campaign.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ControlId**  String identifying the control (if any) that was selected by the user during presentation.
-- **hrInteractionHandler**  The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
-- **hrScheduler**  The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
-- **InteractionCampaignID**  The ID of the interaction campaign that was processed.
-- **ResultId**  The result of the evaluation/presentation.
-- **WasCompleted**  True if the interaction campaign is complete.
-- **WasPresented**  True if the Interaction Handler displayed the interaction campaign to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMICS.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncExit
-
-This event is sent when RUXIM completes checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **hrInitialize**  Error, if any, that occurred while initializing OneSettings.
-- **hrQuery**  Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncLaunch
-
-This event is sent when RUXIM begins checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
-
-This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **hrLocal**  The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
-- **hrPresentation**  The error (if any) reported by RUXIM Presentation Handler during presentation.
-- **InteractionCampaignID**  GUID; the user interaction campaign processed by RUXIM Interaction Handler.
-- **ResultId**  The result generated by the evaluation and presentation.
-- **WasCompleted**  True if the user interaction campaign is complete.
-- **WasPresented**  True if the user interaction campaign is displayed to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that RUXIMIH processed.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMIH.
-- **InteractionCampaignID**  GUID identifying the user interaction campaign that the Interaction Handler will process.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
-
-This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **HRESULT**  Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
-- **Id**  GUID passed in by the caller to identify the evaluation.
-- **NodeEvaluationData**  Structure showing the results of individual checks that occurred during the overall evaluation.
-- **Result**  Overall result generated by the evaluation.
-
-
-## Windows Update mitigation events
-
-### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
-
-This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The client ID used by Windows Update.
-- **FlightId**  The ID of each Windows Insider build the device received.
-- **InstanceId**  A unique device ID that identifies each update instance.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **MountedImageCount**  The number of mounted images.
-- **MountedImageMatches**  The number of mounted image matches.
-- **MountedImagesFailed**  The number of mounted images that could not be removed.
-- **MountedImagesRemoved**  The number of mounted images that were successfully removed.
-- **MountedImagesSkipped**  The number of mounted images that were not found.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each Windows Update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints
-
-This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightId**  Unique identifier for each flight.
-- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ReparsePointsFailed**  Number of reparse points that are corrupted but we failed to fix them.
-- **ReparsePointsFixed**  Number of reparse points that were corrupted and were fixed by this mitigation.
-- **ReparsePointsSkipped**  Number of reparse points that are not corrupted and no action is required.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each Update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-### Mitigation360Telemetry.MitigationCustom.FixupEditionId
-
-This event sends data specific to the FixupEditionId mitigation used for OS updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **EditionIdUpdated**  Determine whether EditionId was changed.
-- **FlightId**  Unique identifier for each flight.
-- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **ProductEditionId**  Expected EditionId value based on GetProductInfo.
-- **ProductType**  Value returned by GetProductInfo.
-- **RegistryEditionId**  EditionId value in the registry.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-## Windows Update Reserve Manager events
-
-### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError
-
-This event is sent when the Update Reserve Manager returns an error from one of its internal functions. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
-
-This event returns data about the Update Reserve Manager, including whether it’s been initialized. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
-
-This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-## Winlogon events
-
-### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
-
-This event signals the completion of the setup process. It happens only once during the first logon.
-
-
-
-## XBOX events
-
-### Microsoft.Xbox.XamTelemetry.AppActivationError
-
-This event indicates whether the system detected an activation error in the app.
-
-
-
-### Microsoft.Xbox.XamTelemetry.AppActivity
-
-This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
-
-The following fields are available:
-
-- **AppActionId**  The ID of the application action.
-- **AppCurrentVisibilityState**  The ID of the current application visibility state.
-- **AppId**  The Xbox LIVE Title ID of the app.
-- **AppPackageFullName**  The full name of the application package.
-- **AppPreviousVisibilityState**  The ID of the previous application visibility state.
-- **AppSessionId**  The application session ID.
-- **AppType**  The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
-- **BCACode**  The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
-- **DurationMs**  The amount of time (in milliseconds) since the last application state transition.
-- **IsTrialLicense**  This boolean value is TRUE if the application is on a trial license.
-- **LicenseType**  The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
-- **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
-- **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
-- **UserId**  The XUID (Xbox User ID) of the current user.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index ef87c4289b..92ce858c06 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -29,11 +29,7 @@ You can learn more about Windows functional and diagnostic data through these ar
 
 - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
 - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
-- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
deleted file mode 100644
index 749915474a..0000000000
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ /dev/null
@@ -1,10580 +0,0 @@
----
-description: Learn more about the Windows 10, version 1903 diagnostic data gathered at the basic level.
-title: Windows 10, version 1909 and Windows 10, version 1903 required diagnostic events and fields (Windows 10)
-ms.service: windows-client
-ms.subservice: itpro-privacy
-localizationpriority: medium
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 03/27/2017
-ms.topic: reference
----
-
-
-# Windows 10, version 1909 and Windows 10, version 1903 required Windows diagnostic events and fields
-
- **Applies to**
-
-- Windows 10, version 1909
-- Windows 10, version 1903
-
-
-Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
-
-Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-
-Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
-
-You can learn more about Windows functional and diagnostic data through these articles:
-
-- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
-- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
-
-
-## AppLocker events
-
-### Microsoft.Windows.Security.AppLockerCSP.AddParams
-
-This event indicates the parameters passed to the Add function of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **child**  The child URI of the node to add.
-- **uri**  URI of the node relative to %SYSTEM32%/AppLocker.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.AddStart
-
-This event indicates the start of an Add operation for the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.AddStop
-
-This event indicates the end of an Add operation for the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **hr**  The HRESULT returned by Add function in AppLockerCSP.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Commit
-
-This event returns information about the Commit operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **oldId**  The unique identifier for the most recent previous CSP transaction.
-- **txId**  The unique identifier for the current CSP transaction.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback
-
-This event provides the result of the Rollback operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **oldId**  Previous id for the CSP transaction.
-- **txId**  Current id for the CSP transaction.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.ClearParams
-
-This event provides the parameters passed to the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **uri**  The URI relative to the %SYSTEM32%\AppLocker folder.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.ClearStart
-
-This event indicates the start of the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.ClearStop
-
-This event indicates the end of the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **hr**  HRESULT reported at the end of the 'Clear' function.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams
-
-This event provides the parameters that were passed to the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **NodeId**  NodeId passed to CreateNodeInstance.
-- **nodeOps**  NodeOperations parameter passed to CreateNodeInstance.
-- **uri**  URI passed to CreateNodeInstance, relative to %SYSTEM32%\AppLocker.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart
-
-This event indicates the start of the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop
-
-This event indicates the end of the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **hr**  HRESULT returned by the CreateNodeInstance function in AppLockerCSP.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams
-
-This event provides the parameters passed to the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **child**  The child URI of the node to delete.
-- **uri**  URI relative to %SYSTEM32%\AppLocker.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart
-
-This event indicates the start of the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop
-
-This event indicates the end of the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **hr**  HRESULT returned by the DeleteChild function in AppLockerCSP.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies
-
-This event provides the logged Uniform Resource Identifier (URI) relative to %SYSTEM32%\AppLocker if the plug-in GUID is null or the Configuration Service Provider (CSP) doesn't believe the old policy is present.
-
-The following fields are available:
-
-- **uri**  URI relative to %SYSTEM32%\AppLocker.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams
-
-This event provides the parameters passed to the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **uri**  URI relative to %SYSTEM32%/AppLocker for MDM node.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart
-
-This event indicates the start of the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop
-
-This event indicates the end of the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **child[0]**  If function succeeded, the first child's name, else "NA".
-- **count**  If function succeeded, the number of child node names returned by the function, else 0.
-- **hr**  HRESULT returned by the GetChildNodeNames function of AppLockerCSP.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.GetLatestId
-
-This event provides the latest time-stamped unique identifier in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **dirId**  The latest directory identifier found by GetLatestId.
-- **id**  The id returned by GetLatestId if id > 0 - otherwise the dirId parameter.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.HResultException
-
-This event provides the result code (HRESULT) generated by any arbitrary function in the AppLocker Configuration Service Provider (CSP).
-
-The following fields are available:
-
-- **file**  File in the OS code base in which the exception occurs.
-- **function**  Function in the OS code base in which the exception occurs.
-- **hr**  HRESULT that is reported.
-- **line**  Line in the file in the OS code base in which the exception occurs.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.SetValueParams
-
-This event provides the parameters that were passed to the SetValue operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-The following fields are available:
-
-- **dataLength**  Length of the value to set.
-- **uri**  The node URI to that should contain the value, relative to %SYSTEM32%\AppLocker.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.SetValueStart
-
-This event indicates the start of the SetValue operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.SetValueStop
-
-End of the "SetValue" operation for the AppLockerCSP node.
-
-The following fields are available:
-
-- **hr**  HRESULT returned by the SetValue function in AppLockerCSP.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies
-
-This event provides information for fixing a policy in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. It includes Uniform Resource Identifier (URI) relative to %SYSTEM32%\AppLocker that needs to be fixed.
-
-The following fields are available:
-
-- **uri**  URI for node relative to %SYSTEM32%/AppLocker.
-
-
-## Appraiser events
-
-### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
-
-This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **DatasourceApplicationFile_19H1**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_19H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_20H1**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H1**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H2**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CU22H2**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS1**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS2**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS4**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS5**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_TH1**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_TH2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_19H1**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_19H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_20H1**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H1**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CU22H2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS1**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS3Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS4**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS4Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS5**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS5Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_TH1**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_TH2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_19H1**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_19H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_20H1**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H1**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CU22H2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS1**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS3Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS4**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS4Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS5**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS5Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_TH1**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_TH2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_19H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_19H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_20H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CO21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CU22H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS4**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS5**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_TH1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_TH2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_19H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_19H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_20H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CO21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CU22H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS4**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS5**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_TH1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_TH2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_19H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_19H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_20H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CO21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CU22H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS4**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS5**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_TH1**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_TH2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_19ASetup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_19H1**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_19H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_20H1**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_20H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H1**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CU22H2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS1**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS3Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS4**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS4Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS5**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS5Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_TH1**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_TH2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_19H1**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_20H1**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H1**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS1**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS4**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS5**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_TH1**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_TH2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_19H1**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_20H1**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H1**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS1**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS3Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS4**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS4Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS5**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS5Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_TH1**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_TH2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_19H1**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_20H1**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H1**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS1**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS3Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS4**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS4Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS5**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS5Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_TH1**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_TH2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_19H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_20H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS4**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS5**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_TH1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_TH2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_19H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_20H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS4**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS5**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_TH1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_TH2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_19H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_20H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS4**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS5**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_TH1**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_TH2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_19H1**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_20H1**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H1**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS1**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS4**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS5**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_TH1**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_TH2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_19H1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_20H1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_21H1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_21H2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_RS1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_RS2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_RS3**  The total number of objects of this type present on this device.
-- **DecisionSModeState_RS4**  The total number of objects of this type present on this device.
-- **DecisionSModeState_RS5**  The total number of objects of this type present on this device.
-- **DecisionSModeState_TH1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_19ASetup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_19H1**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_19H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_20H1**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS3Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS4**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS4Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS5**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS5Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_TH1**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_19H1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_20H1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS4**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS5**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_TH1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_19H1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_20H1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS4**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS5**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_TH1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessor_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_19H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_20H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS4**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS5**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_TH1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_19H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_20H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS4**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS5**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_TH1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_19H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_20H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS3**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS4**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS5**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_TH1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_TH2**  The total number of objects of this type present on this device.
-- **DecisionTest_19H1**  The total number of objects of this type present on this device.
-- **DecisionTest_20H1**  The total number of objects of this type present on this device.
-- **DecisionTest_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_21H1**  The total number of objects of this type present on this device.
-- **DecisionTest_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_21H2**  The total number of objects of this type present on this device.
-- **DecisionTest_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionTest_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionTest_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_RS1**  The total number of objects of this type present on this device.
-- **DecisionTest_RS2**  The total number of objects of this type present on this device.
-- **DecisionTest_RS3**  The total number of objects of this type present on this device.
-- **DecisionTest_RS4**  The total number of objects of this type present on this device.
-- **DecisionTest_RS5**  The total number of objects of this type present on this device.
-- **DecisionTest_TH1**  The total number of objects of this type present on this device.
-- **DecisionTest_TH2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_19H1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_20H1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_21H1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_21H2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS3**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS4**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS5**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_TH1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_TH2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_19H1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_20H1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_20H1Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_21H1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_21H2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CU22H2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CU22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_NI22H2Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS3**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS4**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS5**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_TH1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_TH2**  The total number of objects of this type present on this device.
-- **InventoryApplicationFile**  The total number of objects of this type present on this device.
-- **InventoryDeviceContainer**  The total number of objects of this type present on this device.
-- **InventoryDevicePnp**  The total number of objects of this type present on this device.
-- **InventoryDriverBinary**  The total number of objects of this type present on this device.
-- **InventoryDriverPackage**  The total number of objects of this type present on this device.
-- **InventoryLanguagePack**  The total number of objects of this type present on this device.
-- **InventoryMediaCenter**  The total number of objects of this type present on this device.
-- **InventorySystemBios**  The total number of objects of this type present on this device.
-- **InventorySystemMachine**  The total number of objects of this type present on this device.
-- **InventorySystemProcessor**  The total number of objects of this type present on this device.
-- **InventoryTest**  The total number of objects of this type present on this device.
-- **InventoryUplevelDriverPackage**  The total number of objects of this type present on this device.
-- **PCFP**  The total number of objects of this type present on this device.
-- **SystemMemory**  The total number of objects of this type present on this device.
-- **SystemProcessorCompareExchange**  The total number of objects of this type present on this device.
-- **SystemProcessorLahfSahf**  The total number of objects of this type present on this device.
-- **SystemProcessorNx**  The total number of objects of this type present on this device.
-- **SystemProcessorPrefetchW**  The total number of objects of this type present on this device.
-- **SystemProcessorSse2**  The total number of objects of this type present on this device.
-- **SystemTouch**  The total number of objects of this type present on this device.
-- **SystemWim**  The total number of objects of this type present on this device.
-- **SystemWindowsActivationStatus**  The total number of objects of this type present on this device.
-- **SystemWlan**  The total number of objects of this type present on this device.
-- **Wmdrm_19H1**  The total number of objects of this type present on this device.
-- **Wmdrm_19H1Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_20H1**  The total number of objects of this type present on this device.
-- **Wmdrm_20H1Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_21H1**  The total number of objects of this type present on this device.
-- **Wmdrm_21H1Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_21H2**  The total number of objects of this type present on this device.
-- **Wmdrm_21H2Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_CO21H2**  The total number of objects of this type present on this device.
-- **Wmdrm_CO21H2Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_CU22H2**  The total number of objects of this type present on this device.
-- **Wmdrm_CU22H2Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_NI22H2Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_RS1**  The total number of objects of this type present on this device.
-- **Wmdrm_RS2**  The total number of objects of this type present on this device.
-- **Wmdrm_RS3**  The total number of objects of this type present on this device.
-- **Wmdrm_RS4**  The total number of objects of this type present on this device.
-- **Wmdrm_RS5**  The total number of objects of this type present on this device.
-- **Wmdrm_TH1**  The total number of objects of this type present on this device.
-- **Wmdrm_TH2**  The total number of objects of this type present on this device.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
-
-This event represents the basic metadata about specific application files installed on the system. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **AvDisplayName**  If the app is an anti-virus app, this is its display name.
-- **CompatModelIndex**  The compatibility prediction for this file.
-- **HasCitData**  Indicates whether the file is present in CIT data.
-- **HasUpgradeExe**  Indicates whether the anti-virus app has an upgrade.exe file.
-- **IsAv**  Is the file an anti-virus reporting EXE?
-- **ResolveAttempted**  This will always be an empty string when sending diagnostic data.
-- **SdbEntries**  An array of fields that indicates the SDB entries that apply to this file.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
-
-This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
-
-This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
-
-This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **ActiveNetworkConnection**  Indicates whether the device is an active network device.
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **IsBootCritical**  Indicates whether the device boot is critical.
-- **WuDriverCoverage**  Indicates whether there is a driver uplevel for this device, according to Windows Update.
-- **WuDriverUpdateId**  The Windows Update ID of the applicable uplevel driver.
-- **WuPopulatedFromId**  The expected uplevel driver matching ID based on driver coverage from Windows Update.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
-
-This event indicates that the DatasourceDevicePnp object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
-
-This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
-
-This event sends compatibility database data about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
-
-This event indicates that the DatasourceDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
-
-This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
-
-This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **ResolveAttempted**  This will always be an empty string when sending diagnostic data.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
-
-This event indicates that the DataSourceMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
-
-This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events has completed being sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
-
-This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
-
-This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
-
-This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
-
-This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
-
-This event sends compatibility database information about the BIOS to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
-
-This event indicates that the DatasourceSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
-
-This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
-
-This event sends compatibility decision data about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file that is generating the events.
-- **BlockAlreadyInbox**  The uplevel runtime block on the file already existed on the current OS.
-- **BlockingApplication**  Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
-- **DisplayGenericMessage**  Will be a generic message be shown for this file?
-- **DisplayGenericMessageGated**  Indicates whether a generic message be shown for this file.
-- **HardBlock**  This file is blocked in the SDB.
-- **HasUxBlockOverride**  Does the file have a block that is overridden by a tag in the SDB?
-- **MigApplication**  Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
-- **MigRemoval**  Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
-- **NeedsDismissAction**  Will the file cause an action that can be dismissed?
-- **NeedsInstallPostUpgradeData**  After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
-- **NeedsNotifyPostUpgradeData**  Does the file have a notification that should be shown after upgrade?
-- **NeedsReinstallPostUpgradeData**  After upgrade, this file will have a post-upgrade notification to reinstall the app.
-- **NeedsUninstallAction**  The file must be uninstalled to complete the upgrade.
-- **SdbBlockUpgrade**  The file is tagged as blocking upgrade in the SDB,
-- **SdbBlockUpgradeCanReinstall**  The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
-- **SdbBlockUpgradeUntilUpdate**  The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
-- **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
-- **SoftBlock**  The file is softblocked in the SDB and has a warning.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-
-This event indicates that the DecisionApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
-
-This event indicates that a new set of DecisionApplicationFileAdd events will be sent. This event is used to make compatibility decisions about a file to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
-
-This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **AssociatedDriverIsBlocked**  Is the driver associated with this PNP device blocked?
-- **AssociatedDriverWillNotMigrate**  Will the driver associated with this plug-and-play device migrate?
-- **BlockAssociatedDriver**  Should the driver associated with this PNP device be blocked?
-- **BlockingDevice**  Is this PNP device blocking upgrade?
-- **BlockUpgradeIfDriverBlocked**  Is the PNP device both boot critical and does not have a driver included with the OS?
-- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork**  Is this PNP device the only active network device?
-- **DisplayGenericMessage**  Will a generic message be shown during Setup for this PNP device?
-- **DisplayGenericMessageGated**  Indicates whether a generic message will be shown during Setup for this PNP device.
-- **DriverAvailableInbox**  Is a driver included with the operating system for this PNP device?
-- **DriverAvailableOnline**  Is there a driver for this PNP device on Windows Update?
-- **DriverAvailableUplevel**  Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden**  Is there is a driver block on the device that has been overridden?
-- **NeedsDismissAction**  Will the user would need to dismiss a warning during Setup for this device?
-- **NotRegressed**  Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
-- **SdbDeviceBlockUpgrade**  Is there an SDB block on the PNP device that blocks upgrade?
-- **SdbDriverBlockOverridden**  Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
-
-This event Indicates that the DecisionDevicePnp object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
-
-This event indicates that a new set of DecisionDevicePnpAdd events will be sent. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
-
-This event sends decision data about driver package compatibility to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for this driver package.
-- **DriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-- **DriverIsDeviceBlocked**  Was the driver package was blocked because of a device block?
-- **DriverIsDriverBlocked**  Is the driver package blocked because of a driver block?
-- **DriverShouldNotMigrate**  Should the driver package be migrated during upgrade?
-- **SdbDriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
-
-This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
-
-The DecisionDriverPackageStartSync event indicates that a new set of DecisionDriverPackageAdd events will be sent. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
-
-This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **BlockingApplication**  Are there are any application issues that interfere with upgrade due to matching info blocks?
-- **DisplayGenericMessage**  Will a generic message be shown for this block?
-- **NeedsDismissAction**  Will the file cause an action that can be dismissed?
-- **NeedsUninstallAction**  Does the user need to take an action in setup due to a matching info block?
-- **SdbBlockUpgrade**  Is a matching info block blocking upgrade?
-- **SdbBlockUpgradeCanReinstall**  Is a matching info block blocking upgrade, but has the can reinstall tag?
-- **SdbBlockUpgradeUntilUpdate**  Is a matching info block blocking upgrade but has the until update tag?
-- **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove
-
-This event indicates that the DecisionMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
-
-This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
-
-This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Are there any application issues that interfere with upgrade due to matching info blocks?
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown due to matching info blocks.
-- **MigApplication**  Is there a matching info block with a mig for the current mode of upgrade?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove
-
-This event Indicates that the DecisionMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
-
-This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **NeedsInstallPostUpgradeData**  Will the file have a notification after upgrade to install a replacement for the app?
-- **NeedsNotifyPostUpgradeData**  Should a notification be shown for this file after upgrade?
-- **NeedsReinstallPostUpgradeData**  Will the file have a notification after upgrade to reinstall the app?
-- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
-
-This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
-
-This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
-
-This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **BlockingApplication**  Is there any application issues that interfere with upgrade due to Windows Media Center?
-- **MediaCenterActivelyUsed**  If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
-- **MediaCenterIndicators**  Do any indicators imply that Windows Media Center is in active use?
-- **MediaCenterInUse**  Is Windows Media Center actively being used?
-- **MediaCenterPaidOrActivelyUsed**  Is Windows Media Center actively being used or is it running on a supported edition?
-- **NeedsDismissAction**  Are there any actions that can be dismissed coming from Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
-
-This event indicates that the DecisionMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
-
-This event indicates that a new set of DecisionMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSModeStateAdd
-
-This event sends true/false compatibility decision data about the S mode state. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Appraiser decision about eligibility to upgrade.
-- **LockdownMode**  S mode lockdown mode.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSModeStateStartSync
-
-The DecisionSModeStateStartSync event indicates that a new set of DecisionSModeStateAdd events will be sent. This event is used to make compatibility decisions about the S mode state. Microsoft uses this information to understand and address problems regarding the S mode state for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
-
-This event sends compatibility decision data about the BIOS to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device blocked from upgrade due to a BIOS block?
-- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for the bios.
-- **HasBiosBlock**  Does the device have a BIOS block?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
-
-This event indicates that the DecisionSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
-
-This event indicates that a new set of DecisionSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeAdd
-
-This event indicates that this object type was added. This data refers to the Disk size in the device. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Blocking**  Appraiser decision for upgrade experience marker.
-- **TotalSize**  Disk size in Gb.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeStartSync
-
-Start sync event for physical disk size data. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryAdd
-
-This event sends compatibility decision data about the system memory to help keep Windows up to date. Microsoft uses this information to understand and address problems regarding system memory for computers receiving updates.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Blocking**  Blocking information.
-- **MemoryRequirementViolated**  Memory information.
-- **ramKB**  Memory information in KB.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryStartSync
-
-The DecisionSystemMemoryStartSync event indicates that a new set of DecisionSystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresAdd
-
-This data attribute refers to the number of Cores a CPU supports. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Blocking**  The Appraisal decision about eligibility to upgrade.
-- **CpuCores**  Number of CPU Cores.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresStartSync
-
-This event signals the start of telemetry collection for CPU cores in Appraiser. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelAdd
-
-This event sends true/false compatibility decision data about the CPU. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Armv81Support**  Arm v8.1 Atomics support.
-- **Blocking**  Appraiser decision about eligibility to upgrade.
-- **CpuFamily**  Cpu family.
-- **CpuModel**  Cpu model.
-- **CpuStepping**  Cpu stepping.
-- **CpuVendor**  Cpu vendor.
-- **PlatformId**  CPU platform identifier.
-- **ProcessorName**  OEM processor name.
-- **ProductName**  OEM product name.
-- **SysReqOverride**  Appraiser decision about system requirements override.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelStartSync
-
-The DecisionSystemProcessorCpuModelStartSync event indicates that a new set of DecisionSystemProcessorCpuModelAdd events will be sent. This event is used to make compatibility decisions about the CPU. Microsoft uses this information to understand and address problems regarding the CPU for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedAdd
-
-This event sends compatibility decision data about the CPU, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Blocking**  Appraiser OS eligibility decision.
-- **Mhz**  CPU speed in MHz.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedStartSync
-
-This event collects data for CPU speed in MHz. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTestAdd
-
-This event provides diagnostic data for testing decision add events. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser binary generating the events.
-- **TestDecisionDataPoint1**  Test data point 1.
-- **TestDecisionDataPoint2**  Test data point 2.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTestRemove
-
-This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTestStartSync
-
-This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTpmVersionAdd
-
-This event collects data about the Trusted Platform Module (TPM) in the device. TPM technology is designed to provide hardware-based, security-related functions. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Blocking**  Appraiser upgradeability decision based on the device's TPM support.
-- **SysReqOverride**  Appraiser decision about system requirements override.
-- **TpmVersionInfo**  The version of Trusted Platform Module (TPM) technology in the device.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTpmVersionStartSync
-
-The DecisionTpmVersionStartSync event indicates that a new set of DecisionTpmVersionAdd events will be sent. This event is used to make compatibility decisions about the TPM. Microsoft uses this information to understand and address problems regarding the TPM for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootAdd
-
-This event collects information about data on support and state of UEFI Secure boot. UEFI is a verification mechanism for ensuring that code launched by firmware is trusted. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-- **Blocking**  Appraiser upgradeability decision when checking for UEFI support.
-- **SecureBootCapable**  Is UEFI supported?
-- **SecureBootEnabled**  Is UEFI enabled?
-
-
-### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootStartSync
-
-Start sync event data for UEFI Secure boot. UEFI is a verification mechanism for ensuring that code launched by firmware is trusted. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser file generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.GatedRegChange
-
-This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
-
-The following fields are available:
-
-- **NewData**  The data in the registry value after the scan completed.
-- **OldData**  The previous data in the registry value before the scan ran.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **RegKey**  The registry key name for which a result is being sent.
-- **RegValue**  The registry value for which a result is being sent.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
-
-This event represents the basic metadata about a file on the system.  The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **AvDisplayName**  If the app is an antivirus app, this is its display name.
-- **AvProductState**  Indicates whether the antivirus program is turned on and the signatures are up to date.
-- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
-- **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
-- **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
-- **BoeProgramId**  If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
-- **CompanyName**  The company name of the vendor who developed this file.
-- **FileId**  A hash that uniquely identifies a file.
-- **FileVersion**  The File version field from the file metadata under Properties -> Details.
-- **HasUpgradeExe**  Indicates whether the antivirus app has an upgrade.exe file.
-- **IsAv**  Indicates whether the file an antivirus reporting EXE.
-- **LinkDate**  The date and time that this file was linked on.
-- **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
-- **Name**  The name of the file that was inventoried.
-- **ProductName**  The Product name field from the file metadata under Properties -> Details.
-- **ProductVersion**  The Product version field from the file metadata under Properties -> Details.
-- **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
-- **Size**  The size of the file (in hexadecimal bytes).
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
-
-This event indicates that the InventoryApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
-
-This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **HasLanguagePack**  Indicates whether this device has 2 or more language packs.
-- **LanguagePackCount**  The number of language packs are installed.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
-
-This event indicates that the InventoryLanguagePack object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
-
-This event indicates that a new set of InventoryLanguagePackAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
-
-This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **EverLaunched**  Has Windows Media Center ever been launched?
-- **HasConfiguredTv**  Has the user configured a TV tuner through Windows Media Center?
-- **HasExtendedUserAccounts**  Are any Windows Media Center Extender user accounts configured?
-- **HasWatchedFolders**  Are any folders configured for Windows  Media Center to watch?
-- **IsDefaultLauncher**  Is Windows Media Center the default app for opening music or video files?
-- **IsPaid**  Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
-- **IsSupported**  Does the running OS support Windows Media Center?
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
-
-This event indicates that the InventoryMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
-
-This event indicates that a new set of InventoryMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
-
-This event sends basic metadata about the BIOS to determine whether it has a compatibility block. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BiosDate**  The release date of the BIOS in UTC format.
-- **BiosName**  The name field from Win32_BIOS.
-- **Manufacturer**  The manufacturer field from Win32_ComputerSystem.
-- **Model**  The model field from Win32_ComputerSystem.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
-
-This event indicates that the InventorySystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
-
-This event indicates that a new set of InventorySystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemProcessorEndSync
-
-This event indicates that a full set of InventorySystemProcessorAdd events has been sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventorySystemProcessorStartSync
-
-This event indicates that a new set of InventorySystemProcessorAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryTestAdd
-
-This event provides diagnostic data for testing event adds.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the component sending the data.
-- **TestInvDataPoint1**  Test inventory data point 1.
-- **TestInvDataPoint2**  Test inventory data point 2.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryTestRemove
-
-This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryTestStartSync
-
-This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
-
-This event runs only during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. It is critical in understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BootCritical**  Is the driver package marked as boot critical?
-- **Build**  The build value from the driver package.
-- **CatalogFile**  The name of the catalog file within the driver package.
-- **Class**  The device class from the driver package.
-- **ClassGuid**  The device class unique ID from the driver package.
-- **Date**  The date from the driver package.
-- **Inbox**  Is the driver package of a driver that is included with Windows?
-- **OriginalName**  The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
-- **Provider**  The provider of the driver package.
-- **PublishedName**  The name of the INF file after it was renamed.
-- **Revision**  The revision of the driver package.
-- **SignatureStatus**  Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
-- **VersionMajor**  The major version of the driver package.
-- **VersionMinor**  The minor version of the driver package.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
-
-This event indicates that the InventoryUplevelDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
-
-This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.RunContext
-
-This event is sent at the beginning of an appraiser run, the RunContext indicates what should be expected in the following data payload. This event is used with the other Appraiser events to make compatibility decisions to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the currently running version of Appraiser was built.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **CensusId**  A unique hardware identifier.
-- **Context**  Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **Subcontext**  Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan.
-- **Time**  The client time of the event.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
-
-This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the device from upgrade due to memory restrictions?
-- **MemoryRequirementViolated**  Was a memory requirement violated?
-- **pageFile**  The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
-- **ram**  The amount of memory on the device.
-- **ramKB**  The amount of memory (in KB).
-- **virtual**  The size of the user-mode portion of the virtual address space of the calling process (in bytes).
-- **virtualKB**  The amount of virtual memory (in KB).
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
-
-This event that the SystemMemory object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
-
-This event indicates that a new set of SystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
-
-This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **CompareExchange128Support**  Does the CPU support CompareExchange128?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
-
-This event indicates that the SystemProcessorCompareExchange object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
-
-This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
-
-This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **LahfSahfSupport**  Does the CPU support LAHF/SAHF?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
-
-This event indicates that the SystemProcessorLahfSahf object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
-
-This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
-
-This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **NXDriverResult**  The result of the driver used to do a non-deterministic check for NX support.
-- **NXProcessorSupport**  Does the processor support NX?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
-
-This event indicates that the SystemProcessorNx object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
-
-This event  indicates that a new set of SystemProcessorNxAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
-
-This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **PrefetchWSupport**  Does the processor support PrefetchW?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
-
-This event indicates that the SystemProcessorPrefetchW object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
-
-This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
-
-This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked due to the processor?
-- **SSE2ProcessorSupport**  Does the processor support SSE2?
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
-
-This event indicates that the SystemProcessorSse2 object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
-
-This event indicates that a new set of SystemProcessorSse2Add events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchAdd
-
-This event sends data indicating whether the system supports touch, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IntegratedTouchDigitizerPresent**  Is there an integrated touch digitizer?
-- **MaximumTouches**  The maximum number of touch points supported by the device hardware.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchRemove
-
-This event indicates that the SystemTouch object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
-
-This event indicates that a new set of SystemTouchAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimAdd
-
-This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **IsWimBoot**  Is the current operating system running from a compressed WIM file?
-- **RegistryWimBootValue**  The raw value from the registry that is used to indicate if the device is running from a WIM.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimRemove
-
-This event indicates that the SystemWim object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWimStartSync
-
-This event indicates that a new set of SystemWimAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
-
-This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **WindowsIsLicensedApiValue**  The result from the API that's used to indicate if operating system is activated.
-- **WindowsNotActivatedDecision**  Is the current operating system activated?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
-
-This event indicates that the SystemWindowsActivationStatus object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
-
-This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanAdd
-
-This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **Blocking**  Is the upgrade blocked because of an emulated WLAN driver?
-- **HasWlanBlock**  Does the emulated WLAN driver have an upgrade block?
-- **WlanEmulatedDriver**  Does the device have an emulated WLAN driver?
-- **WlanExists**  Does the device support WLAN at all?
-- **WlanModulePresent**  Are any WLAN modules present?
-- **WlanNativeDriver**  Does the device have a non-emulated WLAN driver?
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanRemove
-
-This event indicates that the SystemWlan object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
-
-This event indicates that a new set of SystemWlanAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
-
-This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
-
-The following fields are available:
-
-- **AppraiserBranch**  The source branch in which the version of Appraiser that is running was built.
-- **AppraiserDataVersion**  The version of the data files being used by the Appraiser diagnostic data run.
-- **AppraiserProcess**  The name of the process that launched Appraiser.
-- **AppraiserVersion**  The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
-- **AuxFinal**  Obsolete, always set to false.
-- **AuxInitial**  Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
-- **CountCustomSdbs**  The number of custom Sdbs used by Appraiser.
-- **CustomSdbGuids**  Guids of the custom Sdbs used by Appraiser; Semicolon delimited list.
-- **DeadlineDate**  A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
-- **EnterpriseRun**  Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
-- **FullSync**  Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
-- **InboxDataVersion**  The original version of the data files before retrieving any newer version.
-- **IndicatorsWritten**  Indicates if all relevant UEX indicators were successfully written or updated.
-- **InventoryFullSync**  Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
-- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
-- **PerfBackoff**  Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
-- **PerfBackoffInsurance**  Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
-- **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
-- **RunDate**  The date that the diagnostic data run was stated, expressed as a filetime.
-- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
-- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
-- **RunResult**  The hresult of the Appraiser diagnostic data run.
-- **ScheduledUploadDay**  The day scheduled for the upload.
-- **SendingUtc**  Indicates whether the Appraiser client is sending events during the current diagnostic data run.
-- **StoreHandleIsNotNull**  Obsolete, always set to false
-- **TelementrySent**  Indicates whether diagnostic data was successfully sent.
-- **ThrottlingUtc**  Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
-- **Time**  The client time of the event.
-- **VerboseMode**  Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
-- **WhyFullSyncWithoutTablePrefix**  Indicates the reason or reasons that a full sync was generated.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmAdd
-
-This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-- **BlockingApplication**  Same as NeedsDismissAction.
-- **NeedsDismissAction**  Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
-- **WmdrmApiResult**  Raw value of the API used to gather DRM state.
-- **WmdrmCdRipped**  Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
-- **WmdrmIndicators**  WmdrmCdRipped OR WmdrmPurchased.
-- **WmdrmInUse**  WmdrmIndicators AND dismissible block in setup was not dismissed.
-- **WmdrmNonPermanent**  Indicates if the system has any files with non-permanent licenses.
-- **WmdrmPurchased**  Indicates if the system has any files with permanent licenses.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmRemove
-
-This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.WmdrmStartSync
-
-The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
-
-
-## Audio endpoint events
-
-### MicArrayGeometry
-
-This event provides information about the layout of the individual microphone elements in the microphone array. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **MicCoords**  The location and orientation of the microphone element.
-- **usFrequencyBandHi**  The high end of the frequency range for the microphone.
-- **usFrequencyBandLo**  The low end of the frequency range for the microphone.
-- **usMicArrayType**  The type of the microphone array.
-- **usNumberOfMicrophones**  The number of microphones in the array.
-- **usVersion**  The version of the microphone array specification.
-- **wHorizontalAngleBegin**  The horizontal angle of the start of the working volume (reported as radians times 10,000).
-- **wHorizontalAngleEnd**  The horizontal angle of the end of the working volume (reported as radians times 10,000).
-- **wVerticalAngleBegin**  The vertical angle of the start of the working volume (reported as radians times 10,000).
-- **wVerticalAngleEnd**  The vertical angle of the end of the working volume (reported as radians times 10,000).
-
-
-### MicCoords
-
-This event provides information about the location and orientation of the microphone element. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **usType**  The type of microphone.
-- **wHorizontalAngle**  The horizontal angle of the microphone (reported as radians times 10,000).
-- **wVerticalAngle**  The vertical angle of the microphone (reported as radians times 10,000).
-- **wXCoord**  The x-coordinate of the microphone.
-- **wYCoord**  The y-coordinate of the microphone.
-- **wZCoord**  The z-coordinate of the microphone.
-
-
-### Microsoft.Windows.Audio.EndpointBuilder.DeviceInfo
-
-This event logs the successful enumeration of an audio endpoint (such as a microphone or speaker) and provides information about the audio endpoint. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BusEnumeratorName**  The name of the bus enumerator (for example, HDAUDIO or USB).
-- **ContainerId**  An identifier that uniquely groups the functional devices associated with a single-function or multifunction device.
-- **DeviceInstanceId**  The unique identifier for this instance of the device.
-- **EndpointDevnodeId**  The IMMDevice identifier of the associated devnode.
-- **endpointEffectClsid**  The COM Class Identifier (CLSID) for the endpoint effect audio processing object.
-- **endpointEffectModule**  Module name for the endpoint effect audio processing object.
-- **EndpointFormFactor**  The enumeration value for the form factor of the endpoint device (for example speaker, microphone, remote  network device).
-- **endpointID**  The unique identifier for the audio endpoint.
-- **endpointInstanceId**  The unique identifier for the software audio endpoint. Used for joining to other audio event.
-- **Flow**  Indicates whether the endpoint is capture (1) or render (0).
-- **globalEffectClsid**  COM Class Identifier (CLSID) for the legacy global effect audio processing object.
-- **globalEffectModule**  Module name for the legacy global effect audio processing object.
-- **HWID**  The hardware identifier for the endpoint.
-- **IsBluetooth**  Indicates whether the device is a Bluetooth device.
-- **isFarField**  A flag indicating whether the microphone endpoint is capable of hearing far field audio.
-- **IsSideband**  Indicates whether the device is a sideband device.
-- **IsUSB**  Indicates whether the device is a USB device.
-- **JackSubType**  A unique ID representing the KS node type of the endpoint.
-- **localEffectClsid**  The COM Class Identifier (CLSID) for the legacy local effect audio processing object.
-- **localEffectModule**  Module name for the legacy local effect audio processing object.
-- **MicArrayGeometry**  Describes the microphone array, including the microphone position, coordinates, type, and frequency range. See [MicArrayGeometry](#micarraygeometry).
-- **modeEffectClsid**  The COM Class Identifier (CLSID) for the mode effect audio processing object.
-- **modeEffectModule**  Module name for the mode effect audio processing object.
-- **persistentId**  A unique ID for this endpoint which is retained across migrations.
-- **streamEffectClsid**  The COM Class Identifier (CLSID) for the stream effect audio processing object.
-- **streamEffectModule**  Module name for the stream effect audio processing object.
-
-
-## Census events
-
-### Census.App
-
-This event sends version data about the Apps running on this device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserEnterpriseErrorCode**  The error code of the last Appraiser enterprise run.
-- **AppraiserErrorCode**  The error code of the last Appraiser run.
-- **AppraiserRunEndTimeStamp**  The end time of the last Appraiser run.
-- **AppraiserRunIsInProgressOrCrashed**  Flag that indicates if the Appraiser run is in progress or has crashed.
-- **AppraiserRunStartTimeStamp**  The start time of the last Appraiser run.
-- **AppraiserTaskEnabled**  Whether the Appraiser task is enabled.
-- **AppraiserTaskExitCode**  The Appraiser task exist code.
-- **AppraiserTaskLastRun**  The last runtime for the Appraiser task.
-- **CensusVersion**  The version of Census that generated the current data for this device.
-- **IEVersion**  The version of Internet Explorer that is running on the device.
-
-
-### Census.Azure
-
-This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **CloudCoreBuildEx**  The Azure CloudCore build number.
-- **CloudCoreSupportBuildEx**  The Azure CloudCore support build number.
-- **NodeID**  The node identifier on the device that indicates whether the device is part of the Azure fleet.
-
-
-### Census.Battery
-
-This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalBatteryCapablities**  Represents information about what the battery is capable of doing.
-- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
-- **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
-- **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
-- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
-
-
-### Census.Enterprise
-
-This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AADDeviceId**  Azure Active Directory device ID.
-- **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
-- **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
-- **CDJType**  Represents the type of cloud domain joined for the machine.
-- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
-- **ContainerType**  The type of container, such as process or virtual machine hosted.
-- **EnrollmentType**  Defines the type of MDM enrollment on the device.
-- **HashedDomain**  The hashed representation of the user domain used for login.
-- **IsCloudDomainJoined**  Is this device joined to an Azure Active Directory (AAD) tenant? true/false
-- **IsDERequirementMet**  Represents if the device can do device encryption.
-- **IsDeviceProtected**  Represents if Device protected by BitLocker/Device Encryption
-- **IsDomainJoined**  Indicates whether a machine is joined to a domain.
-- **IsEDPEnabled**  Represents if Enterprise data protected on the device.
-- **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
-- **MDMServiceProvider**  A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
-- **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
-- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
-- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
-
-
-### Census.Firmware
-
-This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FirmwareManufacturer**  Represents the manufacturer of the device's firmware (BIOS).
-- **FirmwareReleaseDate**  Represents the date the current firmware was released.
-- **FirmwareType**  Represents the firmware type. The various types can be unknown, BIOS, UEFI.
-- **FirmwareVersion**  Represents the version of the current firmware.
-
-
-### Census.Flighting
-
-This event sends Windows Insider data from customers participating in improvement testing and feedback programs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceSampleRate**  The telemetry sample rate assigned to the device.
-- **DriverTargetRing**  Indicates if the device is participating in receiving pre-release drivers and firmware contrent.
-- **EnablePreviewBuilds**  Used to enable Windows Insider builds on a device.
-- **FlightIds**  A list of the different Windows Insider builds on this device.
-- **FlightingBranchName**  The name of the Windows Insider branch currently used by the device.
-- **IsFlightsDisabled**  Represents if the device is participating in the Windows Insider program.
-- **MSA_Accounts**  Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
-- **SSRK**  Retrieves the mobile targeting settings.
-
-
-### Census.Hardware
-
-This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActiveMicCount**  The number of active microphones attached to the device.
-- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
-- **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
-- **D3DMaxFeatureLevel**  Supported Direct3D version.
-- **DeviceColor**  Indicates a color of the device.
-- **DeviceForm**  Indicates the form as per the device classification.
-- **DeviceName**  The device name that is set by the user.
-- **DigitizerSupport**  Is a digitizer supported?
-- **DUID**  The device unique ID.
-- **EnclosureKind**  Windows.Devices.Enclosure.EnclosureKind enum values representing each unique enclosure posture kind.
-- **Gyroscope**  Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
-- **InventoryId**  The device ID used for compatibility testing.
-- **Magnetometer**  Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
-- **NFCProximity**  Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
-- **OEMDigitalMarkerFileName**  The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
-- **OEMManufacturerName**  The device manufacturer name.  The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
-- **OEMModelBaseBoard**  The baseboard model used by the OEM.
-- **OEMModelBaseBoardVersion**  Differentiates between developer and retail devices.
-- **OEMModelName**  The device model name.
-- **OEMModelNumber**  The device model number.
-- **OEMModelSKU**  The device edition that is defined by the manufacturer.
-- **OEMModelSystemFamily**  The system family set on the device by an OEM.
-- **OEMModelSystemVersion**  The system model version set on the device by the OEM.
-- **OEMOptionalIdentifier**  A Microsoft assigned value that represents a specific OEM subsidiary.
-- **OEMSerialNumber**  The serial number of the device that is set by the manufacturer.
-- **PhoneManufacturer**  The friendly name of the phone manufacturer.
-- **PowerPlatformRole**  The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
-- **SoCName**  The firmware manufacturer of the device.
-- **StudyID**  Used to identify retail and non-retail device.
-- **TelemetryLevel**  The telemetry level the user has opted into, such as Basic or Enhanced.
-- **TelemetryLevelLimitEnhanced**  The telemetry level for Windows Analytics-based solutions.
-- **TelemetrySettingAuthority**  Determines who set the telemetry level, such as GP, MDM, or the user.
-- **TPMManufacturerId**  The ID of the TPM manufacturer.
-- **TPMManufacturerVersion**  The version of the TPM manufacturer.
-- **TPMVersion**  The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
-- **VoiceSupported**  Does the device have a cellular radio capable of making voice calls?
-
-
-### Census.Memory
-
-This event sends data about the memory on the device, including ROM and RAM. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **TotalPhysicalRAM**  Represents the physical memory (in MB).
-- **TotalVisibleMemory**  Represents the memory that is not reserved by the system.
-
-
-### Census.Network
-
-This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors). The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CellularModemHWInstanceId0**  HardwareInstanceId of the embedded Mobile broadband modem, as reported and used by PnP system to identify the WWAN modem device in Windows system. Empty string (null string) indicates that this property is unknown for telemetry.
-- **IMEI0**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **IMEI1**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
-- **MCC0**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MCC1**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MEID**  Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
-- **MNC0**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MNC1**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
-- **MobileOperatorBilling**  Represents the telephone company that provides services for mobile phone users.
-- **MobileOperatorCommercialized**  Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
-- **MobileOperatorNetwork0**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **MobileOperatorNetwork1**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
-- **ModemOptionalCapabilityBitMap0**  A bit map of optional capabilities in modem, such as eSIM support.
-- **NetworkAdapterGUID**  The GUID of the primary network adapter.
-- **NetworkCost**  Represents the network cost associated with a connection.
-- **SPN0**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-- **SPN1**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
-- **SupportedDataClassBitMap0**  A bit map of the supported data classes (i.g, 5g 4g...) that the modem is capable of.
-- **SupportedDataSubClassBitMap0**  A bit map of data subclasses that the modem is capable of.
-
-
-### Census.OS
-
-This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActivationChannel**  Retrieves the retail license key or Volume license key for a machine.
-- **AssignedAccessStatus**  Kiosk configuration mode.
-- **CompactOS**  Indicates if the Compact OS feature from Win10 is enabled.
-- **DeveloperUnlockStatus**  Represents if a device has been developer unlocked by the user or Group Policy.
-- **DeviceTimeZone**  The time zone that is set on the device. Example: Pacific Standard Time
-- **GenuineState**  Retrieves the ID Value specifying the OS Genuine check.
-- **InstallationType**  Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
-- **InstallLanguage**  The first language installed on the user machine.
-- **IsDeviceRetailDemo**  Retrieves if the device is running in demo mode.
-- **IsEduData**  Returns Boolean if the education data policy is enabled.
-- **IsPortableOperatingSystem**  Retrieves whether OS is running Windows-To-Go
-- **IsSecureBootEnabled**  Retrieves whether Boot chain is signed under UEFI.
-- **LanguagePacks**  The list of language packages installed on the device.
-- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
-- **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
-- **OSEdition**  Retrieves the version of the current OS.
-- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
-- **OSOOBEDateTime**  Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
-- **OSSKU**  Retrieves the Friendly Name of OS Edition.
-- **OSSubscriptionStatus**  Represents the existing status for enterprise subscription feature for PRO machines.
-- **OSSubscriptionTypeId**  Returns boolean for enterprise subscription feature for selected PRO machines.
-- **OSTimeZoneBiasInMins**  Retrieves the time zone set on machine.
-- **OSUILocale**  Retrieves the locale of the UI that is currently used by the OS.
-- **ProductActivationResult**  Returns Boolean if the OS Activation was successful.
-- **ProductActivationTime**  Returns the OS Activation time for tracking piracy issues.
-- **ProductKeyID2**  Retrieves the License key if the machine is updated with a new license key.
-- **RACw7Id**  Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
-- **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
-- **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
-- **ServiceProductKeyID**  Retrieves the License key of the KMS
-- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
-- **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
-- **SLICStatus**  Whether a SLIC table exists on the device.
-- **SLICVersion**  Returns OS type/version from SLIC table.
-
-
-### Census.PrivacySettings
-
-This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values:  -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **Activity**  Current state of the activity history setting.
-- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
-- **ActivityHistoryCollection**  Current state of the activity history collection setting.
-- **AdvertisingId**  Current state of the advertising ID setting.
-- **AppDiagnostics**  Current state of the app diagnostics setting.
-- **Appointments**  Current state of the calendar setting.
-- **Bluetooth**  Current state of the Bluetooth capability setting.
-- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
-- **BroadFileSystemAccess**  Current state of the broad file system access setting.
-- **CellularData**  Current state of the cellular data capability setting.
-- **Chat**  Current state of the chat setting.
-- **Contacts**  Current state of the contacts setting.
-- **DocumentsLibrary**  Current state of the documents library setting.
-- **Email**  Current state of the email setting.
-- **FindMyDevice**  Current state of the "find my device" setting.
-- **GazeInput**  Current state of the gaze input setting.
-- **HumanInterfaceDevice**  Current state of the human interface device setting.
-- **InkTypeImprovement**  Current state of the improve inking and typing setting.
-- **Location**  Current state of the location setting.
-- **LocationHistory**  Current state of the location history setting.
-- **LocationHistoryCloudSync**  Current state of the location history cloud sync setting.
-- **LocationHistoryOnTimeline**  Current state of the location history on timeline setting.
-- **Microphone**  Current state of the microphone setting.
-- **PhoneCall**  Current state of the phone call setting.
-- **PhoneCallHistory**  Current state of the call history setting.
-- **PicturesLibrary**  Current state of the pictures library setting.
-- **Radios**  Current state of the radios setting.
-- **SensorsCustom**  Current state of the custom sensor setting.
-- **SerialCommunication**  Current state of the serial communication setting.
-- **Sms**  Current state of the text messaging setting.
-- **SpeechPersonalization**  Current state of the speech services setting.
-- **USB**  Current state of the USB setting.
-- **UserAccountInformation**  Current state of the account information setting.
-- **UserDataTasks**  Current state of the tasks setting.
-- **UserNotificationListener**  Current state of the notifications setting.
-- **VideosLibrary**  Current state of the videos library setting.
-- **Webcam**  Current state of the camera setting.
-- **WiFiDirect**  Current state of the Wi-Fi direct setting.
-
-
-### Census.Processor
-
-This event sends data about the processor. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **KvaShadow**  This is the micro code information of the processor.
-- **MMSettingOverride**  Microcode setting of the processor.
-- **MMSettingOverrideMask**  Microcode setting override of the processor.
-- **PreviousUpdateRevision**  Previous microcode revision
-- **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system.
-- **ProcessorClockSpeed**  Clock speed of the processor in MHz.
-- **ProcessorCores**  Number of logical cores in the processor.
-- **ProcessorIdentifier**  Processor Identifier of a manufacturer.
-- **ProcessorManufacturer**  Name of the processor manufacturer.
-- **ProcessorModel**  Name of the processor model.
-- **ProcessorPhysicalCores**  Number of physical cores in the processor.
-- **ProcessorPlatformSpecificField1**  Registry value HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0, @Platform Specific Field 1. Platform Specific Field 1 of the Processor. Each vendor (e.g. Intel) defines the meaning differently. On Intel this is used to differentiate processors of the same generation, (e.g. Kaby Lake, KBL-G, KBL-H, KBL-R).
-- **ProcessorUpdateRevision**  The microcode revision.
-- **ProcessorUpdateStatus**  Enum value that represents the processor microcode load status
-- **SocketCount**  Count of CPU sockets.
-- **SpeculationControl**  If the system has enabled protections needed to validate the speculation control vulnerability.
-
-
-### Census.Security
-
-This event provides information about security settings. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AvailableSecurityProperties**  This field helps to enumerate and report state on the relevant security properties for Device Guard.
-- **CGRunning**  Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
-- **DGState**  This field summarizes the Device Guard state.
-- **HVCIRunning**  Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
-- **IsSawGuest**  Indicates whether the device is running as a Secure Admin Workstation Guest.
-- **IsSawHost**  Indicates whether the device is running as a Secure Admin Workstation Host.
-- **IsWdagFeatureEnabled**  Indicates whether Windows Defender Application Guard is enabled.
-- **NGCSecurityProperties**  String representation of NGC security information.
-- **RequiredSecurityProperties**  Describes the required security properties to enable virtualization-based security.
-- **SecureBootCapable**  Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
-- **ShadowStack**  The bit fields of SYSTEM_SHADOW_STACK_INFORMATION representing the state of the Intel CET (Control Enforcement Technology) hardware security feature.
-- **SModeState**  The Windows S mode trail state.
-- **SystemGuardState**  Indicates the SystemGuard state. NotCapable (0), Capable (1), Enabled (2), Error (0xFF).
-- **TpmReadyState**  Indicates the TPM ready state. NotReady (0), ReadyForStorage (1), ReadyForAttestation (2), Error (0xFF).
-- **VBSState**  Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation.  VBS has a tri-state that can be Disabled, Enabled, or Running.
-- **WdagPolicyValue**  The Windows Defender Application Guard policy.
-
-
-### Census.Speech
-
-This event is used to gather basic speech settings on the device. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **AboveLockEnabled**  Cortana setting that represents if Cortana can be invoked when the device is locked.
-- **GPAllowInputPersonalization**  Indicates if a Group Policy setting has enabled speech functionalities.
-- **HolographicSpeechInputDisabled**  Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
-- **HolographicSpeechInputDisabledRemote**  Indicates if a remote policy has disabled speech functionalities for the HMD devices.
-- **KeyVer**  Version information for the census speech event.
-- **KWSEnabled**  Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
-- **MDMAllowInputPersonalization**  Indicates if an MDM policy has enabled speech functionalities.
-- **RemotelyManaged**  Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
-- **SpeakerIdEnabled**  Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
-- **SpeechServicesEnabled**  Windows setting that represents whether a user is opted-in for speech services on the device.
-- **SpeechServicesValueSource**  Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference.
-
-
-### Census.Storage
-
-This event sends data about the total capacity of the system volume and primary disk. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PrimaryDiskTotalCapacity**  Retrieves the amount of disk space on the primary disk of the device in MB.
-- **PrimaryDiskType**  Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
-- **StorageReservePassedPolicy**  Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device.
-- **SystemVolumeTotalCapacity**  Retrieves the size of the partition that the System volume is installed on in MB.
-
-
-### Census.Userdefault
-
-This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CalendarType**  The calendar identifiers that are used to specify different calendars.
-- **DefaultApp**  The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
-- **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
-- **LocaleName**  Name of the current user locale given by LOCALE_SNAME via the GetLocaleInfoEx() function.
-- **LongDateFormat**  The long date format the user has selected.
-- **ShortDateFormat**  The short date format the user has selected.
-
-
-### Census.UserDisplay
-
-This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **InternalPrimaryDisplayLogicalDPIX**  Retrieves the logical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayLogicalDPIY**  Retrieves the logical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIX**  Retrieves the physical DPI in the x-direction of the internal display.
-- **InternalPrimaryDisplayPhysicalDPIY**  Retrieves the physical DPI in the y-direction of the internal display.
-- **InternalPrimaryDisplayResolutionHorizontal**  Retrieves the number of pixels in the horizontal direction of the internal display.
-- **InternalPrimaryDisplayResolutionVertical**  Retrieves the number of pixels in the vertical direction of the internal display.
-- **InternalPrimaryDisplaySizePhysicalH**  Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
-- **InternalPrimaryDisplaySizePhysicalY**  Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
-- **NumberofExternalDisplays**  Retrieves the number of external displays connected to the machine
-- **NumberofInternalDisplays**  Retrieves the number of internal displays in a machine.
-- **VRAMDedicated**  Retrieves the video RAM in MB.
-- **VRAMDedicatedSystem**  Retrieves the amount of memory on the dedicated video card.
-- **VRAMSharedSystem**  Retrieves the amount of RAM memory that the video card can use.
-
-
-### Census.UserNLS
-
-This event sends data about the default app language, input, and display language preferences set by the user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DefaultAppLanguage**  The current user Default App Language.
-- **DisplayLanguage**  The current user preferred Windows Display Language.
-- **HomeLocation**  The current user location, which is populated using GetUserGeoId() function.
-- **KeyboardInputLanguages**  The Keyboard input languages installed on the device.
-- **SpeechInputLanguages**  The Speech Input languages installed on the device.
-
-
-### Census.UserPrivacySettings
-
-This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **Activity**  Current state of the activity history setting.
-- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
-- **ActivityHistoryCollection**  Current state of the activity history collection setting.
-- **AdvertisingId**  Current state of the advertising ID setting.
-- **AppDiagnostics**  Current state of the app diagnostics setting.
-- **Appointments**  Current state of the calendar setting.
-- **Bluetooth**  Current state of the Bluetooth capability setting.
-- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
-- **BroadFileSystemAccess**  Current state of the broad file system access setting.
-- **CellularData**  Current state of the cellular data capability setting.
-- **Chat**  Current state of the chat setting.
-- **Contacts**  Current state of the contacts setting.
-- **DocumentsLibrary**  Current state of the documents library setting.
-- **Email**  Current state of the email setting.
-- **GazeInput**  Current state of the gaze input setting.
-- **HumanInterfaceDevice**  Current state of the human interface device setting.
-- **InkTypeImprovement**  Current state of the improve inking and typing setting.
-- **InkTypePersonalization**  Current state of the inking and typing personalization setting.
-- **Location**  Current state of the location setting.
-- **LocationHistory**  Current state of the location history setting.
-- **LocationHistoryCloudSync**  Current state of the location history cloud sync setting.
-- **LocationHistoryOnTimeline**  Current state of the location history on timeline setting.
-- **Microphone**  Current state of the microphone setting.
-- **PhoneCall**  Current state of the phone call setting.
-- **PhoneCallHistory**  Current state of the call history setting.
-- **PicturesLibrary**  Current state of the pictures library setting.
-- **Radios**  Current state of the radios setting.
-- **SensorsCustom**  Current state of the custom sensor setting.
-- **SerialCommunication**  Current state of the serial communication setting.
-- **Sms**  Current state of the text messaging setting.
-- **SpeechPersonalization**  Current state of the speech services setting.
-- **USB**  Current state of the USB setting.
-- **UserAccountInformation**  Current state of the account information setting.
-- **UserDataTasks**  Current state of the tasks setting.
-- **UserNotificationListener**  Current state of the notifications setting.
-- **VideosLibrary**  Current state of the videos library setting.
-- **Webcam**  Current state of the camera setting.
-- **WiFiDirect**  Current state of the Wi-Fi direct setting.
-
-
-### Census.VM
-
-This event sends data indicating whether virtualization is enabled on the device, and its various characteristics. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CloudService**  Indicates which cloud service, if any, that this virtual machine is running within.
-- **HyperVisor**  Retrieves whether the current OS is running on top of a Hypervisor.
-- **IOMMUPresent**  Represents if an input/output memory management unit (IOMMU) is present.
-- **IsVDI**  Is the device using Virtual Desktop Infrastructure?
-- **IsVirtualDevice**  Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
-- **IsWVDSessionHost**  Indicates if this is a Windows Virtual Device session host.
-- **SLATSupported**  Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
-- **VirtualizationFirmwareEnabled**  Represents whether virtualization is enabled in the firmware.
-- **VMId**  A string that identifies a virtual machine.
-- **WVDEnvironment**  Represents the WVD service environment to which this session host has been joined.
-
-
-### Census.WU
-
-This event sends data about the Windows update server and other App store policies. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AppraiserGatedStatus**  Indicates whether a device has been gated for upgrading.
-- **AppStoreAutoUpdate**  Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
-- **AppStoreAutoUpdateMDM**  Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
-- **AppStoreAutoUpdatePolicy**  Retrieves the Microsoft Store App Auto Update group policy setting
-- **DelayUpgrade**  Retrieves the Windows upgrade flag for delaying upgrades.
-- **IsHotPatchEnrolled**  Represents the current state of the device in relation to enrollment in the hotpatch program.
-- **OSAssessmentFeatureOutOfDate**  How many days has it been since a the last feature update was released but the device did not install it?
-- **OSAssessmentForFeatureUpdate**  Is the device is on the latest feature update?
-- **OSAssessmentForQualityUpdate**  Is the device on the latest quality update?
-- **OSAssessmentForSecurityUpdate**  Is the device  on the latest security update?
-- **OSAssessmentQualityOutOfDate**  How many days has it been since a the last quality update was released but the device did not install it?
-- **OSAssessmentReleaseInfoTime**  The freshness of release information used to perform an assessment.
-- **OSRollbackCount**  The number of times feature updates have rolled back on the device.
-- **OSRolledBack**  A flag that represents when a feature update has rolled back during setup.
-- **OSUninstalled**  A flag that represents when a feature update is uninstalled on a device .
-- **OSWUAutoUpdateOptions**  Retrieves the auto update settings on the device.
-- **OSWUAutoUpdateOptionsSource**  The source of auto update setting that appears in the OSWUAutoUpdateOptions field.  For example: Group Policy (GP), Mobile Device Management (MDM), and Default.
-- **UninstallActive**  A flag that represents when a device has uninstalled a previous upgrade recently.
-- **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
-- **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
-- **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
-- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update updates to other devices on the same network.
-- **WULCUVersion**  Version of the LCU Installed on the machine.
-- **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
-- **WUPauseState**  Retrieves Windows Update setting to determine if updates are paused.
-- **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
-
-
-## Code Integrity events
-
-### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility
-
-Fires when the compatibility check completes. Gives the results from the check.
-
-The following fields are available:
-
-- **IsRecommended**  Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false.
-- **Issues**  If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement).
-
-
-### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled
-
-Fires when auto-enablement is successful and HVCI is being enabled on the device.
-
-
-
-### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity
-
-Fires at the beginning and end of the HVCI auto-enablement process in sysprep.
-
-The following fields are available:
-
-- **wilActivity**  Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
-
-Fires when driver scanning fails to get results.
-
-
-
-### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.IsRegionDisabledLanguage
-
-Fires when an incompatible language pack is detected.
-
-The following fields are available:
-
-- **Language**  String containing the incompatible language pack detected.
-
-
-## Common data extensions
-
-### Common Data Extensions.app
-
-Describes the properties of the running application. This extension could be populated by a client app or a web app.
-
-The following fields are available:
-
-- **asId**  An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
-- **env**  The environment from which the event was logged.
-- **expId**  Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
-- **id**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
-- **locale**  The locale of the app.
-- **name**  The name of the app.
-- **userId**  The userID as known by the application.
-- **ver**  Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
-
-
-### Common Data Extensions.container
-
-Describes the properties of the container for events logged within a container.
-
-The following fields are available:
-
-- **epoch**  An ID that's incremented for each SDK initialization.
-- **localId**  The device ID as known by the client.
-- **osVer**  The operating system version.
-- **seq**  An ID that's incremented for each event.
-- **type**  The container type. Examples: Process or VMHost
-
-
-### Common Data Extensions.device
-
-Describes the device-related fields.
-
-The following fields are available:
-
-- **deviceClass**  The device classification. For example, Desktop, Server, or Mobile.
-- **localId**  A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
-- **make**  Device manufacturer.
-- **model**  Device model.
-
-
-### Common Data Extensions.Envelope
-
-Represents an envelope that contains all of the common data extensions.
-
-The following fields are available:
-
-- **data**  Represents the optional unique diagnostic data for a particular event schema.
-- **ext_app**  Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
-- **ext_container**  Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
-- **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
-- **ext_mscv**  Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv).
-- **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_sdk**  Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
-- **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
-- **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
-- **ext_xbl**  Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
-- **iKey**  Represents an ID for applications or other logical groupings of events.
-- **name**  Represents the uniquely qualified name for the event.
-- **time**  Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
-- **ver**  Represents the major and minor version of the extension.
-
-
-### Common Data Extensions.mscv
-
-Describes the correlation vector-related fields.
-
-The following fields are available:
-
-- **cV**  Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries.
-
-
-### Common Data Extensions.os
-
-Describes some properties of the operating system.
-
-The following fields are available:
-
-- **bootId**  An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
-- **expId**  Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
-- **locale**  Represents the locale of the operating system.
-- **name**  Represents the operating system name.
-- **ver**  Represents the major and minor version of the extension.
-
-
-### Common Data Extensions.sdk
-
-Used by platform specific libraries to record fields that are required for a specific SDK.
-
-The following fields are available:
-
-- **epoch**  An ID that is incremented for each SDK initialization.
-- **installId**  An ID that's created during the initialization of the SDK for the first time.
-- **libVer**  The SDK version.
-- **seq**  An ID that is incremented for each event.
-- **ver**  The version of the logging SDK.
-
-
-### Common Data Extensions.user
-
-Describes the fields related to a user.
-
-The following fields are available:
-
-- **authId**  This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
-- **locale**  The language and region.
-- **localId**  Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
-
-
-### Common Data Extensions.utc
-
-Describes the properties that could be populated by a logging library on Windows.
-
-The following fields are available:
-
-- **aId**  Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
-- **bSeq**  Upload buffer sequence number in the format: buffer identifier:sequence number
-- **cat**  Represents a bitmask of the ETW Keywords associated with the event.
-- **cpId**  The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
-- **epoch**  Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
-- **eventFlags**  Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
-- **flags**  Represents the bitmap that captures various Windows specific flags.
-- **loggingBinary**  The binary (executable, library, driver, etc.) that fired the event.
-- **mon**  Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
-- **op**  Represents the ETW Op Code.
-- **pgName**  The short form of the provider group name associated with the event.
-- **popSample**  Represents the effective sample rate for this event at the time it was generated by a client.
-- **providerGuid**  The ETW provider ID associated with the provider name.
-- **raId**  Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
-- **seq**  Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
-- **sqmId**  The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
-- **stId**  Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
-- **wcmp**  The Windows Shell Composer ID.
-- **wPId**  The Windows Core OS product ID.
-- **wsId**  The Windows Core OS session ID.
-
-
-### Common Data Extensions.xbl
-
-Describes the fields that are related to XBOX Live.
-
-The following fields are available:
-
-- **claims**  Any additional claims whose short claim name hasn't been added to this structure.
-- **did**  XBOX device ID
-- **dty**  XBOX device type
-- **dvr**  The version of the operating system on the device.
-- **eid**  A unique ID that represents the developer entity.
-- **exp**  Expiration time
-- **ip**  The IP address of the client device.
-- **nbf**  Not before time
-- **pid**  A comma separated list of PUIDs listed as base10 numbers.
-- **sbx**  XBOX sandbox identifier
-- **sid**  The service instance ID.
-- **sty**  The service type.
-- **tid**  The XBOX Live title ID.
-- **tvr**  The XBOX Live title version.
-- **uts**  A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
-- **xid**  A list of base10-encoded XBOX User IDs.
-
-
-## Common data fields
-
-### Ms.Device.DeviceInventoryChange
-
-Describes the installation state for all hardware and software components available on a particular device.
-
-The following fields are available:
-
-- **action**  The change that was invoked on a device inventory object.
-- **inventoryId**  Device ID used for Compatibility testing
-- **objectInstanceId**  Object identity which is unique within the device scope.
-- **objectType**  Indicates the object type that the event applies to.
-- **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
-
-
-## Component-based servicing events
-
-### CbsServicingProvider.CbsCapabilityEnumeration
-
-This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date.
-
-The following fields are available:
-
-- **architecture**  Indicates the scan was limited to the specified architecture.
-- **capabilityCount**  The number of optional content packages found during the scan.
-- **clientId**  The name of the application requesting the optional content.
-- **duration**  The amount of time it took to complete the scan.
-- **hrStatus**  The HReturn code of the scan.
-- **language**  Indicates the scan was limited to the specified language.
-- **majorVersion**  Indicates the scan was limited to the specified major version.
-- **minorVersion**  Indicates the scan was limited to the specified minor version.
-- **namespace**  Indicates the scan was limited to packages in the specified namespace.
-- **sourceFilter**  A bitmask indicating the scan checked for locally available optional content.
-- **stackBuild**  The build number of the servicing stack.
-- **stackMajorVersion**  The major version number of the servicing stack.
-- **stackMinorVersion**  The minor version number of the servicing stack.
-- **stackRevision**  The revision number of the servicing stack.
-
-
-### CbsServicingProvider.CbsCapabilitySessionFinalize
-
-This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **capabilities**  The names of the optional content packages that were installed.
-- **clientId**  The name of the application requesting the optional content.
-- **currentID**  The ID of the current install session.
-- **downloadSource**  The source of the download.
-- **highestState**  The highest final install state of the optional content.
-- **hrLCUReservicingStatus**  Indicates whether the optional content was updated to the latest available version.
-- **hrStatus**  The HReturn code of the install operation.
-- **rebootCount**  The number of reboots required to complete the install.
-- **retryID**  The session ID that will be used to retry a failed operation.
-- **retryStatus**  Indicates whether the install will be retried in the event of failure.
-- **stackBuild**  The build number of the servicing stack.
-- **stackMajorVersion**  The major version number of the servicing stack.
-- **stackMinorVersion**  The minor version number of the servicing stack.
-- **stackRevision**  The revision number of the servicing stack.
-
-
-### CbsServicingProvider.CbsCapabilitySessionPended
-
-This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
-
-The following fields are available:
-
-- **clientId**  The name of the application requesting the optional content.
-- **pendingDecision**  Indicates the cause of reboot, if applicable.
-
-
-### CbsServicingProvider.CbsLateAcquisition
-
-This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **Features**  The list of feature packages that could not be updated.
-- **RetryID**  The ID identifying the retry attempt to update the listed packages.
-
-
-### CbsServicingProvider.CbsPackageRemoval
-
-This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
-
-The following fields are available:
-
-- **buildVersion**  The build number of the security update being uninstalled.
-- **clientId**  The name of the application requesting the uninstall.
-- **currentStateEnd**  The final state of the update after the operation.
-- **failureDetails**  Information about the cause of a failure, if applicable.
-- **failureSourceEnd**  The stage during the uninstall where the failure occurred.
-- **hrStatusEnd**  The overall exit code of the operation.
-- **initiatedOffline**  Indicates if the uninstall was initiated for a mounted Windows image.
-- **majorVersion**  The major version number of the security update being uninstalled.
-- **minorVersion**  The minor version number of the security update being uninstalled.
-- **originalState**  The starting state of the update before the operation.
-- **pendingDecision**  Indicates the cause of reboot, if applicable.
-- **primitiveExecutionContext**  The state during system startup when the uninstall was completed.
-- **revisionVersion**  The revision number of the security update being uninstalled.
-- **transactionCanceled**  Indicates whether the uninstall was cancelled.
-
-
-### CbsServicingProvider.CbsQualityUpdateInstall
-
-This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
-
-The following fields are available:
-
-- **buildVersion**  The build version number of the update package.
-- **clientId**  The name of the application requesting the optional content.
-- **corruptionHistoryFlags**  A bitmask of the types of component store corruption that have caused update failures on the device.
-- **corruptionType**  An enumeration listing the type of data corruption responsible for the current update failure.
-- **currentStateEnd**  The final state of the package after the operation has completed.
-- **doqTimeSeconds**  The time in seconds spent updating drivers.
-- **executeTimeSeconds**  The number of seconds required to execute the install.
-- **failureDetails**  The driver or installer that caused the update to fail.
-- **failureSourceEnd**  An enumeration indicating at what phase of the update a failure occurred.
-- **hrStatusEnd**  The return code of the install operation.
-- **initiatedOffline**  A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
-- **majorVersion**  The major version number of the update package.
-- **minorVersion**  The minor version number of the update package.
-- **originalState**  The starting state of the package.
-- **overallTimeSeconds**  The time (in seconds) to perform the overall servicing operation.
-- **planTimeSeconds**  The time in seconds required to plan the update operations.
-- **poqTimeSeconds**  The time in seconds processing file and registry operations.
-- **postRebootTimeSeconds**  The time (in seconds) to do startup processing for the update.
-- **preRebootTimeSeconds**  The time (in seconds) between execution of the installation and the reboot.
-- **primitiveExecutionContext**  An enumeration indicating at what phase of shutdown or startup the update was installed.
-- **rebootCount**  The number of reboots required to install the update.
-- **rebootTimeSeconds**  The time (in seconds) before startup processing begins for the update.
-- **resolveTimeSeconds**  The time in seconds required to resolve the packages that are part of the update.
-- **revisionVersion**  The revision version number of the update package.
-- **rptTimeSeconds**  The time in seconds spent executing installer plugins.
-- **shutdownTimeSeconds**  The time (in seconds) required to do shutdown processing for the update.
-- **stackRevision**  The revision number of the servicing stack.
-- **stageTimeSeconds**  The time (in seconds) required to stage all files that are part of the update.
-
-
-### CbsServicingProvider.CbsSelectableUpdateChangeV2
-
-This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
-
-The following fields are available:
-
-- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
-- **buildVersion**  The build version of the package being installed.
-- **clientId**  The name of the application requesting the optional content change.
-- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
-- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
-- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
-- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
-- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
-- **hrDownloadResult**  The return code of the download operation.
-- **hrStatusUpdate**  The return code of the servicing operation.
-- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
-- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
-- **majorVersion**  The major version of the package being installed.
-- **minorVersion**  The minor version of the package being installed.
-- **packageArchitecture**  The architecture of the package being installed.
-- **packageLanguage**  The language of the package being installed.
-- **packageName**  The name of the package being installed.
-- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
-- **revisionVersion**  The revision number of the package being installed.
-- **stackBuild**  The build number of the servicing stack binary performing the installation.
-- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
-- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
-- **stackRevision**  The revision number of the servicing stack binary performing the installation.
-- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
-- **updateStartState**  A value indicating the state of the optional content before the operation started.
-- **updateTargetState**  A value indicating the desired state of the optional content.
-
-
-### CbsServicingProvider.CbsUpdateDeferred
-
-This event reports the results of deferring Windows Content to keep Windows up to date.
-
-
-
-## Deployment events
-
-### Microsoft.Windows.Deployment.Imaging.AppExit
-
-This event is sent on imaging application exit. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **hr**  HResult returned from app exit.
-- **sId**  Session Id of the application.
-- **totalTimeInMs**  Total time taken in Ms.
-
-
-### Microsoft.Windows.Deployment.Imaging.AppInvoked
-
-This event is sent when the app for image creation is invoked. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **branch**  Corresponding branch for the image.
-- **isInDbg**  Whether the app is in debug mode or not.
-- **isWSK**  Whether the app is building images using WSK or not.
-- **sId**  Id of the session.
-
-
-### Microsoft.Windows.Deployment.Imaging.Failed
-
-This failure event is sent when imaging fails. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **hr**  HResult returned.
-- **msg**  Message returned.
-- **sId**  Session Id.
-- **stack**  Stack information.
-
-
-### Microsoft.Windows.Deployment.Imaging.ImagingCompleted
-
-This event is sent when imaging is done. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **appExecTimeInMs**  Execution time in milliseconds.
-- **buildInfo**  Information of the build.
-- **compDbPrepTimeInMs**  Preparation time in milliseconds for the CompDBs.
-- **executeUpdateTimeInMs**  Update execution time in milliseconds.
-- **fileStageTimeInMs**  File staging time in milliseconds.
-- **hr**  HResult returned from imaging.
-- **imgSizeInMB**  Image size in MB.
-- **mutexWaitTimeInMs**  Mutex wait time in milliseconds.
-- **prepareUpdateTimeInMs**  Update preparation time in milliseconds.
-- **sId**  Session id for the application.
-- **totalRunTimeInMs**  Total running time in milliseconds.
-- **updateOsTimeInMs**  Time in milliseconds spent in update OS.
-
-
-### Microsoft.Windows.Deployment.Imaging.ImagingStarted
-
-This event is sent when an imaging session starts. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **arch**  Architecture of the image.
-- **device**  Device type for which the image is built.
-- **imgFormat**  Format of the image.
-- **imgSkip**  Parameter for skipping certain image types when building.
-- **imgType**  The type of image being built.
-- **lang**  Language of the image being built.
-- **prod**  Image product type.
-- **sId**  Session id for the app.
-
-
-## Deployment extensions
-
-### DeploymentTelemetry.Deployment_End
-
-This event indicates that a Deployment 360 API has completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of the user utilizing the D360 API.
-- **ErrorCode**  Error code of action.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Mode**  Phase in upgrade.
-- **RelatedCV**  The correction vector (CV) of any other related events
-- **Result**  End result of the action.
-
-
-### DeploymentTelemetry.Deployment_SetupBoxLaunch
-
-This event indicates that the Deployment 360 APIs have launched Setup Box. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The client ID of the user utilizing the D360 API.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Quiet**  Whether Setup will run in quiet mode or full mode.
-- **RelatedCV**  The correlation vector (CV) of any other related events.
-- **SetupMode**  The current setup phase.
-
-
-### DeploymentTelemetry.Deployment_SetupBoxResult
-
-This event indicates that the Deployment 360 APIs have received a return from Setup Box. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of the user utilizing the D360 API.
-- **ErrorCode**  Error code of the action.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Quiet**  Indicates whether Setup will run in quiet mode or full mode.
-- **RelatedCV**  The correlation vector (CV) of any other related events.
-- **SetupMode**  The current Setup phase.
-
-
-### DeploymentTelemetry.Deployment_Start
-
-This event indicates that a Deployment 360 API has been called. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  Client ID of the user utilizing the D360 API.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **Mode**  The current phase of the upgrade.
-- **RelatedCV**  The correlation vector (CV) of any other related events.
-
-
-## Diagnostic data events
-
-### TelClientSynthetic.AbnormalShutdown_0
-
-This event sends data about boot IDs for which a normal clean shutdown was not observed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **AbnormalShutdownBootId**  BootId of the abnormal shutdown being reported by this event.
-- **AbsCausedbyAutoChk**  This flag is set when AutoCheck forces a device restart to indicate that the shutdown was not an abnormal shutdown.
-- **AcDcStateAtLastShutdown**  Identifies if the device was on battery or plugged in.
-- **BatteryLevelAtLastShutdown**  The last recorded battery level.
-- **BatteryPercentageAtLastShutdown**  The battery percentage at the last shutdown.
-- **CrashDumpEnabled**  Are crash dumps enabled?
-- **CumulativeCrashCount**  Cumulative count of operating system crashes since the BootId reset.
-- **CurrentBootId**  BootId at the time the abnormal shutdown event was being reported.
-- **Firmwaredata->ResetReasonEmbeddedController**  The reset reason that was supplied by the firmware.
-- **Firmwaredata->ResetReasonEmbeddedControllerAdditional**  Additional data related to reset reason provided by the firmware.
-- **Firmwaredata->ResetReasonPch**  The reset reason that was supplied by the hardware.
-- **Firmwaredata->ResetReasonPchAdditional**  Additional data related to the reset reason supplied by the hardware.
-- **Firmwaredata->ResetReasonSupplied**  Indicates whether the firmware supplied any reset reason or not.
-- **FirmwareType**  ID of the FirmwareType as enumerated in DimFirmwareType.
-- **HardwareWatchdogTimerGeneratedLastReset**  Indicates whether the hardware watchdog timer caused the last reset.
-- **HardwareWatchdogTimerPresent**  Indicates whether hardware watchdog timer was present or not.
-- **InvalidBootStat**  This is a sanity check flag that ensures the validity of the bootstat file.
-- **LastBugCheckBootId**  bootId of the last captured crash.
-- **LastBugCheckCode**  Code that indicates the type of error.
-- **LastBugCheckContextFlags**  Additional crash dump settings.
-- **LastBugCheckOriginalDumpType**  The type of crash dump the system intended to save.
-- **LastBugCheckOtherSettings**  Other crash dump settings.
-- **LastBugCheckParameter1**  The first parameter with additional info on the type of the error.
-- **LastBugCheckProgress**  Progress towards writing out the last crash dump.
-- **LastBugCheckVersion**  The version of the information struct written during the crash.
-- **LastSuccessfullyShutdownBootId**  BootId of the last fully successful shutdown.
-- **LongPowerButtonPressDetected**  Identifies if the user was pressing and holding power button.
-- **OOBEInProgress**  Identifies if OOBE is running.
-- **OSSetupInProgress**  Identifies if the operating system setup is running.
-- **PowerButtonCumulativePressCount**  How many times has the power button been pressed?
-- **PowerButtonCumulativeReleaseCount**  How many times has the power button been released?
-- **PowerButtonErrorCount**  Indicates the number of times there was an error attempting to record power button metrics.
-- **PowerButtonLastPressBootId**  BootId of the last time the power button was pressed.
-- **PowerButtonLastPressTime**  Date and time of the last time the power button was pressed.
-- **PowerButtonLastReleaseBootId**  BootId of the last time the power button was released.
-- **PowerButtonLastReleaseTime**  Date and time of the last time the power button was released.
-- **PowerButtonPressCurrentCsPhase**  Represents the phase of Connected Standby exit when the power button was pressed.
-- **PowerButtonPressIsShutdownInProgress**  Indicates whether a system shutdown was in progress at the last time the power button was pressed.
-- **PowerButtonPressLastPowerWatchdogStage**  Progress while the monitor is being turned on.
-- **PowerButtonPressPowerWatchdogArmed**  Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
-- **ShutdownDeviceType**  Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
-- **SleepCheckpoint**  Provides the last checkpoint when there is a failure during a sleep transition.
-- **SleepCheckpointSource**  Indicates whether the source is the EFI variable or bootstat file.
-- **SleepCheckpointStatus**  Indicates whether the checkpoint information is valid.
-- **StaleBootStatData**  Identifies if the data from bootstat is stale.
-- **TransitionInfoBootId**  BootId of the captured transition info.
-- **TransitionInfoCSCount**  l number of times the system transitioned from Connected Standby mode.
-- **TransitionInfoCSEntryReason**  Indicates the reason the device last entered Connected Standby mode.
-- **TransitionInfoCSExitReason**  Indicates the reason the device last exited Connected Standby mode.
-- **TransitionInfoCSInProgress**  At the time the last marker was saved, the system was in or entering Connected Standby mode.
-- **TransitionInfoLastReferenceTimeChecksum**  The checksum of TransitionInfoLastReferenceTimestamp,
-- **TransitionInfoLastReferenceTimestamp**  The date and time that the marker was last saved.
-- **TransitionInfoLidState**  Describes the state of the laptop lid.
-- **TransitionInfoPowerButtonTimestamp**  The date and time of the last time the power button was pressed.
-- **TransitionInfoSleepInProgress**  At the time the last marker was saved, the system was in or entering sleep mode.
-- **TransitionInfoSleepTranstionsToOn**  Total number of times the device transitioned from sleep mode.
-- **TransitionInfoSystemRunning**  At the time the last marker was saved, the device was running.
-- **TransitionInfoSystemShutdownInProgress**  Indicates whether a device shutdown was in progress when the power button was pressed.
-- **TransitionInfoUserShutdownInProgress**  Indicates whether a user shutdown was in progress when the power button was pressed.
-- **TransitionLatestCheckpointId**  Represents a unique identifier for a checkpoint during the device state transition.
-- **TransitionLatestCheckpointSeqNumber**  Represents the chronological sequence number of the checkpoint.
-- **TransitionLatestCheckpointType**  Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
-- **VirtualMachineId**  If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host.
-
-
-### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
-
-This event is fired by UTC at state transitions to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if we can add MSA PUID and CID to telemetry, false otherwise.
-- **CanCollectAnyTelemetry**  True if we are allowed to collect partner telemetry, false otherwise.
-- **CanCollectCoreTelemetry**  True if we can collect CORE/Basic telemetry, false otherwise.
-- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
-- **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
-- **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
-- **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
-- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
-- **IsProcessorMode**  True if it is Processor Mode, false otherwise.
-- **PreviousPermissions**  Bitmask of previous telemetry state.
-- **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
-
-
-### TelClientSynthetic.AuthorizationInfo_Startup
-
-This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CanAddMsaToMsTelemetry**  True if we can add MSA PUID and CID to telemetry, false otherwise.
-- **CanCollectAnyTelemetry**  True if we are allowed to collect partner telemetry, false otherwise.
-- **CanCollectCoreTelemetry**  True if we can collect CORE/Basic telemetry, false otherwise.
-- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
-- **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
-- **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
-- **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
-- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
-- **IsProcessorMode**  True if it is Processor Mode, false otherwise.
-- **PreviousPermissions**  Bitmask of previous telemetry state.
-- **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
-
-
-### TelClientSynthetic.ConnectivityHeartBeat_0
-
-This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network. This event is fired by UTC during periods of no network as a heartbeat signal, to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CensusExitCode**  Last exit code of Census task
-- **CensusStartTime**  Returns timestamp corresponding to last successful census run.
-- **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
-- **LastConnectivityLossTime**  The FILETIME at which the last free network loss occurred.
-- **NetworkState**  Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
-- **NoNetworkTime**  Retrieves the time spent with no network (since the last time) in seconds.
-- **RestrictedNetworkTime**  The total number of seconds with restricted network during this heartbeat period.
-
-
-### TelClientSynthetic.EventMonitor_0
-
-This event provides statistics for specific diagnostic events.
-
-The following fields are available:
-
-- **ConsumerCount**  The number of instances seen in the Event Tracing for Windows consumer.
-- **EventName**  The name of the event being monitored.
-- **EventSnFirst**  The expected first event serial number.
-- **EventSnLast**  The expected last event serial number.
-- **EventStoreCount**  The number of events reaching the event store.
-- **MonitorSn**  The serial number of the monitor.
-- **TriggerCount**  The number of events reaching the trigger buffer.
-- **UploadedCount**  The number of events uploaded.
-
-
-### TelClientSynthetic.GetFileInfoAction_FilePathNotApproved_0
-
-This event occurs when the DiagTrack escalation fails due to the scenario requesting a path that is not approved for GetFileInfo actions.
-
-The following fields are available:
-
-- **FilePath**  The unexpanded path in the scenario XML.
-- **ScenarioId**  The globally unique identifier (GUID) of the scenario.
-- **ScenarioInstanceId**  The error code denoting which path failed (internal or external).
-
-
-### TelClientSynthetic.HeartBeat_5
-
-This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
-
-The following fields are available:
-
-- **AgentConnectionErrorsCount**  Number of non-timeout errors associated with the host/agent channel.
-- **CensusExitCode**  The last exit code of the Census task.
-- **CensusStartTime**  Time of last Census run.
-- **CensusTaskEnabled**  True if Census is enabled, false otherwise.
-- **CompressedBytesUploaded**  Number of compressed bytes uploaded.
-- **ConsumerDroppedCount**  Number of events dropped at consumer layer of telemetry client.
-- **CriticalDataDbDroppedCount**  Number of critical data sampled events dropped at the database layer.
-- **CriticalDataThrottleDroppedCount**  The number of critical data sampled events that were dropped because of throttling.
-- **CriticalOverflowEntersCounter**  Number of times critical overflow mode was entered in event DB.
-- **DbCriticalDroppedCount**  Total number of dropped critical events in event DB.
-- **DbDroppedCount**  Number of events dropped due to DB fullness.
-- **DbDroppedFailureCount**  Number of events dropped due to DB failures.
-- **DbDroppedFullCount**  Number of events dropped due to DB fullness.
-- **DecodingDroppedCount**  Number of events dropped due to decoding failures.
-- **EnteringCriticalOverflowDroppedCounter**  Number of events dropped due to critical overflow mode being initiated.
-- **EtwDroppedBufferCount**  Number of buffers dropped in the UTC ETW session.
-- **EtwDroppedCount**  Number of events dropped at ETW layer of telemetry client.
-- **EventsPersistedCount**  Number of events that reached the PersistEvent stage.
-- **EventStoreLifetimeResetCounter**  Number of times event DB was reset for the lifetime of UTC.
-- **EventStoreResetCounter**  Number of times event DB was reset.
-- **EventStoreResetSizeSum**  Total size of event DB across all resets reports in this instance.
-- **EventsUploaded**  Number of events uploaded.
-- **Flags**  Flags indicating device state such as network state, battery state, and opt-in state.
-- **FullTriggerBufferDroppedCount**  Number of events dropped due to trigger buffer being full.
-- **HeartBeatSequenceNumber**  The sequence number of this heartbeat.
-- **InvalidHttpCodeCount**  Number of invalid HTTP codes received from contacting Vortex.
-- **LastAgentConnectionError**  Last non-timeout error encountered in the host/agent channel.
-- **LastEventSizeOffender**  Event name of last event which exceeded max event size.
-- **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
-- **MaxActiveAgentConnectionCount**  The maximum number of active agents during this heartbeat timeframe.
-- **MaxInUseScenarioCounter**  Soft maximum number of scenarios loaded by UTC.
-- **PreviousHeartBeatTime**  Time of last heartbeat event (allows chaining of events).
-- **PrivacyBlockedCount**  The number of events blocked due to privacy settings or tags.
-- **RepeatedUploadFailureDropped**  Number of events lost due to repeated upload failures for a single buffer.
-- **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
-- **SettingsHttpFailures**  The number of failures from contacting the OneSettings service.
-- **ThrottledDroppedCount**  Number of events dropped due to throttling of noisy providers.
-- **TopUploaderErrors**  List of top errors received from the upload endpoint.
-- **UploaderDroppedCount**  Number of events dropped at the uploader layer of telemetry client.
-- **UploaderErrorCount**  Number of errors received from the upload endpoint.
-- **VortexFailuresTimeout**  The number of timeout failures received from Vortex.
-- **VortexHttpAttempts**  Number of attempts to contact Vortex.
-- **VortexHttpFailures4xx**  Number of 400-499 error codes received from Vortex.
-- **VortexHttpFailures5xx**  Number of 500-599 error codes received from Vortex.
-- **VortexHttpResponseFailures**  Number of Vortex responses that are not 2XX or 400.
-- **VortexHttpResponsesWithDroppedEvents**  Number of Vortex responses containing at least 1 dropped event.
-
-
-### TelClientSynthetic.HeartBeat_Agent_5
-
-This event sends data about the health and quality of the diagnostic data from the specified device (agent), to help keep Windows up to date.
-
-The following fields are available:
-
-- **ConsumerDroppedCount**  The number of events dropped at the consumer layer of the diagnostic data collection client.
-- **ContainerBufferFullDropCount**  The number of events dropped due to the container buffer being full.
-- **ContainerBufferFullSevilleDropCount**  The number of “Seville” events dropped due to the container buffer being full.
-- **CriticalDataThrottleDroppedCount**  The number of critical data sampled events dropped due to data throttling.
-- **DecodingDroppedCount**  The number of events dropped due to decoding failures.
-- **EtwDroppedBufferCount**  The number of buffers dropped in the ETW (Event Tracing for Windows) session.
-- **EtwDroppedCount**  The number of events dropped at the ETW (Event Tracing for Windows) layer of the diagnostic data collection client on the user’s device.
-- **EventsForwardedToHost**  The number of events forwarded from agent (device) to host (server).
-- **FullTriggerBufferDroppedCount**  The number of events dropped due to the trigger buffer being full.
-- **HeartBeatSequenceNumber**  The heartbeat sequence number associated with this event.
-- **HostConnectionErrorsCount**  The number of non-timeout errors encountered in the host (server)/agent (device) socket transport channel.
-- **HostConnectionTimeoutsCount**  The number of connection timeouts between the host (server) and agent (device).
-- **LastHostConnectionError**  The last error from a connection between host (server) and agent (device).
-- **PreviousHeartBeatTime**  The timestamp of the last heartbeat event.
-- **ThrottledDroppedCount**  The number of events dropped due to throttling of “noisy” providers.
-
-
-### TelClientSynthetic.HeartBeat_DevHealthMon_5
-
-This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up to date with the latest security and safety features.
-
-The following fields are available:
-
-- **HeartBeatSequenceNumber**  The heartbeat sequence number associated with this event.
-- **PreviousHeartBeatTime**  The timestamp of the last heartbeat event.
-
-
-### TelClientSynthetic.LifetimeManager_ConsumerBaseTimestampChange_0
-
-This event sends data when the Windows Diagnostic data collection mechanism detects a timestamp adjustment for incoming diagnostic events. This data is critical for dealing with time changes during diagnostic data analysis, to help keep the device up to date.
-
-The following fields are available:
-
-- **NewBaseTime**  The new QPC (Query Performance Counter) base time from ETW (Event Tracing for Windows).
-- **NewSystemTime**  The new system time of the device.
-- **OldSystemTime**  The previous system time of the device.
-
-
-### TelClientSynthetic.MatchEngine_ScenarioCompletionThrottled_0
-
-This event sends data when scenario completion is throttled (truncated or otherwise restricted) because the scenario is excessively large.
-
-The following fields are available:
-
-- **MaxHourlyCompletionsSetting**  The maximum number of scenario completions per hour until throttling kicks in.
-- **ScenarioId**  The globally unique identifier (GUID) of the scenario being throttled.
-- **ScenarioName**  The name of the scenario being throttled.
-
-
-### TelClientSynthetic.OsEvents_BootStatReset_0
-
-This event sends data when the Windows diagnostic data collection mechanism resets the Boot ID. This data helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **BootId**  The current Boot ID.
-- **ResetReason**  The reason code for resetting the Boot ID.
-
-
-### TelClientSynthetic.ProducerThrottled_At_TriggerBuffer_0
-
-This event sends data when a producer is throttled due to the trigger buffer exceeding defined thresholds.
-
-The following fields are available:
-
-- **BufferSize**  The size of the trigger buffer.
-- **DataType**  The type of event that this producer generates (Event Tracing for Windows, Time, Synthetic).
-- **EstSeenCount**  Estimated total number of inputs determining other “Est…” values.
-- **EstTopEvent1Count**  The count for estimated “noisiest” event from this producer.
-- **EstTopEvent1Name**  The name for estimated “noisiest” event from this producer.
-- **EstTopEvent2Count**  The count for estimated second “noisiest” event from this producer.
-- **EstTopEvent2Name**  The name for estimated second “noisiest” event from this producer.
-- **Hit**  The number of events seen from this producer.
-- **IKey**  The IKey identifier of the producer, if available.
-- **ProviderId**  The provider ID of the producer being throttled.
-- **ProviderName**  The provider name of the producer being throttled.
-- **Threshold**  The threshold crossed, which caused the throttling.
-
-
-### TelClientSynthetic.ProducerThrottled_Event_Rate_0
-
-This event sends data when an event producer is throttled by the Windows Diagnostic data collection mechanism. This data helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **EstSeenCount**  Estimated total number of inputs determining other “Est…” values.
-- **EstTopEvent1Count**  The count for estimated “noisiest” event from this producer.
-- **EstTopEvent1Name**  The name for estimated “noisiest” event from this producer.
-- **EstTopEvent2Count**  The count for estimated second “noisiest” event from this producer.
-- **EstTopEvent2Name**  The name for estimated second “noisiest” event from this producer.
-- **EventPerProviderThreshold**  The trigger point for throttling (value for each provider). This value is only applied once EventRateThreshold has been met.
-- **EventRateThreshold**  The total event rate trigger point for throttling.
-- **Hit**  The number of events seen from this producer.
-- **IKey**  The IKey identifier of the producer, if available.
-- **ProviderId**  The provider ID of the producer being throttled.
-- **ProviderName**  The provider name of the producer being throttled.
-
-
-### TelClientSynthetic.RunExeWithArgsAction_ExeTerminated_0
-
-This event sends data when an executable (EXE) file is terminated during escalation because it exceeded its maximum runtime (the maximum amount of time it was expected to run). This data helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **ExpandedExeName**  The expanded name of the executable (EXE) file.
-- **MaximumRuntimeMs**  The maximum runtime (in milliseconds) for this action.
-- **ScenarioId**  The globally unique identifier (GUID) of the scenario that was terminated.
-- **ScenarioInstanceId**  The globally unique identifier (GUID) of the scenario instance that was terminated.
-
-
-### TelClientSynthetic.RunExeWithArgsAction_ProcessReturnedNonZeroExitCode
-
-This event sends data when the RunExe process finishes during escalation, but returns a non-zero exit code. This data helps ensure Windows is up to date.
-
-The following fields are available:
-
-- **ExitCode**  The exit code of the process
-- **ExpandedExeName**  The expanded name of the executable (EXE) file.
-- **ScenarioId**  The globally unique identifier (GUID) of the escalating scenario.
-- **ScenarioInstanceId**  The globally unique identifier (GUID) of the scenario instance.
-
-
-### TelClientSynthetic.ServiceMain_DevHealthMonEvent
-
-This event is a low latency health alert that is part of the 4Nines device health monitoring feature currently available on Surface Hub devices. For a device that is opted in, this event is sent before shutdown to signal that the device is about to be powered down.
-
-
-
-## Direct to update events
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability
-
-This event indicates that the Coordinator CheckApplicability call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicabilityResult**  Result of CheckApplicability function.
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **IsCTA**  If device has the CTA regkey set.
-- **IsDeviceAADDomainJoined**  Indicates whether the device is logged in to the AAD (Azure Active Directory) domain.
-- **IsDeviceADDomainJoined**  Indicates whether the device is logged in to the AD (Active Directory) domain.
-- **IsDeviceCloverTrail**  Indicates whether the device has a Clover Trail system installed.
-- **IsDeviceDiskSpaceLow**  If device disk space is low.
-- **IsDeviceEnterpriseSku**  If device is an Enterprise SKU.
-- **IsDeviceFeatureUpdatingPaused**  Indicates whether Feature Update is paused on the device.
-- **IsDeviceNetworkMetered**  Indicates whether the device is connected to a metered network.
-- **IsDeviceOobeBlocked**  Indicates whether the OOBE (Out of Box Experience) is blocked on the device.
-- **IsDeviceRequireUpdateApproval**  Indicates whether user approval is required to install updates on the device.
-- **IsDeviceSccmManaged**  Indicates whether the device is running the Configuration Manager to keep the operating system and applications up to date.
-- **IsDeviceUninstallActive**  Indicates whether the OS (operating system) on the device was recently updated.
-- **IsDeviceUpdateNotificationLevel**  Indicates whether the device has a set policy to control update notifications.
-- **IsDeviceUpdateServiceManaged**  Indicates whether the device uses WSUS (Windows Server Update Services).
-- **IsDeviceWUFBManaged**  If device is Windows Update for Business managed.
-- **IsDeviceZeroExhaust**  Indicates whether the device subscribes to the Zero Exhaust policy to minimize connections from Windows to Microsoft.
-- **IsGreaterThanMaxRetry**  Indicates whether the DTU (Direct to Update) service has exceeded its maximum retry count.
-- **IsVolumeLicensed**  Indicates whether a volume license was used to authenticate the operating system or applications on the device.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure
-
-This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-- **hResult**  HRESULT of the failure
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess
-
-This event indicates that the Coordinator Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure
-
-This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Download call that will be ignored. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess
-
-This event indicates that the Coordinator Download call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownSuccess
-
-This event indicates that the Coordinator HandleShutdown call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess
-
-This event indicates that the Coordinator Initialize call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure
-
-This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess
-
-This event indicates that the Coordinator Install call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack
-
-This event indicates that the Coordinator's progress callback has been called. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **DeployPhase**  Current Deploy Phase.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess
-
-This event indicates that the Coordinator SetCommitReady call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator WaitForRebootUi call.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run.
-- **ClientID**  Client ID being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection
-
-This event indicates that the user selected an option on the Reboot UI. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **rebootUiSelection**  Selection on the Reboot UI.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess
-
-This event indicates that the Coordinator WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicability call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-- **CV_new**  New correlation vector
-- **hResult**  HRESULT of the failure
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicabilityInternal call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess
-
-This event indicates that the Handler CheckApplicabilityInternal call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicabilityResult**  The result of the applicability check.
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess
-
-This event indicates that the Handler CheckApplicability call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicabilityResult**  The result code indicating whether the update is applicable.
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **CV_new**  New correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess
-
-This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **CheckIfCoordinatorMinApplicableVersionResult**  Result of CheckIfCoordinatorMinApplicableVersion function.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **CV_new**  New correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess
-
-This event indicates that the Handler Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.run
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **CV_new**  New correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabAlreadyDownloaded
-
-This event indicates that the Handler Download and Extract cab returned a value indicating that the cab has already been downloaded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure
-
-This event indicates that the Handler Download and Extract cab call failed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **DownloadAndExtractCabFunction_failureReason**  Reason why the update download and extract process failed.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess
-
-This event indicates that the Handler Download and Extract cab call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess
-
-This event indicates that the Handler Download call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **DownloadAndExtractCabFunction_hResult**  HRESULT of the download and extract.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess
-
-This event indicates that the Handler Initialize call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **DownloadAndExtractCabFunction_hResult**  HRESULT of the download and extraction.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess
-
-This event indicates that the Coordinator Install call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the update campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadyGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler SetCommitReady call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  Campaign ID being run
-- **ClientID**  Client ID being run
-- **CoordinatorVersion**  Coordinator version of DTU
-- **CV**  Correlation vector
-- **hResult**  HRESULT of the failure
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess
-
-This event indicates that the Handler SetCommitReady call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure
-
-This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaigning being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-- **hResult**  The HRESULT of the failure.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess
-
-This event indicates that the Handler WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignID**  ID of the campaign being run.
-- **ClientID**  ID of the client receiving the update.
-- **CoordinatorVersion**  Coordinator version of Direct to Update.
-- **CV**  Correlation vector.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUNotificationUXEnteringState
-
-This event indicates that DTUNotificationUX has started processing a workflow state.  The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaign being run.
-- **ClientID**  The ID of the client being run.
-- **CoordinatorVersion**  The coordinator version of Direct To Update.
-- **CV**  Correlation vector.
-- **State**  State of the workflow.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUNotificationUXEvaluation
-
-This event indicates that Applicability DLL ran a set of applicability tests. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **Action**  The enumeration code of action that was handled.
-- **ActiveTestExpectedResults**  Bitmask of expected results of applicability tests.
-- **ActiveTestResults**  The bitmask results of applicability tests.
-- **ActiveTestsRun**  The bitmask of applicability tests that were run.
-- **CampaignID**  The ID of the campaign being run.
-- **ClientID**  The ID of the client being run.
-- **CoordinatorVersion**  The coordinator version of Direct To Update.
-- **CV**  Correlation vector.
-- **FullTestResults**  The bitmask of results of applicability tests.
-- **FullTestsRun**  The bitmask of applicability tests that were run.
-- **SuppressedTests**  The bitmask of applicability tests that were unable to run due to suppression caused by the configuration settings.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUNotificationUXExit
-
-This event indicates that DTUNotificationUX has finished execution. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaign being run.
-- **ClientID**  The ID of the client being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **HRESULTCausingExit**  HRESULT Causing an abnormal exit, or S_OK for normal exits.
-- **ProcessExitCode**  The exit code that DTUNotificationUX returns to DTUCoordinator.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUNotificationUXExitingState
-
-This event indicates that DTUNotificationUX has stopped processing a workflow state. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaign being run.
-- **ClientID**  The ID of the client being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **HRESULT**  Error (if any) that occurred.
-- **NextState**  Next workflow state we will enter.
-- **State**  The state of the workflow.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUNotificationUXFirstAcceptDialogDisplayed
-
-This event indicates that the First Accept dialog has been shown. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaign being run.
-- **ClientID**  The ID of the client being run.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-- **EnterpriseAttribution**  If true, the user is told that the enterprise managed the reboot.
-- **HRESULT**  Error (if any) that occurred.
-- **UserResponse**  Enumeration code indicating the user response to a dialog.
-
-
-### Microsoft.Windows.DirectToUpdate.DTUNotificationUXLaunch
-
-This event indicates that DTUNotificationUX has launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CampaignID**  The ID of the campaign being run.
-- **ClientID**  The ID of the client being run.
-- **CommandLine**  Command line passed to DTUNotificationUX.
-- **CoordinatorVersion**  Coordinator version of DTU.
-- **CV**  Correlation vector.
-
-
-## DISM events
-
-### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU
-
-The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **dismInstalledLCUPackageName**  The name of the latest installed package.
-
-
-### Microsoft.Windows.StartRepairCore.DISMPendingInstall
-
-The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **dismPendingInstallPackageName**  The name of the pending package.
-
-
-### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions
-
-The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **errorCode**  The result code returned by the event.
-
-
-### Microsoft.Windows.StartRepairCore.DISMUninstallLCU
-
-The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **errorCode**  The result code returned by the event.
-
-
-### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd
-
-The SRT Repair Action End event sends information to report repair operation ended for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **errorCode**  The result code returned by the event.
-- **failedUninstallCount**  The number of driver updates that failed to uninstall.
-- **failedUninstallFlightIds**  The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall.
-- **foundDriverUpdateCount**  The number of found driver updates.
-- **srtRepairAction**  The scenario name for a repair.
-- **successfulUninstallCount**  The number of successfully uninstalled driver updates.
-- **successfulUninstallFlightIds**  The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates.
-
-
-### Microsoft.Windows.StartRepairCore.SRTRepairActionStart
-
-The SRT Repair Action Start event sends information to report repair operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **srtRepairAction**  The scenario name for a repair.
-
-
-### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd
-
-The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **errorCode**  The result code returned by the event.
-- **flightIds**  The Flight IDs (identifier of the beta release) of found driver updates.
-- **foundDriverUpdateCount**  The number of found driver updates.
-- **srtRootCauseDiag**  The scenario name for a diagnosis event.
-
-
-### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart
-
-The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **srtRootCauseDiag**  The scenario name for a diagnosis event.
-
-
-## Driver installation events
-
-### Microsoft.Windows.DriverInstall.DeviceInstall
-
-This critical event sends information about the driver installation that took place. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ClassGuid**  The unique ID for the device class.
-- **ClassLowerFilters**  The list of lower filter class drivers.
-- **ClassUpperFilters**  The list of upper filter class drivers.
-- **CoInstallers**  The list of coinstallers.
-- **ConfigFlags**  The device configuration flags.
-- **DeviceConfigured**  Indicates whether this device was configured through the kernel configuration.
-- **DeviceInstalled**  Indicates whether the legacy install code path was used.
-- **DeviceInstanceId**  The unique identifier of the device in the system.
-- **DeviceStack**  The device stack of the driver being installed.
-- **DriverDate**  The date of the driver.
-- **DriverDescription**  A description of the driver function.
-- **DriverInfName**  Name of the INF file (the setup information file) for the driver.
-- **DriverInfSectionName**  Name of the DDInstall section within the driver INF file.
-- **DriverPackageId**  The ID of the driver package that is staged to the driver store.
-- **DriverProvider**  The driver manufacturer or provider.
-- **DriverShimIds**  List of driver shim IDs.
-- **DriverUpdated**  Indicates whether the driver is replacing an old driver.
-- **DriverVersion**  The version of the driver file.
-- **EndTime**  The time the installation completed.
-- **Error**  Provides the WIN32 error code for the installation.
-- **ExtensionDrivers**  List of extension drivers that complement this installation.
-- **FinishInstallAction**  Indicates whether the co-installer invoked the finish-install action.
-- **FinishInstallUI**  Indicates whether the installation process shows the user interface.
-- **FirmwareDate**  The firmware date that will be stored in the EFI System Resource Table (ESRT).
-- **FirmwareRevision**  The firmware revision that will be stored in the EFI System Resource Table (ESRT).
-- **FirmwareVersion**  The firmware version that will be stored in the EFI System Resource Table (ESRT).
-- **FirstHardwareId**  The ID in the hardware ID list that provides the most specific device description.
-- **FlightIds**  A list of the different Windows Insider builds on the device.
-- **GenericDriver**  Indicates whether the driver is a generic driver.
-- **Inbox**  Indicates whether the driver package is included with Windows.
-- **InstallDate**  The date the driver was installed.
-- **LastCompatibleId**  The ID in the hardware ID list that provides the least specific device description.
-- **LastInstallFunction**  The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing.
-- **LegacyInstallReasonError**  The error code for the legacy installation.
-- **LowerFilters**  The list of lower filter drivers.
-- **MatchingDeviceId**  The hardware ID or compatible ID that Windows used to install the device instance.
-- **NeedReboot**  Indicates whether the driver requires a reboot.
-- **OriginalDriverInfName**  The original name of the INF file before it was renamed.
-- **ParentDeviceInstanceId**  The device instance ID of the parent of the device.
-- **PendedUntilReboot**  Indicates whether the installation is pending until the device is rebooted.
-- **Problem**  Error code returned by the device after installation.
-- **ProblemStatus**  The status of the device after the driver installation.
-- **RebootRequiredReason**  DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install.
-- **SecondaryDevice**  Indicates whether the device is a secondary device.
-- **ServiceName**  The service name of the driver.
-- **SessionGuid**  GUID (Globally Unique IDentifier) for the update session.
-- **SetupMode**  Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed.
-- **StartTime**  The time when the installation started.
-- **SubmissionId**  The driver submission identifier assigned by the Windows Hardware Development Center.
-- **UpperFilters**  The list of upper filter drivers.
-
-
-### Microsoft.Windows.DriverInstall.NewDevInstallDeviceEnd
-
-This event sends data about the driver installation once it is completed. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **DeviceInstanceId**  The unique identifier of the device in the system.
-- **DriverUpdated**  Indicates whether the driver was updated.
-- **Error**  The Win32 error code of the installation.
-- **FlightId**  The ID of the Windows Insider build the device received.
-- **InstallDate**  The date the driver was installed.
-- **InstallFlags**  The driver installation flags.
-- **OptionalData**  Metadata specific to Windows Update (WU) associated with the driver (flight IDs, recovery IDs, etc.)
-- **RebootRequired**  Indicates whether a reboot is required after the installation.
-- **RollbackPossible**  Indicates whether this driver can be rolled back.
-- **WuTargetedHardwareId**  Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update.
-- **WuUntargetedHardwareId**  Indicates that the driver was installed because Windows Update performed a generic driver update for all devices of that hardware class.
-
-
-### Microsoft.Windows.DriverInstall.NewDevInstallDeviceStart
-
-This event sends data about the driver that the new driver installation is replacing. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **DeviceInstanceId**  The unique identifier of the device in the system.
-- **FirstInstallDate**  The first time a driver was installed on this device.
-- **InstallFlags**  Flag indicating how driver setup was called.
-- **LastDriverDate**  Date of the driver that is being replaced.
-- **LastDriverInbox**  Indicates whether the previous driver was included with Windows.
-- **LastDriverInfName**  Name of the INF file (the setup information file) of the driver being replaced.
-- **LastDriverPackageId**  ID of the driver package installed on the device before the current install operation began. ID contains the name + architecture + hash.
-- **LastDriverVersion**  The version of the driver that is being replaced.
-- **LastFirmwareDate**  The date of the last firmware reported from the EFI System Resource Table (ESRT).
-- **LastFirmwareRevision**  The last firmware revision number reported from EFI System Resource Table (ESRT).
-- **LastFirmwareVersion**  The last firmware version reported from the EFI System Resource Table (ESRT).
-- **LastInstallDate**  The date a driver was last installed on this device.
-- **LastMatchingDeviceId**  The hardware ID or compatible ID that Windows last used to install the device instance.
-- **LastProblem**  The previous problem code that was set on the device.
-- **LastProblemStatus**  The previous problem code that was set on the device.
-- **LastSubmissionId**  The driver submission identifier of the driver that is being replaced.
-
-
-## DxgKernelTelemetry events
-
-### DxgKrnlTelemetry.GPUAdapterInventoryV2
-
-This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
-
-The following fields are available:
-
-- **AdapterTypeValue**  The numeric value indicating the type of Graphics adapter.
-- **aiSeqId**  The event sequence ID.
-- **bootId**  The system boot ID.
-- **BrightnessVersionViaDDI**  The version of the Display Brightness Interface.
-- **ComputePreemptionLevel**  The maximum preemption level supported by GPU for compute payload.
-- **DedicatedSystemMemoryB**  The amount of system memory dedicated for GPU use (in bytes).
-- **DedicatedVideoMemoryB**  The amount of dedicated VRAM of the GPU (in bytes).
-- **Display1UMDFilePath**  The file path to the location of the Display User Mode Driver in the Driver Store.
-- **DisplayAdapterLuid**  The display adapter LUID.
-- **DriverDate**  The date of the display driver.
-- **DriverRank**  The rank of the display driver.
-- **DriverVersion**  The display driver version.
-- **DriverWorkarounds**  Numeric value indicating the driver workarounds that are enabled for this device.
-- **DX10UMDFilePath**  The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
-- **DX11UMDFilePath**  The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
-- **DX12UMDFilePath**  The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
-- **DX9UMDFilePath**  The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
-- **GPUDeviceID**  The GPU device ID.
-- **GPUPreemptionLevel**  The maximum preemption level supported by GPU for graphics payload.
-- **GPURevisionID**  The GPU revision ID.
-- **GPUVendorID**  The GPU vendor ID.
-- **InterfaceId**  The GPU interface ID.
-- **IsDisplayDevice**  Does the GPU have displaying capabilities?
-- **IsHwSchEnabled**  Boolean value indicating whether hardware scheduling is enabled.
-- **IsHwSchSupported**  Indicates whether the adapter supports hardware scheduling.
-- **IsHybridDiscrete**  Does the GPU have discrete GPU capabilities in a hybrid device?
-- **IsHybridIntegrated**  Does the GPU have integrated GPU capabilities in a hybrid device?
-- **IsLDA**  Is the GPU comprised of Linked Display Adapters?
-- **IsMiracastSupported**  Does the GPU support Miracast?
-- **IsMismatchLDA**  Is at least one device in the Linked Display Adapters chain from a different vendor?
-- **IsMPOSupported**  Does the GPU support Multi-Plane Overlays?
-- **IsMsMiracastSupported**  Are the GPU Miracast capabilities driven by a Microsoft solution?
-- **IsPostAdapter**  Is this GPU the POST GPU in the device?
-- **IsRemovable**  TRUE if the adapter supports being disabled or removed.
-- **IsRenderDevice**  Does the GPU have rendering capabilities?
-- **IsSoftwareDevice**  Is this a software implementation of the GPU?
-- **KMDFilePath**  The file path to the location of the Display Kernel Mode Driver in the Driver Store.
-- **MeasureEnabled**  Is the device listening to MICROSOFT_KEYWORD_MEASURES?
-- **NumVidPnSources**  The number of supported display output sources.
-- **NumVidPnTargets**  The number of supported display output targets.
-- **SharedSystemMemoryB**  The amount of system memory shared by GPU and CPU (in bytes).
-- **SubSystemID**  The subsystem ID.
-- **SubVendorID**  The GPU sub vendor ID.
-- **TelemetryEnabled**  Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
-- **TelInvEvntTrigger**  What triggered this event to be logged?  Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
-- **version**  The event version.
-- **WDDMVersion**  The Windows Display Driver Model version.
-
-
-## Failover Clustering events
-
-### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
-
-This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
-
-The following fields are available:
-
-- **autoAssignSite**  The cluster parameter: auto site.
-- **autoBalancerLevel**  The cluster parameter: auto balancer level.
-- **autoBalancerMode**  The cluster parameter: auto balancer mode.
-- **blockCacheSize**  The configured size of the block cache.
-- **ClusterAdConfiguration**  The ad configuration of the cluster.
-- **clusterAdType**  The cluster parameter: mgmt_point_type.
-- **clusterDumpPolicy**  The cluster configured dump policy.
-- **clusterFunctionalLevel**  The current cluster functional level.
-- **clusterGuid**  The unique identifier for the cluster.
-- **clusterWitnessType**  The witness type the cluster is configured for.
-- **countNodesInSite**  The number of nodes in the cluster.
-- **crossSiteDelay**  The cluster parameter: CrossSiteDelay.
-- **crossSiteThreshold**  The cluster parameter: CrossSiteThreshold.
-- **crossSubnetDelay**  The cluster parameter: CrossSubnetDelay.
-- **crossSubnetThreshold**  The cluster parameter: CrossSubnetThreshold.
-- **csvCompatibleFilters**  The cluster parameter: ClusterCsvCompatibleFilters.
-- **csvIncompatibleFilters**  The cluster parameter: ClusterCsvIncompatibleFilters.
-- **csvResourceCount**  The number of resources in the cluster.
-- **currentNodeSite**  The name configured for the current site for the cluster.
-- **dasModeBusType**  The direct storage bus type of the storage spaces.
-- **downLevelNodeCount**  The number of nodes in the cluster that are running down-level.
-- **drainOnShutdown**  Specifies whether a node should be drained when it is shut down.
-- **dynamicQuorumEnabled**  Specifies whether dynamic Quorum has been enabled.
-- **enforcedAntiAffinity**  The cluster parameter: enforced anti affinity.
-- **genAppNames**  The win32 service name of a clustered service.
-- **genSvcNames**  The command line of a clustered genapp.
-- **hangRecoveryAction**  The cluster parameter: hang recovery action.
-- **hangTimeOut**  Specifies the “hang time out” parameter for the cluster.
-- **isCalabria**  Specifies whether storage spaces direct is enabled.
-- **isMixedMode**  Identifies if the cluster is running with different version of OS for nodes.
-- **isRunningDownLevel**  Identifies if the current node is running down-level.
-- **logLevel**  Specifies the granularity that is logged in the cluster log.
-- **logSize**  Specifies the size of the cluster log.
-- **lowerQuorumPriorityNodeId**  The cluster parameter: lower quorum priority node ID.
-- **minNeverPreempt**  The cluster parameter: minimum never preempt.
-- **minPreemptor**  The cluster parameter: minimum preemptor priority.
-- **netftIpsecEnabled**  The parameter: netftIpsecEnabled.
-- **NodeCount**  The number of nodes in the cluster.
-- **nodeId**  The current node number in the cluster.
-- **nodeResourceCounts**  Specifies the number of node resources.
-- **nodeResourceOnlineCounts**  Specifies the number of node resources that are online.
-- **numberOfSites**  The number of different sites.
-- **numNodesInNoSite**  The number of nodes not belonging to a site.
-- **plumbAllCrossSubnetRoutes**  The cluster parameter: plumb all cross subnet routes.
-- **preferredSite**  The preferred site location.
-- **privateCloudWitness**  Specifies whether a private cloud witness exists for this cluster.
-- **quarantineDuration**  The quarantine duration.
-- **quarantineThreshold**  The quarantine threshold.
-- **quorumArbitrationTimeout**  In the event of an arbitration event, this specifies the quorum timeout period.
-- **resiliencyLevel**  Specifies the level of resiliency.
-- **resourceCounts**  Specifies the number of resources.
-- **resourceTypeCounts**  Specifies the number of resource types in the cluster.
-- **resourceTypes**  Data representative of each resource type.
-- **resourceTypesPath**  Data representative of the DLL path for each resource type.
-- **sameSubnetDelay**  The cluster parameter: same subnet delay.
-- **sameSubnetThreshold**  The cluster parameter: same subnet threshold.
-- **secondsInMixedMode**  The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
-- **securityLevel**  The cluster parameter: security level.
-- **securityLevelForStorage**  The cluster parameter: security level for storage.
-- **sharedVolumeBlockCacheSize**  Specifies the block cache size for shared for shared volumes.
-- **shutdownTimeoutMinutes**  Specifies the amount of time it takes to time out when shutting down.
-- **upNodeCount**  Specifies the number of nodes that are up (online).
-- **useClientAccessNetworksForCsv**  The cluster parameter: use client access networks for CSV.
-- **vmIsolationTime**  The cluster parameter: VM isolation time.
-- **witnessDatabaseWriteTimeout**  Specifies the timeout period for writing to the quorum witness database.
-
-
-## Fault Reporting events
-
-### Microsoft.Windows.FaultReporting.AppCrashEvent
-
-This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has crashed.
-- **AppSessionGuid**  GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
-- **AppTimeStamp**  The date/time stamp of the app.
-- **AppVersion**  The version of the app that has crashed.
-- **ExceptionCode**  The exception code returned by the process that has crashed.
-- **ExceptionOffset**  The address where the exception had occurred.
-- **Flags**  Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
-- **FriendlyAppName**  The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
-- **IsFatal**  True/False to indicate whether the crash resulted in process termination.
-- **ModName**  Exception module name (e.g. bar.dll).
-- **ModTimeStamp**  The date/time stamp of the module.
-- **ModVersion**  The version of the module that has crashed.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has crashed.
-- **ProcessId**  The ID of the process that has crashed.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported
-- **TargetAsId**  The sequence number for the hanging process.
-
-
-## Feature update events
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
-
-This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **failureReason**  Provides data about the uninstall initialization operation failure.
-- **hr**  Provides the Win32 error code for the operation failure.
-
-
-### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered
-
-This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-## Hang Reporting events
-
-### Microsoft.Windows.HangReporting.AppHangEvent
-
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
-
-The following fields are available:
-
-- **AppName**  The name of the app that has hung.
-- **AppSessionGuid**  GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
-- **AppVersion**  The version of the app that has hung.
-- **IsFatal**  True/False based on whether the hung application caused the creation of a Fatal Hang Report.
-- **PackageFullName**  Store application identity.
-- **PackageRelativeAppId**  Store application identity.
-- **ProcessArchitecture**  Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
-- **ProcessCreateTime**  The time of creation of the process that has hung.
-- **ProcessId**  The ID of the process that has hung.
-- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
-- **TargetAppId**  The kernel reported AppId of the application being reported.
-- **TargetAppVer**  The specific version of the application being reported.
-- **TargetAsId**  The sequence number for the hanging process.
-- **TypeCode**  Bitmap describing the hang type.
-- **WaitingOnAppName**  If this is a cross process hang waiting for an application, this has the name of the application.
-- **WaitingOnAppVersion**  If this is a cross process hang, this has the version of the application for which it is waiting.
-- **WaitingOnPackageFullName**  If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
-- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application id of the package.
-
-
-## Holographic events
-
-### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated
-
-This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **HmdState**  Windows Mixed Reality Headset HMD state.
-- **NewHoloShellState**  Windows Mixed Reality HoloShell state.
-- **PriorHoloShellState**  Windows Mixed Reality state prior to entering to HoloShell.
-- **SimulationEnabled**  Windows Mixed Reality Simulation state.
-
-
-### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated
-
-This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **IsDemoMode**  Windows Mixed Reality Portal app state of demo mode.
-- **IsDeviceSetupComplete**  Windows Mixed Reality Portal app state of device setup completion.
-- **PackageVersion**  Windows Mixed Reality Portal app package version.
-- **PreviousExecutionState**  Windows Mixed Reality Portal app prior execution state.
-- **wilActivity**  Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming
-
-This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### TraceLoggingOasisUsbHostApiProvider.DeviceInformation
-
-This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BootloaderMajorVer**  Windows Mixed Reality device boot loader major version.
-- **BootloaderMinorVer**  Windows Mixed Reality device boot loader minor version.
-- **BootloaderRevisionNumber**  Windows Mixed Reality device boot loader revision number.
-- **BTHFWMajorVer**  Windows Mixed Reality device BTHFW major version. This event also used to count WMR device.
-- **BTHFWMinorVer**  Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device.
-- **BTHFWRevisionNumber**  Windows Mixed Reality device BTHFW revision number.
-- **CalibrationBlobSize**  Windows Mixed Reality device calibration blob size.
-- **CalibrationFwMajorVer**  Windows Mixed Reality device calibration firmware major version.
-- **CalibrationFwMinorVer**  Windows Mixed Reality device calibration firmware minor version.
-- **CalibrationFwRevNum**  Windows Mixed Reality device calibration firmware revision number.
-- **DeviceInfoFlags**  Windows Mixed Reality device info flags.
-- **DeviceName**  Windows Mixed Reality device Name. This event is also used to count WMR device.
-- **DeviceReleaseNumber**  Windows Mixed Reality device release number.
-- **FirmwareMajorVer**  Windows Mixed Reality device firmware major version.
-- **FirmwareMinorVer**  Windows Mixed Reality device firmware minor version.
-- **FirmwareRevisionNumber**  Windows Mixed Reality device calibration firmware revision number.
-- **FpgaFwMajorVer**  Windows Mixed Reality device FPGA firmware major version.
-- **FpgaFwMinorVer**  Windows Mixed Reality device FPGA firmware minor version.
-- **FpgaFwRevisionNumber**  Windows Mixed Reality device FPGA firmware revision number.
-- **FriendlyName**  Windows Mixed Reality device friendly name.
-- **HashedSerialNumber**  Windows Mixed Reality device hashed serial number.
-- **HeaderSize**  Windows Mixed Reality device header size.
-- **HeaderVersion**  Windows Mixed Reality device header version.
-- **LicenseKey**  Windows Mixed Reality device header license key.
-- **Make**  Windows Mixed Reality device make.
-- **ManufacturingDate**  Windows Mixed Reality device manufacturing date.
-- **Model**  Windows Mixed Reality device model.
-- **PresenceSensorHidVendorPage**  Windows Mixed Reality device presence sensor HID vendor page.
-- **PresenceSensorHidVendorUsage**  Windows Mixed Reality device presence sensor HID vendor usage.
-- **PresenceSensorUsbVid**  Windows Mixed Reality device presence sensor USB VId.
-- **ProductBoardRevision**  Windows Mixed Reality device product board revision number.
-- **SerialNumber**  Windows Mixed Reality device serial number.
-
-
-## Inventory events
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
-
-This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Device**  A count of device objects in cache.
-- **DeviceCensus**  A count of device census objects in cache.
-- **DriverPackageExtended**  A count of driverpackageextended objects in cache.
-- **File**  A count of file objects in cache.
-- **FileSigningInfo**  A count of file signing objects in cache.
-- **Generic**  A count of generic objects in cache.
-- **HwItem**  A count of hwitem objects in cache.
-- **InventoryAcpiPhatHealthRecord**  A count of ACPI PHAT health record objects in cache.
-- **InventoryAcpiPhatVersionElement**  A count of ACPI PHAT version element objects in cache.
-- **InventoryApplication**  A count of application objects in cache.
-- **InventoryApplicationAppV**  A count of application AppV objects in cache.
-- **InventoryApplicationDriver**  A count of application driver objects in cache
-- **InventoryApplicationFile**  A count of application file objects in cache.
-- **InventoryApplicationFramework**  A count of application framework objects in cache
-- **InventoryApplicationShortcut**  A count of application shortcut objects in cache
-- **InventoryDeviceContainer**  A count of device container objects in cache.
-- **InventoryDeviceInterface**  A count of Plug and Play device interface objects in cache.
-- **InventoryDeviceMediaClass**  A count of device media objects in cache.
-- **InventoryDevicePnp**  A count of device Plug and Play objects in cache.
-- **InventoryDeviceSensor**  A count of device sensor objects in cache.
-- **InventoryDeviceUsbHubClass**  A count of device usb objects in cache
-- **InventoryDriverBinary**  A count of driver binary objects in cache.
-- **InventoryDriverPackage**  A count of device objects in cache.
-- **InventoryMiscellaneousOfficeAddIn**  A count of office add-in objects in cache
-- **InventoryMiscellaneousOfficeAddInUsage**  A count of office add-in usage objects in cache.
-- **InventoryMiscellaneousOfficeIdentifiers**  A count of office identifier objects in cache
-- **InventoryMiscellaneousOfficeIESettings**  A count of office ie settings objects in cache
-- **InventoryMiscellaneousOfficeInsights**  A count of office insights objects in cache
-- **InventoryMiscellaneousOfficeProducts**  A count of office products objects in cache
-- **InventoryMiscellaneousOfficeSettings**  A count of office settings objects in cache
-- **InventoryMiscellaneousOfficeVBA**  A count of office vba objects in cache
-- **InventoryMiscellaneousOfficeVBARuleViolations**  A count of office vba rule violations objects in cache
-- **InventoryMiscellaneousUUPInfo**  A count of uup info objects in cache
-- **InventoryVersion**  test
-- **Metadata**  A count of metadata objects in cache.
-- **Orphan**  A count of orphan file objects in cache.
-- **Programs**  A count of program objects in cache.
-
-
-### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
-
-This event sends inventory component versions for the Device Inventory data. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **aeinv**  The version of the App inventory component.
-- **devinv**  The file version of the Device inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.FileSigningInfoAdd
-
-This event enumerates the signatures of files, either driver packages or application executables. For driver packages, this data is collected on demand via Telecommand to limit it only to unrecognized driver packages, saving time for the client and space on the server. For applications, this data is collected for up to 10 random executables on a system. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **CatalogSigners**  Signers from catalog. Each signer starts with Chain.
-- **DigestAlgorithm**  The pseudonymizing (hashing) algorithm used when the file or package was signed.
-- **DriverPackageStrongName**  Optional. Available only if FileSigningInfo is collected on a driver package.
-- **EmbeddedSigners**  Embedded signers. Each signer starts with Chain.
-- **FileName**  The file name of the file whose signatures are listed.
-- **FileType**  Either exe or sys, depending on if a driver package or application executable.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Thumbprint**  Comma separated hash of the leaf node of each signer. Semicolon is used to separate CatalogSigners from EmbeddedSigners. There will always be a trailing comma.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
-
-This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AndroidPackageId**  A unique identifier for an Android app.
-- **HiddenArp**  Indicates whether a program hides itself from showing up in ARP.
-- **InstallDate**  The date the application was installed (a best guess based on folder creation date heuristics).
-- **InstallDateArpLastModified**  The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015  00:00:00
-- **InstallDateFromLinkFile**  The estimated date of install based on the links to the files.  Passed as an array.
-- **InstallDateMsi**  The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Language**  The language code of the program.
-- **LattePackageId**  The ID of the Latte package.
-- **MsiInstallDate**  The install date recorded in the program's MSI package.
-- **MsiPackageCode**  A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
-- **MsiProductCode**  A GUID that describe the MSI Product.
-- **Name**  The name of the application.
-- **OSVersionAtInstallTime**  The four octets from the OS version at the time of the application's install.
-- **PackageFullName**  The package full name for a Store application.
-- **ProgramInstanceId**  A hash of the file IDs in an app.
-- **Publisher**  The Publisher of the application. Location pulled from depends on the 'Source' field.
-- **RootDirPath**  The path to the root directory where the program was installed.
-- **Source**  How the program was installed (for example, ARP, MSI, Appx).
-- **StoreAppType**  A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
-- **Type**  One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
-- **Version**  The version number of the program.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
-
-This event represents what drivers an application installs. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory component
-- **ProgramIds**  The unique program identifier the driver is associated with
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
-
-The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory component.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFileAdd
-
-This event provides file-level information about the applications that exist on the system. This event is used to understand the applications on a device to determine if those applications will experience compatibility issues when upgrading Windows.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **BinaryType**  The architecture of the binary (executable) file.
-- **BinFileVersion**  Version information for the binary (executable) file.
-- **BinProductVersion**  The product version provided by the binary (executable) file.
-- **BoeProgramId**  The “bag of evidence” program identifier.
-- **CompanyName**  The company name included in the binary (executable) file.
-- **FileId**  A pseudonymized (hashed) unique identifier derived from the file itself.
-- **FileVersion**  The version of the file.
-- **InventoryVersion**  The version of the inventory component.
-- **Language**  The language declared in the binary (executable) file.
-- **LinkDate**  The compiler link date.
-- **LowerCaseLongPath**  The file path in “long” format.
-- **Name**  The file name.
-- **ProductName**  The product name declared in the binary (executable) file.
-- **ProductVersion**  The product version declared in the binary (executable) file.
-- **ProgramId**  The program identifier associated with the binary (executable) file.
-- **Size**  The size of the binary (executable) file.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
-
-This event provides the basic metadata about the frameworks an application may depend on. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **FileId**  A hash that uniquely identifies a file.
-- **Frameworks**  The list of frameworks this file depends on.
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
-
-This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
-
-This event indicates that a new set of InventoryApplicationAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
-
-This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device). The data collected with this event is used to help keep Windows up to date and to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Categories**  A comma separated list of functional categories in which the container belongs.
-- **DiscoveryMethod**  The discovery method for the device container.
-- **FriendlyName**  The name of the device container.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **IsActive**  Is the device connected, or has it been seen in the last 14 days?
-- **IsConnected**  For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
-- **IsMachineContainer**  Is the container the root device itself?
-- **IsNetworked**  Is this a networked device?
-- **IsPaired**  Does the device container require pairing?
-- **Manufacturer**  The manufacturer name for the device container.
-- **ModelId**  A unique model ID.
-- **ModelName**  The model name.
-- **ModelNumber**  The model number for the device container.
-- **PrimaryCategory**  The primary category for the device container.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
-
-This event indicates that the InventoryDeviceContainer object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
-
-This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
-
-This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Accelerometer3D**  Indicates if an Accelerator3D sensor is found.
-- **ActivityDetection**  Indicates if an Activity Detection sensor is found.
-- **AmbientLight**  Indicates if an Ambient Light sensor is found.
-- **Barometer**  Indicates if a Barometer sensor is found.
-- **Custom**  Indicates if a Custom sensor is found.
-- **EnergyMeter**  Indicates if an Energy sensor is found.
-- **FloorElevation**  Indicates if a Floor Elevation sensor is found.
-- **GeomagneticOrientation**  Indicates if a Geo Magnetic Orientation sensor is found.
-- **GravityVector**  Indicates if a Gravity Detector sensor is found.
-- **Gyrometer3D**  Indicates if a Gyrometer3D sensor is found.
-- **Humidity**  Indicates if a Humidity sensor is found.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **LinearAccelerometer**  Indicates if a Linear Accelerometer sensor is found.
-- **Magnetometer3D**  Indicates if a Magnetometer3D sensor is found.
-- **Orientation**  Indicates if an Orientation sensor is found.
-- **Pedometer**  Indicates if a Pedometer sensor is found.
-- **Proximity**  Indicates if a Proximity sensor is found.
-- **RelativeOrientation**  Indicates if a Relative Orientation sensor is found.
-- **SimpleDeviceOrientation**  Indicates if a Simple Device Orientation sensor is found.
-- **Temperature**  Indicates if a Temperature sensor is found.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
-
-This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
-
-This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Audio.CaptureDriver**  The capture driver endpoint for the audio device.
-- **Audio.RenderDriver**  The render driver for the audio device.
-- **Audio_CaptureDriver**  The Audio device capture driver endpoint.
-- **Audio_RenderDriver**  The Audio device render driver endpoint.
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
-
-This event indicates that the InventoryDeviceMediaClass object represented by the objectInstanceId is no longer present. This event is used to understand a PNP device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
-
-This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
-
-This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **BusReportedDescription**  The description of the device reported by the bux.
-- **Class**  The device setup class of the driver loaded for the device.
-- **ClassGuid**  The device class GUID from the driver package
-- **COMPID**  The device setup class guid of the driver loaded for the device.
-- **ContainerId**  The list of compat ids for the device.
-- **Description**  System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
-- **DeviceDriverFlightId**  The test build (Flight) identifier of the device driver.
-- **DeviceExtDriversFlightIds**  The test build (Flight) identifier for all extended device drivers.
-- **DeviceInterfaceClasses**  The device interfaces that this device implements.
-- **DeviceState**  The device description.
-- **DriverId**  DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present
-- **DriverName**  A unique identifier for the driver installed.
-- **DriverPackageStrongName**  The immediate parent directory name in the Directory field of InventoryDriverPackage
-- **DriverVerDate**  Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
-- **DriverVerVersion**  The immediate parent directory name in the Directory field of InventoryDriverPackage.
-- **Enumerator**  The date of the driver loaded for the device.
-- **ExtendedInfs**  The extended INF file names.
-- **FirstInstallDate**  The first time this device was installed on the machine.
-- **HWID**  The version of the driver loaded for the device.
-- **Inf**  The bus that enumerated the device.
-- **InstallDate**  The date of the most recent installation of the device on the machine.
-- **InstallState**  The device installation state.  One of these values: [DEVICE_INSTALL_STATE enumeration](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
-- **InventoryVersion**  List of hardware ids for the device.
-- **LowerClassFilters**  Lower filter class drivers IDs installed for the device
-- **LowerFilters**  Lower filter drivers IDs installed for the device
-- **Manufacturer**  INF file name (the name could be renamed by OS, such as oemXX.inf)
-- **MatchingID**  Device installation state.
-- **Model**  The version of the inventory binary generating the events.
-- **ParentId**  Lower filter class drivers IDs installed for the device.
-- **ProblemCode**  Lower filter drivers IDs installed for the device.
-- **Provider**  The device manufacturer.
-- **Service**  The device service name
-- **STACKID**  Represents the hardware ID or compatible ID that Windows uses to install a device instance.
-- **UpperClassFilters**  Upper filter drivers IDs installed for the device
-- **UpperFilters**  The device model.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
-
-This event indicates that the InventoryDevicePnpRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
-
-This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorAdd
-
-This event sends basic metadata about sensor devices on a machine. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory binary generating the events.
-- **Manufacturer**  Sensor manufacturer.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorStartSync
-
-This event indicates that a new set of InventoryDeviceSensor events will be sent. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory binary generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
-
-This event sends basic metadata about the USB hubs on the device. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **TotalUserConnectablePorts**  Total number of connectable USB ports.
-- **TotalUserConnectableTypeCPorts**  Total number of connectable USB Type C ports.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
-
-This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
-
-This event sends basic metadata about driver binaries running on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **DriverCheckSum**  The checksum of the driver file.
-- **DriverCompany**  The company name that developed the driver.
-- **DriverInBox**  Is the driver included with the operating system?
-- **DriverIsKernelMode**  Is it a kernel mode driver?
-- **DriverName**  The file name of the driver.
-- **DriverPackageStrongName**  The strong name of the driver package
-- **DriverSigned**  Is the driver signed?
-- **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
-- **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
-- **DriverVersion**  The version of the driver file.
-- **ImageSize**  The size of the driver file.
-- **Inf**  The name of the INF file.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Product**  The product name that is included in the driver file.
-- **ProductVersion**  The product version that is included in the driver file.
-- **Service**  The name of the service that is installed for the device.
-- **WdfVersion**  The Windows Driver Framework version.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
-
-This event indicates that the InventoryDriverBinary object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
-
-This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
-
-This event sends basic metadata about drive packages installed on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Class**  The class name for the device driver.
-- **ClassGuid**  The class GUID for the device driver.
-- **Date**  The driver package date.
-- **Directory**  The path to the driver package.
-- **DriverInBox**  Is the driver included with the operating system?
-- **FlightIds**  Driver Flight IDs.
-- **Inf**  The INF name of the driver package.
-- **InventoryVersion**  The version of the inventory file generating the events.
-- **Provider**  The provider for the driver package.
-- **RecoveryIds**  Driver recovery IDs.
-- **SubmissionId**  The HLK submission ID for the driver package.
-- **Version**  The version of the driver package.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
-
-This event indicates that the InventoryDriverPackageRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
-
-This event indicates that a new set of InventoryDriverPackageAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion**  The version of the inventory file generating the events.
-
-
-### Microsoft.Windows.Inventory.Core.StartUtcJsonTrace
-
-This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
-
-The following fields are available:
-
-- **key**  The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
-
-
-### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
-
-This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
-
-The following fields are available:
-
-- **key**  The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
-
-This event sends details collected for a specific application on the source device. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
-
-This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
-
-This event provides basic information about active memory slots on the device.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Capacity**  Memory size in bytes
-- **Manufacturer**  Name of the DRAM manufacturer
-- **Model**  Model and sub-model of the memory
-- **Slot**  Slot to which the DRAM is plugged into the motherboard.
-- **Speed**  The configured memory slot speed in MHz.
-- **Type**  Reports DDR as an enumeration value per DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails**  Reports Non-volatile as a bit flag enumeration as per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
-
-This diagnostic event indicates a new sync is being generated for this object type.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
-
-This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **Identifier**  UUP identifier
-- **LastActivatedVersion**  Last activated version
-- **PreviousVersion**  Previous version
-- **Source**  UUP source
-- **Version**  UUP version
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
-
-This is a diagnostic event that indicates a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.Checksum
-
-This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **CensusId**  A unique hardware identifier.
-- **ChecksumDictionary**  A count of each operating system indicator.
-- **PCFP**  Equivalent to the InventoryId field that is found in other core events.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
-
-This event represents the basic metadata about the OS indicators installed on the system. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **IndicatorValue**  The indicator value.
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorEndSync
-
-This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events has been sent. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
-## IoT events
-
-### Microsoft.Windows.IoT.Client.CEPAL.MonitorStarted
-
-This event identifies Windows Internet of Things (IoT) devices which are running the CE PAL subsystem by sending data during CE PAL startup. The data collected with this event is used to keep Windows performing properly.
-
-
-
-## Kernel events
-
-### IO
-
-This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
-
-The following fields are available:
-
-- **BytesRead**  The total number of bytes read from or read by the OS upon system startup.
-- **BytesWritten**  The total number of bytes written to or written by the OS upon system startup.
-
-
-### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
-
-This event includes basic data about the Operating System, collected during Boot and used to evaluate the success of the upgrade process. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BootApplicationId**  This field tells us what the OS Loader Application Identifier is.
-- **BootAttemptCount**  The number of consecutive times the boot manager has attempted to boot into this operating system.
-- **BootSequence**  The current Boot ID, used to correlate events related to a particular boot session.
-- **BootStatusPolicy**  Identifies the applicable Boot Status Policy.
-- **BootType**  Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
-- **EventTimestamp**  Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
-- **FirmwareResetReasonEmbeddedController**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonEmbeddedControllerAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonPch**  Reason for system reset provided by firmware.
-- **FirmwareResetReasonPchAdditional**  Additional information on system reset reason provided by firmware if needed.
-- **FirmwareResetReasonSupplied**  Flag indicating that a reason for system reset was provided by firmware.
-- **IO**  Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
-- **LastBootSucceeded**  Flag indicating whether the last boot was successful.
-- **LastShutdownSucceeded**  Flag indicating whether the last shutdown was successful.
-- **MaxAbove4GbFreeRange**  This field describes the largest memory range available above 4Gb.
-- **MaxBelow4GbFreeRange**  This field describes the largest memory range available below 4Gb.
-- **MeasuredLaunchCapable**  Indicates the system is capable of booting with Dynamic Root of Trust for Measurement (DRTM) support.
-- **MeasuredLaunchPrepared**  This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement).
-- **MeasuredLaunchResume**  This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation.
-- **MenuPolicy**  Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
-- **RecoveryEnabled**  Indicates whether recovery is enabled.
-- **TcbLaunch**  Indicates whether the Trusted Computing Base was used during the boot flow.
-- **UserInputTime**  The amount of time the loader application spent waiting for user input.
-
-
-### Microsoft.Windows.Kernel.DeviceConfig.DeviceConfig
-
-This critical device configuration event provides information about drivers for a driver installation that took place within the kernel. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ClassGuid**  The unique ID for the device class.
-- **DeviceInstanceId**  The unique ID for the device on the system.
-- **DriverDate**  The date of the driver.
-- **DriverFlightIds**  The IDs for the driver flights.
-- **DriverInfName**  Driver INF file name.
-- **DriverProvider**  The driver manufacturer or provider.
-- **DriverSubmissionId**  The driver submission ID assigned by the hardware developer center.
-- **DriverVersion**  The driver version number.
-- **ExtensionDrivers**  The list of extension driver INF files, extension IDs, and associated flight IDs.
-- **FirstHardwareId**  The ID in the hardware ID list that provides the most specific device description.
-- **InboxDriver**  Indicates whether the driver package is included with Windows.
-- **InstallDate**  Date the driver was installed.
-- **LastCompatibleId**  The ID in the hardware ID list that provides the least specific device description.
-- **Legacy**  Indicates whether the driver is a legacy driver.
-- **NeedReboot**  Indicates whether the driver requires a reboot.
-- **SetupMode**  Indicates whether the device configuration occurred during the Out Of Box Experience (OOBE).
-- **StatusCode**  The NTSTATUS of device configuration operation.
-
-
-### Microsoft.Windows.Kernel.PnP.AggregateClearDevNodeProblem
-
-This event is sent when a problem code is cleared from a device. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **Count**  The total number of events.
-- **DeviceInstanceId**  The unique identifier of the device on the system.
-- **LastProblem**  The previous problem that was cleared.
-- **LastProblemStatus**  The previous NTSTATUS value that was cleared.
-- **ServiceName**  The name of the driver or service attached to the device.
-
-
-### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem
-
-This event is sent when a new problem code is assigned to a device. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **Count**  The total number of events.
-- **DeviceInstanceId**  The unique identifier of the device in the system.
-- **LastProblem**  The previous problem code that was set on the device.
-- **LastProblemStatus**  The previous NTSTATUS value that was set on the device.
-- **Problem**  The new problem code that was set on the device.
-- **ProblemStatus**  The new NTSTATUS value that was set on the device.
-- **ServiceName**  The driver or service name that is attached to the device.
-
-
-### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown
-
-This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they are expected to. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **temperature**  Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit.
-- **thermalZone**  Contains an identifier that specifies which area it was that exceeded temperature limits.
-
-
-## Microsoft Edge events
-
-### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_sample_rate**  A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **brandCode**  Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **device_sample_rate**  A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName**  A string representation of the installation source.
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample**  A value indicating how the device's data is being sampled.
-- **reactivationBrandCode**  Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **reconsentConfigs**  A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags**  Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_sample_rate**  A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **brandCode**  Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **device_sample_rate**  A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName**  A string representation of the installation source.
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample**  A value indicating how the device's data is being sampled.
-- **reactivationBrandCode**  Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **reconsentConfigs**  A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags**  Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_env**  The environment from which the event was logged when testing; otherwise, the field is omitted or left blank.
-- **app_sample_rate**  A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **brandCode**  Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_localId**  If the device is using Windows Defender Application Guard, this is the Software Quality Metrics (SQM) ID of the container.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **device_sample_rate**  A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName**  A string representation of the installation source.
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample**  A value indicating how the device's data is being sampled.
-- **reactivationBrandCode**  Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **reconsentConfigs**  A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags**  Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_sample_rate**  A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **brandCode**  Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **device_sample_rate**  A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName**  A string representation of the installation source.
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample**  A value indicating how the device's data is being sampled.
-- **reactivationBrandCode**  Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **reconsentConfigs**  A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags**  Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
-
-This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **appAp**  Any additional parameters for the specified application. Default: ''.
-- **appAppId**  The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined.
-- **appBrandCode**  The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
-- **appChannel**  An integer indicating the channel of the installation (i.e. Canary or Dev).
-- **appClientId**  A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
-- **appCohort**  A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortHint**  A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortName**  A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appConsentState**  Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall**  The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
-- **appExperiments**  A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
-- **appInstallTime**  The product install time in seconds. '0' if unknown. Default: '-1'.
-- **appInstallTimeDiffSec**  The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
-- **appLang**  The language of the product install, in IETF BCP 47 representation. Default: ''.
-- **appLastLaunchTime**  The time when browser was last launched.
-- **appNextVersion**  The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
-- **appPingEventAppSize**  The total number of bytes of all downloaded packages. Default: '0'.
-- **appPingEventDoneBeforeOOBEComplete**  Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
-- **appPingEventDownloadMetricsCdnAzureRefOriginShield**  Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. E.g. Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z
-- **appPingEventDownloadMetricsCdnCache**  Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) E.g. HIT from proxy.domain.tld, MISS from proxy.local
-- **appPingEventDownloadMetricsCdnCCC**  ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
-- **appPingEventDownloadMetricsCdnCID**  Numeric value used to internally track the origins of the updated binaries. For example, 2.
-- **appPingEventDownloadMetricsCdnMSEdgeRef**  Used to help correlate client-to-AFD (Azure Front Door) conversations. E.g. Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z
-- **appPingEventDownloadMetricsCdnP3P**  Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. E.g. CP=\"CAO PSA OUR\"
-- **appPingEventDownloadMetricsDownloadedBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsDownloader**  A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
-- **appPingEventDownloadMetricsDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventDownloadMetricsError**  The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
-- **appPingEventDownloadMetricsServerIpHint**  For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadMetricsTotalBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsUrl**  For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventErrorCode**  The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult**  An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'.
-- **appPingEventEventType**  An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information.
-- **appPingEventExtraCode1**  Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventInstallTimeMs**  For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appPingEventNumBytesDownloaded**  The number of bytes downloaded for the specified application. Default: '0'.
-- **appPingEventPackageCacheResult**  Indicates whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key; 2 means there's a cache hit under a different key; 0 means that there's a cache miss; -1 means the field does not apply.
-- **appPingEventSequenceId**  An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
-- **appPingEventSourceUrlIndex**  For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
-- **appPingEventUpdateCheckTimeMs**  For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appReferralHash**  The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
-- **appUpdateCheckIsRollbackAllowed**  Check for status showing whether or not rollback is allowed.
-- **appUpdateCheckIsUpdateDisabled**  The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
-- **appUpdateCheckTargetChannel**  Check for status showing the target release channel.
-- **appUpdateCheckTargetVersionPrefix**  A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
-- **appUpdateCheckTtToken**  An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
-- **appVersion**  The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **eventType**  A string indicating the type of the event. Please see the wiki for additional information.
-- **expDeviceId**  A non-unique resettable device ID to identify a device in experimentation.
-- **expETag**  An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
-- **hwDiskType**  Device’s hardware disk type.
-- **hwHasAvx**  '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse**  '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse2**  '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse3**  '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse41**  '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse42**  '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSsse3**  '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwLogcicalCpus**  Number of logical CPUs of the device. Used for testing only.
-- **hwLogicalCpus**  Number of logical CPUs of the device.
-- **hwPhysmemory**  The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
-- **isMsftDomainJoined**  '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
-- **oemProductManufacturer**  The device manufacturer name.
-- **oemProductName**  The product name of the device defined by device manufacturer.
-- **osArch**  The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
-- **osPlatform**  The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''.
-- **osServicePack**  The secondary version of the operating system. '' if unknown. Default: ''.
-- **osVersion**  The primary version of the operating system. '' if unknown. Default: ''.
-- **requestCheckPeriodSec**  The update interval in seconds. The value is read from the registry. Default: '-1'.
-- **requestDlpref**  A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
-- **requestDomainJoined**  '1' if the machine is part of a managed enterprise domain. Otherwise '0'.
-- **requestInstallSource**  A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
-- **requestIsMachine**  '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
-- **requestOmahaShellVersion**  The version of the Omaha installation folder. Default: ''.
-- **requestOmahaVersion**  The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
-- **requestProtocolVersion**  The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined.
-- **requestRequestId**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''.
-- **requestSessionCorrelationVectorBase**  A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
-- **requestSessionId**  A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''.
-- **requestTestSource**  Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
-- **requestUid**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
-
-
-### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_env**  The environment from which the event was logged when testing; otherwise, the field is omitted or left blank.
-- **app_sample_rate**  A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version**  The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState**  Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **brandCode**  Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
-- **client_id**  A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType**  The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id**  The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id**  The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **device_sample_rate**  A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
-- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName**  A string representation of the installation source.
-- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType**  The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample**  A value indicating how the device's data is being sampled.
-- **reactivationBrandCode**  Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **reconsentConfigs**  A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword.
-- **session_id**  An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags**  Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Microsoft.Edge.Crashpad.CrashEvent
-
-This event sends simple Product and Service Performance data on a crashing Microsoft Edge browser process to help mitigate future instances of the crash.
-
-The following fields are available:
-
-- **app_name**  The name of the crashing process.
-- **app_session_guid**  Encodes the boot session, process id, and process start time.
-- **app_version**  The version of the crashing process.
-- **client_id_hash**  Hash of the browser client ID which helps identify installations.
-- **etag**  Encodes the running experiments in the browser.
-- **module_name**  The name of the module in which the crash originated.
-- **module_offset**  Memory offset into the module in which the crash originated.
-- **module_version**  The version of the module in which the crash originated.
-- **process_type**  The type of the browser process that crashed, e.g., renderer, gpu-process, etc.
-- **stack_hash**  Hash of the stack trace representing the crash. Currently not used or set to zero.
-- **sub_code**  The exception/error code representing the crash.
-
-
-### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
-
-This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
-
-The following fields are available:
-
-- **appAp**  Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''."
-- **appAppId**  The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update.
-- **appBrandCode**  The 4-digit brand code under which the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown).
-- **appChannel**  An integer indicating the channel of the installation (e.g. Canary or Dev).
-- **appClientId**  A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
-- **appCohort**  A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortHint**  A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appCohortName**  A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
-- **appConsentState**  Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall**  The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown).
-- **appExperiments**  A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''.
-- **appIid**  A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete.
-- **appInstallTimeDiffSec**  The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
-- **appLang**  The language of the product install, in IETF BCP 47 representation. Default: ''.
-- **appNextVersion**  The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
-- **appPingEventAppSize**  The total number of bytes of all downloaded packages. Default: '0'.
-- **appPingEventDownloadMetricsDownloadedBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsDownloader**  A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
-- **appPingEventDownloadMetricsDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventDownloadMetricsError**  The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
-- **appPingEventDownloadMetricsServerIpHint**  For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadMetricsTotalBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
-- **appPingEventDownloadMetricsUrl**  For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
-- **appPingEventDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
-- **appPingEventErrorCode**  The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult**  An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error).
-- **appPingEventEventType**  An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown).
-- **appPingEventExtraCode1**  Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventInstallTimeMs**  For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appPingEventNumBytesDownloaded**  The number of bytes downloaded for the specified application. Default: '0'.
-- **appPingEventSequenceId**  An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
-- **appPingEventSourceUrlIndex**  For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag.
-- **appPingEventUpdateCheckTimeMs**  For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
-- **appUpdateCheckIsUpdateDisabled**  The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
-- **appUpdateCheckTargetVersionPrefix**  A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''.
-- **appUpdateCheckTtToken**  An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''.
-- **appVersion**  The version of the product install. Default: '0.0.0.0'.
-- **eventType**  A string representation of appPingEventEventType indicating the type of the event.
-- **hwHasAvx**  '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse**  '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse2**  '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse3**  '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse41**  '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSse42**  '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
-- **hwHasSsse3**  '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
-- **hwPhysmemory**  The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
-- **isMsftDomainJoined**  '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
-- **osArch**  The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
-- **osPlatform**  The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''.
-- **osServicePack**  The secondary version of the operating system. '' if unknown. Default: ''.
-- **osVersion**  The primary version of the operating system. '' if unknown. Default: ''.
-- **requestCheckPeriodSec**  The update interval in seconds. The value is read from the registry. Default: '-1'.
-- **requestDlpref**  A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
-- **requestDomainJoined**  '1' if the device is part of a managed enterprise domain. Otherwise '0'.
-- **requestInstallSource**  A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
-- **requestIsMachine**  '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
-- **requestOmahaShellVersion**  The version of the Omaha installation folder. Default: ''.
-- **requestOmahaVersion**  The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
-- **requestProtocolVersion**  The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined.
-- **requestRequestId**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
-- **requestSessionCorrelationVectorBase**  A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
-- **requestSessionId**  A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''.
-- **requestTestSource**  Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
-- **requestUid**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
-
-
-## Migration events
-
-### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-The following fields are available:
-
-- **currentSid**  Indicates the user SID for which the migration is being performed.
-- **knownFoldersUsr[i]**  Predefined folder path locations.
-- **migDiagSession->CString**  The phase of the upgrade where migration occurs. (E.g.: Validate tracked content)
-- **objectCount**  The count for the number of objects that are being transferred.
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
-
-This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-The following fields are available:
-
-- **knownFoldersSys[i]**  The predefined folder path locations.
-- **migDiagSession->CString**  Identifies the phase of the upgrade where migration happens.
-- **objectCount**  The count of the number of objects that are being transferred.
-
-
-### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
-
-This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
-
-The following fields are available:
-
-- **currentSid**  Indicates the user SID for which the migration is being performed.
-- **knownFoldersUsr[i]**  Predefined folder path locations.
-- **migDiagSession->CString**  The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
-- **objectCount**  The number of objects that are being transferred.
-
-
-## Miracast events
-
-### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
-
-This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AudioChannelCount**  The number of audio channels.
-- **AudioSampleRate**  The sample rate of audio in terms of samples per second.
-- **AudioSubtype**  The unique subtype identifier of the audio codec (encoding method) used for audio encoding.
-- **AverageBitrate**  The average video bitrate used during the Miracast session, in bits per second.
-- **AverageDataRate**  The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second.
-- **AveragePacketSendTimeInMs**  The average time required for the network to send a sample, in milliseconds.
-- **ConnectorType**  The type of connector used during the Miracast session.
-- **EncodeAverageTimeMS**  The average time to encode a frame of video, in milliseconds.
-- **EncodeCount**  The count of total frames encoded in the session.
-- **EncodeMaxTimeMS**  The maximum time to encode a frame, in milliseconds.
-- **EncodeMinTimeMS**  The minimum time to encode a frame, in milliseconds.
-- **EncoderCreationTimeInMs**  The time required to create the video encoder, in milliseconds.
-- **ErrorSource**  Identifies the component that encountered an error that caused a disconnect, if applicable.
-- **FirstFrameTime**  The time (tick count) when the first frame is sent.
-- **FirstLatencyMode**  The first latency mode.
-- **FrameAverageTimeMS**  Average time to process an entire frame, in milliseconds.
-- **FrameCount**  The total number of frames processed.
-- **FrameMaxTimeMS**  The maximum time required to process an entire frame, in milliseconds.
-- **FrameMinTimeMS**  The minimum time required to process an entire frame, in milliseconds.
-- **Glitches**  The number of frames that failed to be delivered on time.
-- **HardwareCursorEnabled**  Indicates if hardware cursor was enabled when the connection ended.
-- **HDCPState**  The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended.
-- **HighestBitrate**  The highest video bitrate used during the Miracast session, in bits per second.
-- **HighestDataRate**  The highest available bandwidth reported by the WiFi driver, in bits per second.
-- **LastLatencyMode**  The last reported latency mode.
-- **LogTimeReference**  The reference time, in tick counts.
-- **LowestBitrate**  The lowest video bitrate used during the Miracast session, in bits per second.
-- **LowestDataRate**  The lowest video bitrate used during the Miracast session, in bits per second.
-- **MediaErrorCode**  The error code reported by the media session, if applicable.
-- **MiracastEntry**  The time (tick count) when the Miracast driver was first loaded.
-- **MiracastM1**  The time (tick count) when the M1 request was sent.
-- **MiracastM2**  The time (tick count) when the M2 request was sent.
-- **MiracastM3**  The time (tick count) when the M3 request was sent.
-- **MiracastM4**  The time (tick count) when the M4 request was sent.
-- **MiracastM5**  The time (tick count) when the M5 request was sent.
-- **MiracastM6**  The time (tick count) when the M6 request was sent.
-- **MiracastM7**  The time (tick count) when the M7 request was sent.
-- **MiracastSessionState**  The state of the Miracast session when the connection ended.
-- **MiracastStreaming**  The time (tick count) when the Miracast session first started processing frames.
-- **ProfileCount**  The count of profiles generated from the receiver M4 response.
-- **ProfileCountAfterFiltering**  The count of profiles after filtering based on available bandwidth and encoder capabilities.
-- **RefreshRate**  The refresh rate set on the remote display.
-- **RotationSupported**  Indicates if the Miracast receiver supports display rotation.
-- **RTSPSessionId**  The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session.
-- **SessionGuid**  The unique identifier of to correlate various Miracast events from a session.
-- **SinkHadEdid**  Indicates if the Miracast receiver reported an EDID.
-- **SupportMicrosoftColorSpaceConversion**  Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver.
-- **SupportsMicrosoftDiagnostics**  Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension.
-- **SupportsMicrosoftFormatChange**  Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension.
-- **SupportsMicrosoftLatencyManagement**  Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension.
-- **SupportsMicrosoftRTCP**  Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension.
-- **SupportsMicrosoftVideoFormats**  Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution.
-- **SupportsWiDi**  Indicates whether Miracast receiver supports Intel WiDi extensions.
-- **TeardownErrorCode**  The error code reason for teardown provided by the receiver, if applicable.
-- **TeardownErrorReason**  The text string reason for teardown provided by the receiver, if applicable.
-- **UIBCEndState**  Indicates whether UIBC was enabled when the connection ended.
-- **UIBCEverEnabled**  Indicates whether UIBC was ever enabled.
-- **UIBCStatus**  The result code reported by the UIBC setup process.
-- **VideoBitrate**  The starting bitrate for the video encoder.
-- **VideoCodecLevel**  The encoding level used for encoding, specific to the video subtype.
-- **VideoHeight**  The height of encoded video frames.
-- **VideoSubtype**  The unique subtype identifier of the video codec (encoding method) used for video encoding.
-- **VideoWidth**  The width of encoded video frames.
-- **WFD2Supported**  Indicates if the Miracast receiver supports WFD2 protocol.
-
-
-## Mixed Reality events
-
-### Microsoft.ML.ONNXRuntime.ProcessInfo
-
-This event collects information when an application loads ONNXRuntime.dll. The data collected with this event is used to keep Windows product and service performing properly.
-
-The following fields are available:
-
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **isRedist**  Indicates if the ONNXRuntime usage is from redistributable package or inbox.
-- **runtimeVersion**  The version number of ONNXRuntime.
-- **schemaVersion**  Blueprint version of how the database is constructed.
-
-
-### Microsoft.ML.ONNXRuntime.RuntimePerf
-
-This event collects information about ONNXRuntime performance. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **AppSessionGuid**  An identifier of a particular application session starting at process creation time and persisting until process end.
-- **schemaVersion**  Blueprint version of how the database is constructed.
-- **sessionId**  Identifier for each created session.
-- **totalRunDuration**  Total running/evaluation time from last time.
-- **totalRuns**  Total number of running/evaluation from last time.
-
-
-### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded
-
-This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **ClassGuid**  Windows Mixed Reality device class GUID.
-- **DeviceInterfaceId**  Windows Mixed Reality device interface ID.
-- **DeviceName**  Windows Mixed Reality device name.
-- **DriverVersion**  Windows Mixed Reality device driver version.
-- **FirmwareVersion**  Windows Mixed Reality firmware version.
-- **Manufacturer**  Windows Mixed Reality device manufacturer.
-- **ModelName**  Windows Mixed Reality device model name.
-- **SerialNumber**  Windows Mixed Reality device serial number.
-
-
-## OneDrive events
-
-### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
-
-This event is related to the OS version when the OS is upgraded with OneDrive installed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CurrentOneDriveVersion**  The current version of OneDrive.
-- **CurrentOSBuildBranch**  The current branch of the operating system.
-- **CurrentOSBuildNumber**  The current build number of the operating system.
-- **CurrentOSVersion**  The current version of the operating system.
-- **HResult**  The HResult of the operation.
-- **SourceOSBuildBranch**  The source branch of the operating system.
-- **SourceOSBuildNumber**  The source build number of the operating system.
-- **SourceOSVersion**  The source version of the operating system.
-
-
-## Other events
-
-### Microsoft.Windows.Test.WindowsCoreTelemetryTestProvider.WindowsCoreTelemetryTestEvent
-
-This is an internal-only test event used to validate the utc.app and telemetry.asm-windowsdefault settings and namespaces before publishing. The provider of this event is assigned to the Windows Core Telemetry group provider in order to test. The data collected with this event is used to keep Windows performing properly
-
-
-
-## Privacy consent logging events
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
-
-This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **presentationVersion**  Which display version of the privacy consent experience the user completed
-- **privacyConsentState**  The current state of the privacy consent experience
-- **settingsVersion**  Which setting version of the privacy consent experience the user completed
-- **userOobeExitReason**  The exit reason of the privacy consent experience
-
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
-
-This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **isAdmin**  whether the person who is logging in is an admin
-- **isExistingUser**  whether the account existed in a downlevel OS
-- **isLaunching**  Whether or not the privacy consent experience will be launched
-- **isSilentElevation**  whether the user has most restrictive UAC controls
-- **privacyConsentState**  whether the user has completed privacy experience
-- **userRegionCode**  The current user's region setting
-
-
-## Sediment events
-
-### Microsoft.Windows.Sediment.Info.DetailedState
-
-This event is sent when detailed state information is needed from an update trial run. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **Data**  Data relevant to the state, such as what percent of disk space the directory takes up.
-- **Id**  Identifies the trial being run, such as a disk related trial.
-- **ReleaseVer**  The version of the component.
-- **State**  The state of the reporting data from the trial, such as the top-level directory analysis.
-- **Time**  The time the event was fired.
-
-
-### Microsoft.Windows.Sediment.Info.PhaseChange
-
-The event indicates progress made by the updater. This information assists in keeping Windows up to date.
-
-The following fields are available:
-
-- **NewPhase**  The phase of progress made.
-- **ReleaseVer**  The version information for the component in which the change occurred.
-- **Time**  The system time at which the phase chance occurred.
-
-
-## Setup events
-
-### SetupPlatformTel.SetupPlatformTelActivityEvent
-
-This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **InstanceID**  This is a unique GUID to track individual instances of SetupPlatform that will help us tie events from a single instance together.
-- **Value**  Value associated with the corresponding event name. For example, time-related events will include the system time
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStarted
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-The following fields are available:
-
-- **Name**  The name of the dynamic update type. Example: GDR driver
-
-
-### SetupPlatformTel.SetupPlatformTelActivityStopped
-
-This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-
-
-
-### SetupPlatformTel.SetupPlatformTelEvent
-
-This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date.
-
-The following fields are available:
-
-- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
-- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
-- **InstanceID**  This is a unique GUID to track individual instances of SetupPlatform that will help us tie events from a single instance together.
-- **Value**  Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
-
-
-## SIH events
-
-### SIHEngineTelemetry.EvalApplicability
-
-This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActionReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
-- **AdditionalReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
-- **CachedEngineVersion**  The engine DLL version that is being used.
-- **EventInstanceID**  A unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **HandlerReasons**  If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
-- **IsExecutingAction**  If the action is presently being executed.
-- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **SihclientVersion**  The client version that is being used.
-- **StandardReasons**  If an action has been assessed as inapplicable, the standard logic the prevented it.
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID**  A unique identifier for the action being acted upon.
-- **WuapiVersion**  The Windows Update API version that is currently installed.
-- **WuaucltVersion**  The Windows Update client version that is currently installed.
-- **WuauengVersion**  The Windows Update engine version that is currently installed.
-- **WUDeviceID**  The unique identifier controlled by the software distribution client.
-
-
-## Software update events
-
-### SoftwareUpdateClientTelemetry.CheckForUpdates
-
-This event sends tracking data about the software distribution client check for content that is applicable to a device, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActivityMatchingId**  Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults**  Indicates if the scan allowed using cached results.
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BranchReadinessLevel**  The servicing branch configured on the device.
-- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CapabilityDetectoidGuid**  The GUID for a hardware applicability detectoid that could not be evaluated.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-- **ClientVersion**  The version number of the software distribution client.
-- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0.
-- **Context**  Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeferralPolicySources**  Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
-- **DeferredUpdates**  Update IDs which are currently being deferred until a later time
-- **DeviceModel**  What is the device model.
-- **DriverError**  The error code hit during a driver scan. This is 0 if no error was encountered.
-- **DriverExclusionPolicy**  Indicates if the policy for not including drivers with Windows Update is enabled.
-- **DriverSyncPassPerformed**  Were drivers scanned this time?
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **ExtendedMetadataCabUrl**  Hostname that is used to download an update.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FailedUpdateGuids**  The GUIDs for the updates that failed to be evaluated during the scan.
-- **FailedUpdatesCount**  The number of updates that failed to be evaluated during the scan.
-- **FeatureUpdateDeferral**  The deferral period configured for feature OS updates on the device (in days).
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FeatureUpdatePausePeriod**  The pause duration configured for feature OS updates on the device (in days).
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
-- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
-- **MSIError**  The last error that was encountered during a scan for updates.
-- **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
-- **NumberOfApplicableUpdates**  The number of updates which were ultimately deemed applicable to the system after the detection process is complete
-- **NumberOfApplicationsCategoryScanEvaluated**  The number of categories (apps) for which an app update scan checked
-- **NumberOfLoop**  The number of round trips the scan required
-- **NumberOfNewUpdatesFromServiceSync**  The number of updates which were seen for the first time in this scan
-- **NumberOfUpdatesEvaluated**  The total number of updates which were evaluated as a part of the scan
-- **NumFailedMetadataSignatures**  The number of metadata signatures checks which failed for new metadata synced down.
-- **Online**  Indicates if this was an online scan.
-- **PausedUpdates**  A list of UpdateIds which that currently being paused.
-- **PauseFeatureUpdatesEndTime**  If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseFeatureUpdatesStartTime**  If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PauseQualityUpdatesEndTime**  If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseQualityUpdatesStartTime**  If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdateDeferral**  The deferral period configured for quality OS updates on the device (in days).
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **QualityUpdatePausePeriod**  The pause duration configured for quality OS updates on the device (in days).
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **ScanDurationInSeconds**  The number of seconds a scan took
-- **ScanEnqueueTime**  The number of seconds it took to initialize a scan
-- **ScanProps**  This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
-- **ServiceUrl**  The environment URL a device is configured to scan with
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
-- **SyncType**  Describes the type of scan the event was
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetMetadataVersion**  For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
-- **TargetReleaseVersion**  The value selected for the target release version policy.
-- **TotalNumMetadataSignatures**  The total number of metadata signatures checks done for new metadata that was synced down.
-- **WebServiceRetryMethods**  Web service method requests that needed to be retried to complete operation.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.Commit
-
-This event sends data on whether the Update Service has been called to execute an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  Device family as defined in the system BIOS
-- **BiosName**  Name of the system BIOS
-- **BiosReleaseDate**  Release date of the system BIOS
-- **BiosSKUNumber**  Device SKU as defined in the system BIOS
-- **BIOSVendor**  Vendor of the system BIOS
-- **BiosVersion**  Version of the system BIOS
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle
-- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  Version number of the software distribution client
-- **DeploymentProviderMode**  The mode of operation of the update deployment provider.
-- **DeviceModel**  Device model as defined in the system bios
-- **EventInstanceID**  A globally unique identifier for event instance
-- **EventScenario**  Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
-- **EventType**  Possible values are &quot;Child&quot;, &quot;Bundle&quot;, &quot;Relase&quot; or &quot;Driver&quot;.
-- **FlightId**  The specific id of the flight the device is getting
-- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
-- **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **SystemBIOSMajorRelease**  Major release version of the system bios
-- **SystemBIOSMinorRelease**  Minor release version of the system bios
-- **UpdateId**  Identifier associated with the specific piece of content
-- **WUDeviceID**  Unique device id controlled by the software distribution client
-
-
-### SoftwareUpdateClientTelemetry.Download
-
-This event sends tracking data about the software distribution client download of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActiveDownloadTime**  Number of seconds the update was actively being downloaded.
-- **AppXBlockHashFailures**  Indicates the number of blocks that failed hash validation during download.
-- **AppXBlockHashValidationFailureCount**  A count of the number of blocks that have failed validation after being downloaded.
-- **AppXDownloadScope**  Indicates the scope of the download for application content.
-- **AppXScope**  Indicates the scope of the app download.
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleBytesDownloaded**  Number of bytes downloaded for the specific content bundle.
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount**  Indicates whether this particular update bundle previously failed.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to download.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **BytesDownloaded**  Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
-- **CachedEngineVersion**  The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CbsDownloadMethod**  Indicates whether the download was a full- or a partial-file download.
-- **CbsMethod**  The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
-- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId**  ID which defines which CDN the software distribution client downloaded the content from.
-- **ClientVersion**  The version number of the software distribution client.
-- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior.
-- **ConnectTime**  Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
-- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeviceModel**  The model of the device.
-- **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
-- **DownloadProps**  Information about the download operation properties in the form of a bitmask.
-- **DownloadScenarioId**  A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events.
-- **DownloadType**  Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
-- **EventType**  Possible values are Child, Bundle, or Driver.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
-- **FlightBuildNumber**  If this download was for a flight (pre-release build), this indicates the build number of that flight.
-- **FlightId**  The specific ID of the flight (pre-release build) the device is getting.
-- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
-- **HandlerType**  Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
-- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **HostName**  The hostname URL the content is downloading from.
-- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6.
-- **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
-- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **NetworkCost**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
-- **NetworkCostBitMask**  Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
-- **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
-- **PackageFullName**  The package name of the content.
-- **PhonePreviewEnabled**  Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
-- **PostDnldTime**  Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **Reason**  A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
-- **RegulationResult**  The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
-- **RepeatFailCount**  Indicates whether this specific content has previously failed.
-- **RepeatFailFlag**  Indicates whether this specific content previously failed to download.
-- **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
-- **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
-- **SizeCalcTime**  Time taken (in seconds) to calculate the total download size of the payload.
-- **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TargetMetadataVersion**  The version of the currently downloading (or most recently downloaded) package.
-- **ThrottlingServiceHResult**  Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
-- **TimeToEstablishConnection**  Time (in milliseconds) it took to establish the connection prior to beginning downloaded.
-- **TotalExpectedBytes**  The total count of bytes that the download is expected to be.
-- **UpdateId**  An identifier associated with the specific piece of content.
-- **UpdateID**  An identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedDO**  Whether the download used the delivery optimization service.
-- **UsedSystemVolume**  Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.DownloadCheckpoint
-
-This event provides a checkpoint between each of the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
-- **EventType**  Possible values are "Child", "Bundle", "Relase" or "Driver"
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough
-- **FileId**  A hash that uniquely identifies a file
-- **FileName**  Name of the downloaded file
-- **FlightId**  The unique identifier for each flight
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RevisionNumber**  Unique revision number of Update
-- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
-- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
-- **UpdateId**  Unique Update ID
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### SoftwareUpdateClientTelemetry.DownloadHeartbeat
-
-This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BytesTotal**  Total bytes to transfer for this content
-- **BytesTransferred**  Total bytes transferred for this content at the time of heartbeat
-- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
-- **ClientVersion**  The version number of the software distribution client
-- **ConnectionStatus**  Indicates the connectivity state of the device at the time of heartbeat
-- **CurrentError**  Last (transient) error encountered by the active download
-- **DownloadFlags**  Flags indicating if power state is ignored
-- **DownloadState**  Current state of the active download for this content (queued, suspended, or progressing)
-- **EventType**  Possible values are "Child", "Bundle", or "Driver"
-- **FlightId**  The unique identifier for each flight
-- **IsNetworkMetered**  Indicates whether Windows considered the current network to be ?metered"
-- **MOAppDownloadLimit**  Mobile operator cap on size of application downloads, if any
-- **MOUpdateDownloadLimit**  Mobile operator cap on size of operating system update downloads, if any
-- **PowerState**  Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby)
-- **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one
-- **ResumeCount**  Number of times this active download has resumed from a suspended state
-- **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
-- **SuspendCount**  Number of times this active download has entered a suspended state
-- **SuspendReason**  Last reason for why this active download entered a suspended state
-- **UpdateId**  Identifier associated with the specific piece of content
-- **WUDeviceID**  Unique device id controlled by the software distribution client
-
-
-### SoftwareUpdateClientTelemetry.Install
-
-This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BiosFamily**  The family of the BIOS (Basic Input Output System).
-- **BiosName**  The name of the device BIOS.
-- **BiosReleaseDate**  The release date of the device BIOS.
-- **BiosSKUNumber**  The sku number of the device BIOS.
-- **BIOSVendor**  The vendor of the BIOS.
-- **BiosVersion**  The version of the BIOS.
-- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount**  Indicates whether this particular update bundle has previously failed.
-- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to install.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **ClientVersion**  The version number of the software distribution client.
-- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
-- **CSIErrorType**  The stage of CBS installation where it failed.
-- **CurrentMobileOperator**  The mobile operator to which the device is currently connected.
-- **DeploymentProviderMode**  The mode of operation of the update deployment provider.
-- **DeviceModel**  The device model.
-- **DriverPingBack**  Contains information about the previous driver and system state.
-- **DriverRecoveryIds**  The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **EventType**  Possible values are Child, Bundle, or Driver.
-- **ExtendedErrorCode**  The extended error code.
-- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBranch**  The branch that a device is on if participating in the Windows Insider Program.
-- **FlightBuildNumber**  If this installation was for a Windows Insider build, this is the build number of that build.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **FlightRing**  The ring that a device is on if participating in the Windows Insider Program.
-- **HandlerType**  Indicates what kind of content is being installed (for example, app, driver, Windows update).
-- **HardwareId**  If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
-- **InstallProps**  A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **IsDependentSet**  Indicates whether the driver is part of a larger System Hardware/Firmware update.
-- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware**  Indicates whether this update is a firmware update.
-- **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
-- **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
-- **MsiAction**  The stage of MSI installation where it failed.
-- **MsiProductCode**  The unique identifier of the MSI installer.
-- **PackageFullName**  The package name of the content being installed.
-- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting being introduced.
-- **ProcessName**  The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailCount**  Indicates whether this specific piece of content has previously failed.
-- **RepeatFailFlag**  Indicates whether this specific piece of content previously failed to install.
-- **RevisionNumber**  The revision number of this specific piece of content.
-- **ServiceGuid**  An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
-- **Setup360Phase**  If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
-- **StatusCode**  Indicates the result of an installation event (success, cancellation, failure code HResult).
-- **SystemBIOSMajorRelease**  Major version of the BIOS.
-- **SystemBIOSMinorRelease**  Minor version of the BIOS.
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode**  The ID that represents a given MSI installation.
-- **UpdateId**  Unique update ID.
-- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedSystemVolume**  Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.Revert
-
-This is a revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BundleId**  Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found.
-- **BundleRepeatFailCount**  Indicates whether this particular update bundle has previously failed.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion**  Version number of the software distribution client.
-- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType**  Stage of CBS installation that failed.
-- **DeploymentProviderMode**  The mode of operation of the update deployment provider.
-- **DriverPingBack**  Contains information about the previous driver and system state.
-- **DriverRecoveryIds**  The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **EventType**  Event type (Child, Bundle, Release, or Driver).
-- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber**  Indicates the build number of the flight.
-- **FlightId**  The specific ID of the flight the device is getting.
-- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware**  Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot**  Indicates whether an initial success was a failure after a reboot.
-- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The previous correlation vector that was used by the client before swapping with a new one.
-- **RepeatFailCount**  Indicates whether this specific piece of content has previously failed.
-- **RevisionNumber**  Identifies the revision number of this specific piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId**  The identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume**  Indicates whether the device's main system storage drive or an alternate storage drive was used.
-- **WUDeviceID**  Unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.TaskRun
-
-This is a start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion**  Version number of the software distribution client.
-- **CmdLineArgs**  Command line arguments passed in by the caller.
-- **EventInstanceID**  A globally unique identifier for the event instance.
-- **EventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **WUDeviceID**  Unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.Uninstall
-
-This is an uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BundleId**  The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount**  Indicates whether this particular update bundle previously failed.
-- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
-- **CallerApplicationName**  Name of the application making the Windows Update request. Used to identify context of request.
-- **ClientVersion**  Version number of the software distribution client.
-- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DeploymentProviderMode**  The mode of operation of the Update Deployment Provider.
-- **DriverPingBack**  Contains information about the previous driver and system state.
-- **DriverRecoveryIds**  The list of identifiers that could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID**  A globally unique identifier for event instance.
-- **EventScenario**  Indicates the purpose of the event (a scan started, succeded, failed, etc.).
-- **EventType**  Indicates the event type. Possible values are &quot;Child&quot;, &quot;Bundle&quot;, &quot;Release&quot; or &quot;Driver&quot;.
-- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber**  Indicates the build number of the flight.
-- **FlightId**  The specific ID of the flight the device is getting.
-- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId**  If the download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware**  Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
-- **RelatedCV**  The previous correlation vector that was used by the client before swapping with a new one.
-- **RepeatFailCount**  Indicates whether this specific piece of content previously failed.
-- **RevisionNumber**  Identifies the revision number of this specific piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId**  Identifier associated with the specific piece of content.
-- **UpdateImportance**  Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume**  Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID**  Unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.UpdateDetected
-
-This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable.
-- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
-- **NumberOfApplicableUpdates**  The number of updates ultimately deemed applicable to the system after the detection process is complete.
-- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
-- **ServiceGuid**  An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
-- **WUDeviceID**  The unique device ID controlled by the software distribution client.
-
-
-### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl**  The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
-- **EventScenario**  The purpose of this event, such as scan started, scan succeeded, or scan failed.
-- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
-- **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode**  The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
-- **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
-- **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
-- **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
-- **RevisionId**  The revision ID for a specific piece of content.
-- **RevisionNumber**  The revision number for a specific piece of content.
-- **ServiceGuid**  Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
-- **SHA256OfLeafCerData**  A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
-- **SHA256OfTimestampToken**  An encoded string of the timestamp token.
-- **SignatureAlgorithm**  The hash algorithm for the metadata signature.
-- **SLSPrograms**  A test program to which a device may have opted in. Example: Insider Fast
-- **StatusCode**  Result code of the event (success, cancellation, failure code HResult)
-- **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
-- **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
-- **UpdateId**  The update ID for a specific piece of content.
-- **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
-
-
-## Surface events
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **batteryData**  Hardware level data about battery performance.
-- **batteryData.data()**  Battery performance data.
-- **BatteryDataSize:**  Size of the battery performance data.
-- **batteryInfo.data()**  Battery performance data.
-- **BatteryInfoSize:**  Battery performance data.
-- **pszBatteryDataXml**  Battery performance data.
-- **szBatteryInfo**  Battery performance data.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
-
-This event includes the hardware level data about battery performance.  The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BPMCurrentlyEngaged**  Instantaneous snapshot if BPM is engaged on device.
-- **BPMExitCriteria**  What is the BPM exit criteria - 20%SOC or 50%SOC?
-- **BPMHvtCountA**  Current HVT count for BPM counter A.
-- **BPMHvtCountB**  Current HVT count for BPM counter B.
-- **bpmOptOutLifetimeCount**  BPM OptOut Lifetime Count.
-- **BPMRsocBucketsHighTemp_Values**  Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMRsocBucketsLowTemp_Values**  Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMRsocBucketsMediumHighTemp_Values**  Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMRsocBucketsMediumLowTemp_Values**  Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMTotalEngagedMinutes**  Total time that BPM was engaged.
-- **BPMTotalEntryEvents**  Total number of times entering BPM.
-- **ComponentId**  Component ID.
-- **FwVersion**  FW version that created this log.
-- **LogClass**  Log Class.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  Log MGR version.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **ProductId**  Product ID.
-- **SeqNum**  Sequence Number.
-- **TimeStamp**  UTC seconds when log was created.
-- **Ver**  Schema version.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_CTT
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BPMKioskModeStartDateInSeconds**  First time Battery Limit was turned on.
-- **BPMKioskModeTotalEngagedMinutes**  Total time Battery Limit was on (SOC value at 50%).
-- **ComponentId**  Component ID.
-- **CTTEqvTimeat35C**  Poll time every minute. Add to lifetime counter based on temperature. Only count time above 80% SOC.
-- **CTTEqvTimeat35CinBPM**  Poll time every minute. Add to lifetime counter based on temperature. Only count time above 55% SOC and when device is in BPM. Round up.
-- **CTTMinSOC1day**  Rolling 1 day minimum SOC. Value set to 0 initially.
-- **CTTMinSOC28day**  Rolling 28 day minimum SOC. Value set to 0 initially.
-- **CTTMinSOC3day**  Rolling 3 day minimum SOC. Value set to 0 initially.
-- **CTTMinSOC7day**  Rolling 7 day minimum SOC. Value set to 0 initially.
-- **CTTStartDateInSeconds**  Start date from when device was starting to be used.
-- **currentAuthenticationState**  Current Authentication State.
-- **FwVersion**  FW version that created this log.
-- **LogClass**  LOG CLASS.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  LOG MGR VERSION.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **newSnFruUpdateCount**  New Sn FRU Update Count.
-- **newSnUpdateCount**  New Sn Update Count.
-- **ProductId**  Product ID.
-- **ProtectionPolicy**  Battery limit engaged. True (0 False).
-- **SeqNum**  Sequence Number.
-- **TimeStamp**  UTC seconds when log was created.
-- **Ver**  Schema version.
-- **VoltageOptimization**  Current CTT reduction in mV.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **cbTimeCell_Values**  cb time for different cells.
-- **ComponentId**  Component ID.
-- **cycleCount**  Cycle Count.
-- **deltaVoltage**  Delta voltage.
-- **eocChargeVoltage_Values**  EOC Charge voltage values.
-- **fullChargeCapacity**  Full Charge Capacity.
-- **FwVersion**  FW version that created this log.
-- **lastCovEvent**  Last Cov event.
-- **lastCuvEvent**  Last Cuv event.
-- **LogClass**  LOG_CLASS.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  LOG_MGR_VERSION.
-- **manufacturerName**  Manufacturer name.
-- **maxChargeCurrent**  Max charge current.
-- **maxDeltaCellVoltage**  Max delta cell voltage.
-- **maxDischargeCurrent**  Max discharge current.
-- **maxTempCell**  Max temp cell.
-- **maxVoltage_Values**  Max voltage values.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **minTempCell**  Min temp cell.
-- **minVoltage_Values**  Min voltage values.
-- **numberOfCovEvents**  Number of Cov events.
-- **numberOfCuvEvents**  Number of Cuv events.
-- **numberOfOCD1Events**  Number of OCD1 events.
-- **numberOfOCD2Events**  Number of OCD2 events.
-- **numberOfQmaxUpdates**  Number of Qmax updates.
-- **numberOfRaUpdates**  Number of Ra updates.
-- **numberOfShutdowns**  Number of shutdowns.
-- **pfStatus_Values**  pf status values.
-- **ProductId**  Product ID.
-- **qmax_Values**  Qmax values for different cells.
-- **SeqNum**  Sequence Number.
-- **TimeStamp**  UTC seconds when log was created.
-- **Ver**  Schema version.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **avgCurrLastRun**  Average current last run.
-- **avgPowLastRun**  Average power last run.
-- **batteryMSPN**  BatteryMSPN
-- **batteryMSSN**  BatteryMSSN.
-- **cell0Ra3**  Cell0Ra3.
-- **cell1Ra3**  Cell1Ra3.
-- **cell2Ra3**  Cell2Ra3.
-- **cell3Ra3**  Cell3Ra3.
-- **ComponentId**  Component ID.
-- **currentAtEoc**  Current at Eoc.
-- **firstPFstatusA**  First PF status-A.
-- **firstPFstatusB**  First PF status-B.
-- **firstPFstatusC**  First PF status-C.
-- **firstPFstatusD**  First PF status-D.
-- **FwVersion**  FW version that created this log.
-- **lastQmaxUpdate**  Last Qmax update.
-- **lastRaDisable**  Last Ra disable.
-- **lastRaUpdate**  Last Ra update.
-- **lastValidChargeTerm**  Last valid charge term.
-- **LogClass**  LOG CLASS.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  LOG MGR VERSION.
-- **maxAvgCurrLastRun**  Max average current last run.
-- **maxAvgPowLastRun**  Max average power last run.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **mfgInfoBlockB01**  MFG info Block B01.
-- **mfgInfoBlockB02**  MFG info Block B02.
-- **mfgInfoBlockB03**  MFG info Block B03.
-- **mfgInfoBlockB04**  MFG info Block B04.
-- **numOfRaDisable**  Number of Ra disable.
-- **numOfValidChargeTerm**  Number of valid charge term.
-- **ProductId**  Product ID.
-- **qmaxCycleCount**  Qmax cycle count.
-- **SeqNum**  Sequence Number.
-- **stateOfHealthEnergy**  State of health energy.
-- **stateOfHealthFcc**  State of health Fcc.
-- **stateOfHealthPercent**  State of health percent.
-- **TimeStamp**  UTC seconds when log was created.
-- **totalFwRuntime**  Total FW runtime.
-- **updateStatus**  Update status.
-- **Ver**  Schema version.
-
-
-### Microsoft.Surface.Health.Binary.Prod.McuHealthLog
-
-This event collects information to keep track of health indicator of the built-in micro controller. For example, the number of abnormal shutdowns due to power issues during boot sequence, type of display panel attached to base, thermal indicator, throttling data in hardware etc. The data collected with this event is used to help keep Windows secure and performing properly.
-
-The following fields are available:
-
-- **CUtility::GetTargetNameA(Target)**  Sub component name.
-- **HealthLog**  Health indicator log.
-- **healthLogSize**  4KB.
-- **productId**  Identifier for product model.
-
-
-## System reset events
-
-### Microsoft.Windows.SysReset.FlightUninstallCancel
-
-This event indicates the customer has cancelled uninstallation of Windows. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-
-
-### Microsoft.Windows.SysReset.FlightUninstallError
-
-This event sends an error code when the Windows uninstallation fails. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **ErrorCode**  Error code for uninstallation failure.
-
-
-### Microsoft.Windows.SysReset.FlightUninstallReboot
-
-This event is sent to signal an upcoming reboot during uninstallation of Windows. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-
-
-### Microsoft.Windows.SysReset.FlightUninstallStart
-
-This event indicates that the Windows uninstallation has started. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-
-
-### Microsoft.Windows.SysReset.FlightUninstallUnavailable
-
-This event sends diagnostic data when the Windows uninstallation is not available. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **AddedProfiles**  Indicates that new user profiles have been created since the flight was installed.
-- **MissingExternalStorage**  Indicates that the external storage used to install the flight is not available.
-- **MissingInfra**  Indicates that uninstall resources are missing.
-- **MovedProfiles**  Indicates that the user profile has been moved since the flight was installed.
-
-
-### Microsoft.Windows.SysReset.HasPendingActions
-
-This event is sent when users have actions that will block the uninstall of the latest quality update. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-
-
-### Microsoft.Windows.SysReset.IndicateLCUWasUninstalled
-
-This event is sent when the registry indicates that the latest cumulative Windows update package has finished uninstalling. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **errorCode**  The error code if there was a failure during uninstallation of the latest cumulative Windows update package.
-
-
-### Microsoft.Windows.SysReset.LCUUninstall
-
-This event is sent when the latest cumulative Windows update was uninstalled on a device. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **errorCode**  An error that occurred while the Windows update package was being uninstalled.
-- **packageName**  The name of the Windows update package that is being uninstalled.
-- **removalTime**  The amount of time it took to uninstall the Windows update package.
-
-
-### Microsoft.Windows.SysReset.PBRBlockedByPolicy
-
-This event is sent when a push-button reset operation is blocked by the System Administrator. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **PBRBlocked**  Reason the push-button reset operation was blocked.
-- **PBRType**  The type of push-button reset operation that was blocked.
-
-
-### Microsoft.Windows.SysReset.PBREngineInitFailed
-
-This event signals a failed handoff between two recovery binaries. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **Operation**  Legacy customer scenario.
-
-
-### Microsoft.Windows.SysReset.PBREngineInitSucceed
-
-This event signals successful handoff between two recovery binaries. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **Operation**  Legacy customer scenario.
-
-
-### Microsoft.Windows.SysReset.PBRFailedOffline
-
-This event reports the error code when recovery fails. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **HRESULT**  Error code for the failure.
-- **PBRType**  The recovery scenario.
-- **SessionID**  The unique ID for the recovery session.
-
-
-### Microsoft.Windows.SystemReset.EsimPresentCheck
-
-This event is sent when a device is checked to see whether it has an embedded SIM (eSIM). The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **errorCode**  Any error that occurred while checking for the presence of an embedded SIM.
-- **esimPresent**  Indicates whether an embedded SIM is present on the device.
-- **sessionID**  The ID of this session.
-
-
-### Microsoft.Windows.SystemReset.PBRCorruptionRepairOption
-
-This event sends corruption repair diagnostic data when the PBRCorruptionRepairOption encounters a corruption error. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **cbsSessionOption**  The corruption repair configuration.
-- **errorCode**  The error code encountered.
-- **meteredConnection**  Indicates whether the device is connected to a metered network (wired or WiFi).
-- **sessionID**  The globally unique identifier (GUID) for the session.
-
-
-### Microsoft.Windows.SystemReset.RepairNeeded
-
-This event provides information about whether a system reset needs repair. The data collected with this event is used to keep Windows performing properly and helps with tracking the health of recovery and OSUninstall scenarios.
-
-The following fields are available:
-
-- **repairNeeded**  Indicates whether there was corruption in the system reset which needs repair.
-- **sessionID**  The ID of this push-button reset session.
-
-
-## UEFI events
-
-### Microsoft.Windows.UEFI.ESRT
-
-This event sends basic data during boot about the firmware loaded or recently installed on the machine. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **DriverFirmwareFilename**  The firmware file name reported by the device hardware key.
-- **DriverFirmwarePolicy**  The optional version update policy value.
-- **DriverFirmwareStatus**  The firmware status reported by the device hardware key.
-- **DriverFirmwareVersion**  The firmware version reported by the device hardware key.
-- **FirmwareId**  The UEFI (Unified Extensible Firmware Interface) identifier.
-- **FirmwareLastAttemptStatus**  The reported status of the most recent firmware installation attempt, as reported by the EFI System Resource Table (ESRT).
-- **FirmwareLastAttemptVersion**  The version of the most recent attempted firmware installation, as reported by the EFI System Resource Table (ESRT).
-- **FirmwareType**  The UEFI (Unified Extensible Firmware Interface) type.
-- **FirmwareVersion**  The UEFI (Unified Extensible Firmware Interface) version as reported by the EFI System Resource Table (ESRT).
-- **InitiateUpdate**  Indicates whether the system is ready to initiate an update.
-- **LastAttemptDate**  The date of the most recent attempted firmware installation.
-- **LastAttemptStatus**  The result of the most recent attempted firmware installation.
-- **LastAttemptVersion**  The version of the most recent attempted firmware installation.
-- **LowestSupportedFirmwareVersion**  The oldest (lowest) version of firmware supported.
-- **MaxRetryCount**  The maximum number of retries, defined by the firmware class key.
-- **RetryCount**  The number of attempted installations (retries), reported by the driver software key.
-- **Status**  The status returned to the PnP (Plug-and-Play) manager.
-- **UpdateAttempted**  Indicates if installation of the current update has been attempted before.
-
-
-## Update Assistant events
-
-### Microsoft.Windows.QualityUpdateAssistant.Applicability
-
-This event sends basic info on whether the device should be updated to the latest cumulative update. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **dayspendingrebootafterfu**  Number of days that have elapsed since the device reached ready to reboot for a Feature Update that is still actively pending reboot.
-- **ExecutionRequestId**  Identifier of the Execution Request that launched the QualityUpdateAssistant process.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **KBNumber**  KBNumber of the update being installed.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Reason**  Provides information on reasons why the update is not applicable to the device.
-- **Result**  Applicability check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck
-
-This event sends basic info on whether the device is ready to download the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExecutionRequestId**  Identifier of the Execution Request that launched the QualityUpdateAssistant process.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **KBNumber**  KBNumber of the update being installed.
-- **PackageVersion**  Current package version of quality update assistant.
-- **Reason**  Indicates why the device did not pass the readiness check.
-- **Result**  Device readiness check for quality update assistant.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Download
-
-This event sends basic info when download of the latest cumulative update begins. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DODownloadHResult**  Result code from Delivery Optimization when used to download the quality update.
-- **DownloadMode**  Indicates how the quality update was downloaded.
-- **ExecutionRequestId**  Identifier of the Execution Request that launched the QualityUpdateAssistant process.
-- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by this device.
-- **HttpsDownloadHResult**  Result code when HTTPS is used to download the quality update.
-- **KBNumber**  KBNumber of the update being installed.
-- **PackageVersion**  Current package version of quality update assistant.
-- **QualityUpdateDeviceHasMinimumUptime**  Indicates whether the device has the minimum uptime required to install a quality update.
-- **Result**  Download of latest cumulative update payload.
-- **Scenario**  Indicates if the installation step succeeded or failed.
-
-
-### Microsoft.Windows.QualityUpdateAssistant.Install
-
-This event sends basic info on the result of the installation of the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **DismInstallHResult**  Internal result code from DISM when used to install the quality update.
-- **ExecutionRequestId**  Identifier of the Execution Request that launched the QualityUpdateAssistant process.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this device.
-- **InstallMode**  Indicates which installation method was used to attempt the install of the quality update.
-- **KBNumber**  KBNumber of the update being installed.
-- **launchretrycounter**  Count of the number of times the install has been retried in the event of a non-successful installation attempt.
-- **PackageVersion**  Current package version of quality update assistant.
-- **QualityUpdateDismErrorCode**  Error code returned when DISM is used to install the quality update.
-- **QualityUpdatePendingRebootAfterInstallStage**  Indicates if the device is pending reboot after install is complete.
-- **QualityUpdateSecondsInstallStage**  Time spent installing the quality update.
-- **QualityUpdateWusaErrorCode**  Error code returned when WUSA is used to install the quality update.
-- **Result**  Install of latest cumulative update payload.
-- **Scenario**  Indicates if the installation step succeeded or failed.
-- **WusaInstallHResult**  Internal result code from WUSA when used to install the quality update.
-
-
-### Microsoft.Windows.Shell.EM.EMCompleted
-
-Event that tracks the effectiveness of an operation to mitigate an issue on devices that meet certain requirements.
-
-The following fields are available:
-
-- **cleanUpScheduledTaskHR**  The result of the operation to clean up the scheduled task the launched the operation.
-- **eulaHashHR**  The result of the operation to generate a hash of the EULA file that's currently on-disk.
-- **mitigationHR**  The result of the operation to take corrective action on a device that's impacted.
-- **mitigationResult**  The enumeration value representing the action that was taken on the device.
-- **mitigationResultReason**  The string value representing the action that was taken on the device.
-- **mitigationSuccessWriteHR**  The result of writing the success value to the registry.
-- **region**  The device's default region at the time of execution.
-- **windowsVersionString**  The version of Windows that was computed at the time of execution.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantCompatCheckResult
-
-This event provides the result of running the compatibility check for update assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantCompatCheckResultOutput**  Output of compatibility check for update assistant.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
-
-This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantAppFilePath**  Path to Update Assistant app.
-- **UpdateAssistantDeviceId**  Device Id of the Update Assistant Candidate Device.
-- **UpdateAssistantExeName**  Exe name running as Update Assistant.
-- **UpdateAssistantExternalId**  External Id of the Update Assistant Candidate Device.
-- **UpdateAssistantIsDeviceCloverTrail**  True/False is the device clovertrail.
-- **UpdateAssistantIsPushing**  True if the update is pushing to the device.
-- **UpdateAssistantMachineId**  Machine Id of the Update Assistant Candidate Device.
-- **UpdateAssistantOsVersion**  Update Assistant OS Version.
-- **UpdateAssistantPartnerId**  Partner Id for Assistant application.
-- **UpdateAssistantReportPath**  Path to report for Update Assistant.
-- **UpdateAssistantStartTime**  Start time for UpdateAssistant.
-- **UpdateAssistantTargetOSVersion**  Update Assistant Target OS Version.
-- **UpdateAssistantUiType**  The type of UI whether default or OOBE.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
-- **UpdateAssistantVersionInfo**  Information about Update Assistant application.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantEULAProperty
-
-This event is set to true at the start of AcceptEULA. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantEULAPropertyGeoId**  Geo Id used to show EULA.
-- **UpdateAssistantEULAPropertyRegion**  Region used to show EULA.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantInteractive
-
-An user action such as button click happens.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantInteractiveObjective**  The objective of the action performed.
-- **UpdateAssistantInteractiveUiAction**  The action performed through UI.
-- **UpdateAssistantVersion**  Current package version of Update Assistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantPostInstallDetails
-
-Information pertaining to post install phase of Update Assistant.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantPostInstallCV**  Correlation vector for update assistant post install.
-- **UpdateAssistantPostInstallUpgradeClientId**  Client id post install.
-- **UpdateAssistantPostInstallUserSignature**  User signature of install.
-- **UpdateAssistantVersion**  Current package version of Update Assistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
-
-Will mark the start of an Update Assistant State.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantStateAcceptEULA**  True at the start of AcceptEULA.
-- **UpdateAssistantStateCheckingCompat**  True at the start of Checking Compat
-- **UpdateAssistantStateCheckingUpgrade**  True at the start of CheckingUpgrade.
-- **UpdateAssistantStateConfirmUninstall**  True at the start of the state Confirm Uninstall.
-- **UpdateAssistantStateDownloading**  True at the start Downloading.
-- **UpdateAssistantStateInitializingApplication**  True at the start of the state InitializingApplication.
-- **UpdateAssistantStateInitializingStates**  True at the start of InitializingStates.
-- **UpdateAssistantStateInstalling**  True at the start of Installing.
-- **UpdateAssistantStatePerformRestart**  True at the start of PerformRestart.
-- **UpdateAssistantStatePostInstall**  True at the start of PostInstall.
-- **UpdateAssistantStateShowingUpdate**  True at the start of Showing Update.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStateGeneralErrorDetails
-
-Details about errors of current state.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantGeneralErrorHResult**  HResult of current state.
-- **UpdateAssistantGeneralErrorOriginalState**  State name of current state.
-- **UpdateAssistantVersion**  Current package version of Update Assistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantUserActionDetails
-
-This event provides details about user action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantUserActionExitingState**  Exiting state name user performed action on.
-- **UpdateAssistantUserActionHResult**  HRESULT of user action.
-- **UpdateAssistantUserActionState**  State name user performed action on.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantDwnldr.UpdateAssistantDownloadDetails
-
-Details about the Update Assistant ESD download.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The counter for all telemetry on the device.
-- **UpdateAssistantDownloadCancelled**  True when the ESD download is cancelled.
-- **UpdateAssistantDownloadDownloadTotalBytes**  The total size in bytes of the download.
-- **UpdateAssistantDownloadEditionMismatch**  True if downloaded ESD doesn't match edition.
-- **UpdateAssistantDownloadESDEncrypted**  True if ESD is encrypted.
-- **UpdateAssistantDownloadIs10s**  True if ESD is 10s.
-- **UpdateAssistantDownloadMessage**  Message from a completed or failed download.
-- **UpdateAssistantDownloadMsgSize**  Size of the download.
-- **UpdateAssistantDownloadNEdition**  True if ESD is N edition.
-- **UpdateAssistantDownloadPath**  Full path to the download.
-- **UpdateAssistantDownloadPathSize**  Size of the path.
-- **UpdateAssistantDownloadProductsXml**  Full path of products xml.
-- **UpdateAssistantDownloadTargetEdition**  The targeted edition for the download.
-- **UpdateAssistantDownloadTargetLanguage**  The targeted language for the download.
-- **UpdateAssistantDownloadUseCatalog**  True if update assistant is using catalog.
-- **UpdateAssistantVersion**  Current package version of Update Assistant.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteBlocked
-
-This event indicates that an update detection has occurred and the targeted install has been blocked. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  A correlation vector.
-- **ExpeditePolicyId**  The policy id of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId**  An Update Id of the LCU expected to be expedited
-- **ExpediteUpdatesInProgress**  A list of update IDs in progress.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version of the label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteCompleted
-
-This event indicates that the update has been completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  A correlation vector.
-- **ExpeditePolicyId**  The policy Id of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId**  The Update Id of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress**  The list of update IDs in progress.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version of the label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteDetectionStarted
-
-This event indicates that the detection phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpeditePolicyId**  The policy ID of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId**  UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress**  List of update IDs in progress.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteDownloadStarted
-
-This event indicates that the download phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  A correlation vector.
-- **ExpeditePolicyId**  The policy Id of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId**  Update Id of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress**  A list of update IDs in progress.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteInstallStarted
-
-This event indicates that the install phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpeditePolicyId**  The policy ID of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId**  UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress**  List of update IDs in progress.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterAlreadyExpectedUbr
-
-This event indicates that the device is already on the expected UBR. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpediteErrorBitMap**  Bit map value for any error code.
-- **ExpeditePolicyId**  The policy id of the expedite request.
-- **ExpediteResult**  Boolean value for success or failure.
-- **ExpediteUpdaterCurrentUbr**  The ubr of the device.
-- **ExpediteUpdaterExpectedUbr**  The expected ubr of the device.
-- **ExpediteUpdaterOfferedUpdateId**  Update Id of the LCU expected to be expedited.
-- **ExpediteUpdaterPolicyRestoreResult**  HRESULT of the policy restore.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterFailedToUpdateToExpectedUbr
-
-This event indicates the expected UBR of the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpediteErrorBitMap**  Bit map value for any error code.
-- **ExpeditePolicyId**  The policy ID of the expedite request.
-- **ExpediteResult**  Boolean value for success or failure.
-- **ExpediteUpdaterOfferedUpdateId**  UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdaterPolicyRestoreResult**  HRESULT of the policy restore.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterRebootComplete
-
-This event indicates that the expedite update is completed with reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpeditePolicyId**  The policy id of the expedite request.
-- **ExpediteResult**  Boolean value for success or failure.
-- **ExpediteUpdaterCurrentUbr**  The ubr of the device.
-- **ExpediteUpdaterOfferedUpdateId**  Update Id of the LCU expected to be expedited.
-- **ExpediteUpdaterPolicyRestoreResult**  HRESULT of the policy restore.
-- **ExpediteUpdatesInProgress**  Comma delimited list of updates in progress.
-- **ExpediteUsoCorrelationVector**  The current USO correlation vector as surfaced from the USO store.
-- **ExpediteUsoLastError**  The last error as surfaced from the USO store.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterRebootRequired
-
-This event indicates that the device has finished servicing and a reboot is required. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpeditePolicyId**  The policy ID of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId**  UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress**  Comma delimited list of update IDs currently being offered.
-- **ExpediteUsoCorrelationVector**  The correlation vector from the USO session.
-- **ExpediteUsoLastError**  Last HResult from the current USO session.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of UpdateHealthTools.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanCompleted
-
-This event sends results of the expedite USO scan. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpediteCbsServicingInProgressStatus**  True if servicing is in progress in cbs for the device.
-- **ExpediteErrorBitMap**  Bit map value for any error code.
-- **ExpeditePolicyId**  The policy ID of the expedite request.
-- **ExpediteResult**  Boolean value for success or failure.
-- **ExpediteScheduledTaskCreated**  Indicates whether the scheduled task was created (true/false).
-- **ExpediteScheduledTaskHresult**  HRESULT for scheduled task creation.
-- **ExpediteUpdaterCurrentUbr**  The UBR of the device.
-- **ExpediteUpdaterExpectedUbr**  The expected UBR of the device.
-- **ExpediteUpdaterMonitorResult**  HRESULT of the USO monitoring.
-- **ExpediteUpdaterOfferedUpdateId**  UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdaterScanResult**  HRESULT of the expedite USO scan.
-- **ExpediteUpdaterUsoResult**  HRESULT of the USO initialization and resume API calls.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-- **UsoFrequencyKey**  Indicates whether the USO frequency key was found on the device (true/false).
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanStarted
-
-Sends telemetry that USO scan has been started.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **ExpediteErrorBitMap**  Bit map value for any error code.
-- **ExpediteHoursOfUpTimeSincePolicy**  The number of hours the device has been active since it received a policy.
-- **ExpeditePolicyId**  The policy Id of the expedite request.
-- **ExpeditePollCount**  Counts the number of polls.
-- **ExpediteResult**  Boolean value for success or failure.
-- **ExpediteUpdaterCurrentUbr**  The UBR of the device.
-- **ExpediteUpdaterExpectedUbr**  The expected UBR of the device.
-- **ExpediteUpdaterOfferedUpdateId**  UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdaterUsoIntiatedScan**  True when USO scan has been called.
-- **ExpediteUsoCorrelationVector**  The correlation vector for the current USO session.
-- **ExpediteUsoLastError**  The last error returned by USO.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version label.
-- **UsoFrequencyKey**  Indicates whether the USO frequency key was found on the device (true/false).
-
-
-### Microsoft.Windows.UpdateHealthTools.UnifiedInstallerEnd
-
-This event indicates that the unified installer has completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  The event counter for telemetry events on the device for currency tools.
-- **PackageVersion**  The package version label for currency tools.
-- **UnifiedInstallerInstallResult**  The final result code for the unified installer.
-- **UnifiedInstallerPlatformResult**  The result code from determination of the platform type.
-- **UnifiedInstallerPlatformType**  The enum indicating the platform type.
-
-
-### Microsoft.Windows.UpdateHealthTools.UnifiedInstallerStart
-
-This event indicates that the installation has started for the unified installer. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  Counts the events at the global level for telemetry.
-- **PackageVersion**  The package version for currency tools.
-- **UnifiedInstallerDeviceAADJoinedHresult**  The result code after checking if device is AAD joined.
-- **UnifiedInstallerDeviceInDssPolicy**  Boolean indicating whether the device is found to be in a DSS policy.
-- **UnifiedInstallerDeviceInDssPolicyHresult**  The result code for checking whether the device is found to be in a DSS policy.
-- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is AADJ.
-- **UnifiedInstallerDeviceIsAdJoined**  Boolean indicating whether a device is AD joined.
-- **UnifiedInstallerDeviceIsAdJoinedHresult**  The result code for checking whether a device is AD joined.
-- **UnifiedInstallerDeviceIsEducationSku**  Boolean indicating whether a device is Education SKU.
-- **UnifiedInstallerDeviceIsEducationSkuHresult**  The result code from checking whether a device is Education SKU.
-- **UnifiedInstallerDeviceIsEnterpriseSku**  Boolean indicating whether a device is Enterprise SKU.
-- **UnifiedInstallerDeviceIsEnterpriseSkuHresult**  The result code from checking whether a device is Enterprise SKU.
-- **UnifiedInstallerDeviceIsHomeSku**  Boolean indicating whether a device is Home SKU.
-- **UnifiedInstallerDeviceIsHomeSkuHresult**  The result code from checking whether device is Home SKU.
-- **UnifiedInstallerDeviceIsMdmManaged**  Boolean indicating whether a device is MDM managed.
-- **UnifiedInstallerDeviceIsMdmManagedHresult**  The result code from checking whether a device is MDM managed.
-- **UnifiedInstallerDeviceIsProSku**  Boolean indicating whether a device is Pro SKU.
-- **UnifiedInstallerDeviceIsProSkuHresult**  The result code from checking whether a device is Pro SKU.
-- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is managed by Configuration Manager.
-- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is managed by Configuration Manager.
-- **UnifiedInstallerDeviceWufbManaged**  Boolean indicating whether a device is managed by Windows Update for Business.
-- **UnifiedInstallerDeviceWufbManagedHresult**  The result code from checking whether a device is is managed by Windows Update for Business.
-- **UnifiedInstallerPlatformResult**  The result code from checking what platform type the device is.
-- **UnifiedInstallerPlatformType**  The enum indicating the type of platform detected.
-- **UnifiedInstUnifiedInstallerDeviceIsHomeSkuHresultllerDeviceIsHomeSku**  The result code from checking whether a device is Home SKU.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsBlobNotificationRetrieved
-
-This event is sent when a blob notification is received. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Counts the number of events for this provider.
-- **PackageVersion**  The package version of the label.
-- **UpdateHealthToolsBlobNotificationNotEmpty**  True if the blob notification is not empty.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsCachedNotificationRetrieved
-
-This event is sent when a notification is received. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  A correlation vector.
-- **GlobalEventCounter**  This is a client side counter that indicates ordering of events sent by the user.
-- **PackageVersion**  The package version of the label.
-- **UpdateHealthToolsBlobNotificationNotEmpty**  A boolean that is true if the blob notification has valid content.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploaded
-
-This event is received when the UpdateHealthTools service uploads device information. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of remediation.
-- **UpdateHealthToolsDeviceUbrChanged**  1 if the Ubr just changed, 0 otherwise.
-- **UpdateHealthToolsDeviceUri**  The URI to be used for push notifications on this device.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploadFailed
-
-This event provides information for device which failed to upload the details. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Telemetry event counter.
-- **PackageVersion**  Version label of the package sending telemetry.
-- **UpdateHealthToolsEnterpriseActionResult**  Result of running the tool expressed as an HRESULT.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationCompleted
-
-This event is received when a push notification has been completed by the UpdateHealthTools service. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of UpdateHealthTools.
-- **UpdateHealthToolsEnterpriseActionResult**  The HRESULT return by the enterprise action.
-- **UpdateHealthToolsEnterpriseActionType**  Enum describing the type of action requested by the push.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationReceived
-
-This event is received when the UpdateHealthTools service receives a push notification. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of UpdateHealthTools.
-- **UpdateHealthToolsDeviceUri**  The URI to be used for push notifications on this device.
-- **UpdateHealthToolsEnterpriseActionType**  Enum describing the type of action requested by the push.
-- **UpdateHealthToolsPushCurrentChannel**  The channel used to receive notification.
-- **UpdateHealthToolsPushCurrentRequestId**  The request ID for the push.
-- **UpdateHealthToolsPushCurrentResults**  The results from the push request.
-- **UpdateHealthToolsPushCurrentStep**  The current step for the push notification.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationStatus
-
-This event is received when there is status on a push notification. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of UpdateHealthTools.
-- **UpdateHealthToolsDeviceUri**  The URI to be used for push notifications on this device.
-- **UpdateHealthToolsEnterpriseActionType**  Enum describing the type of action requested by the push.
-- **UpdateHealthToolsPushCurrentRequestId**  The request ID for the push.
-- **UpdateHealthToolsPushCurrentResults**  The results from the push request.
-- **UpdateHealthToolsPushCurrentStep**  The current step for the push notification
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlobDocumentDetails
-
-The event indicates the details about the blob used for update health tools. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  A correlation vector.
-- **GlobalEventCounter**  This is a client side counter which indicates ordering of events sent by the user.
-- **PackageVersion**  The package version of the label.
-- **UpdateHealthToolsDevicePolicyFileName**  The default name of the policy blob file.
-- **UpdateHealthToolsDssDeviceApiSegment**  The URI segment for reading the DSS device pointer.
-- **UpdateHealthToolsDssDeviceId**  The AAD ID of the device used to create the device ID hash.
-- **UpdateHealthToolsDssDevicePolicyApiSegment**  The segment of the device policy API pointer.
-- **UpdateHealthToolsDssTenantId**  The tenant id of the device used to create the tenant id hash.
-- **UpdateHealthToolsHashedDeviceId**  The SHA256 hash of the device id.
-- **UpdateHealthToolsHashedTenantId**  The SHA256 hash of the device tenant id.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin
-
-The event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  The global event counter counts the total events for the provider.
-- **PackageVersion**  The version for the current package.
-- **UpdateHealthToolsServiceBlockedByNoDSSJoinHr**  The result code returned when checking for is managed by Windows Update for Business cloud membership.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceIsDSSJoin
-
-This event is sent when a device has been detected as DSS device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  A correlation vector.
-- **GlobalEventCounter**  This is a client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  The package version of the label.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceStarted
-
-This event is sent when the service first starts. It is a heartbeat indicating that the service is available on the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV**  Correlation vector.
-- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of remediation.
-
-
-## Update events
-
-### Update360Telemetry.Revert
-
-This event sends data relating to the Revert phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the Revert phase.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RebootRequired**  Indicates reboot is required.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **RevertResult**  The result code returned for the Revert operation.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-
-
-### Update360Telemetry.UpdateAgentCommit
-
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CancelRequested**  Boolean that indicates whether cancel was requested.
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentDownloadRequest
-
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CancelRequested**  Boolean indicating whether a cancel was requested.
-- **ContainsSafeOSDUPackage**  Boolean indicating whether Safe DU packages are part of the payload.
-- **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
-- **DownloadComplete**  Indicates if the download is complete.
-- **DownloadedSizeBundle**  Cumulative size (in bytes) of the downloaded bundle content.
-- **DownloadedSizeCanonical**  Cumulative size (in bytes) of downloaded canonical content.
-- **DownloadedSizeDiff**  Cumulative size (in bytes) of downloaded diff content.
-- **DownloadedSizeExpress**  Cumulative size (in bytes) of downloaded express content.
-- **DownloadedSizePSFX**  Cumulative size (in bytes) of downloaded PSFX content.
-- **DownloadRequests**  Number of times a download was retried.
-- **ErrorCode**  The error code returned for the current download request phase.
-- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
-- **FlightId**  Unique ID for each flight.
-- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
-- **NumberOfHops**  Number of intermediate packages used to reach target version.
-- **ObjectId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **PackageCategoriesSkipped**  Indicates package categories that were skipped, if applicable.
-- **PackageCountOptional**  Number of optional packages requested.
-- **PackageCountRequired**  Number of required packages requested.
-- **PackageCountTotal**  Total number of packages needed.
-- **PackageCountTotalBundle**  Total number of bundle packages.
-- **PackageCountTotalCanonical**  Total number of canonical packages.
-- **PackageCountTotalDiff**  Total number of diff packages.
-- **PackageCountTotalExpress**  Total number of express packages.
-- **PackageCountTotalPSFX**  The total number of PSFX packages.
-- **PackageExpressType**  Type of express package.
-- **PackageSizeCanonical**  Size of canonical packages in bytes.
-- **PackageSizeDiff**  Size of diff packages in bytes.
-- **PackageSizeExpress**  Size of express packages in bytes.
-- **PackageSizePSFX**  The size of PSFX packages, in bytes.
-- **RangeRequestState**  Indicates the range request type used.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the download request phase of update.
-- **SandboxTaggedForReserves**  The sandbox for reserves.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt (same value for initialize, download, install commit phases).
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentExpand
-
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CancelRequested**  Boolean that indicates whether a cancel was requested.
-- **CanonicalRequestedOnError**  Indicates if an error caused a reversion to a different type of compressed update (TRUE or FALSE).
-- **ElapsedTickCount**  Time taken for expand phase.
-- **EndFreeSpace**  Free space after expand phase.
-- **EndSandboxSize**  Sandbox size after expand phase.
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **StartFreeSpace**  Free space before expand phase.
-- **StartSandboxSize**  Sandbox size after expand phase.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInitialize
-
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current install phase.
-- **FlightId**  Unique ID for each flight.
-- **FlightMetadata**  Contains the FlightId and the build being flighted.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  Outcome of the install phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionData**  String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentInstall
-
-This event sends data for the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CancelRequested**  Boolean to indicate whether a cancel was requested.
-- **ErrorCode**  The error code returned for the current install phase.
-- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
-- **FlightId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
-- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
-- **ObjectId**  Correlation vector value generated from the latest USO scan.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  The result for the current install phase.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **UpdatePriority**  Indicates the priority that Update Agent is requested to run in for the install phase of an update.
-
-
-### Update360Telemetry.UpdateAgentMerge
-
-The UpdateAgentMerge event sends data on the merge phase when updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current merge phase.
-- **FlightId**  Unique ID for each flight.
-- **MergeId**  The unique ID to join two update sessions being merged.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Related correlation vector value.
-- **Result**  Outcome of the merge phase of the update.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each attempt.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentMitigationResult
-
-This event sends data indicating the result of each update agent mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  Indicates whether the mitigation is applicable for the current update.
-- **CommandCount**  The number of command operations in the mitigation entry.
-- **CustomCount**  The number of custom operations in the mitigation entry.
-- **FileCount**  The number of file operations in the mitigation entry.
-- **FlightId**  Unique identifier for each flight.
-- **Index**  The mitigation index of this particular mitigation.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **Name**  The friendly name of the mitigation.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **OperationIndex**  The mitigation operation index (in the event of a failure).
-- **OperationName**  The friendly name of the mitigation operation (in the event of failure).
-- **RegistryCount**  The number of registry operations in the mitigation entry.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-- **UpdateId**  Unique ID for each Update.
-
-
-### Update360Telemetry.UpdateAgentMitigationSummary
-
-This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  The count of mitigations that were applicable to the system and scenario.
-- **Failed**  The count of mitigations that failed.
-- **FlightId**  Unique identifier for each flight.
-- **MitigationScenario**  The update scenario in which the mitigations were attempted.
-- **ObjectId**  The unique value for each Update Agent mode.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  The HResult of this operation.
-- **ScenarioId**  The update agent scenario ID.
-- **SessionId**  Unique value for each update attempt.
-- **TimeDiff**  The amount of time spent performing all mitigations (in 100-nanosecond increments).
-- **Total**  Total number of mitigations that were available.
-- **UpdateId**  Unique ID for each update.
-
-
-### Update360Telemetry.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **Mode**  Indicates the mode that has started.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **Version**  Version of update
-
-
-### Update360Telemetry.UpdateAgentOneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Count**  The count of applicable OneSettings for the device.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **ObjectId**  The unique value for each Update Agent mode.
-- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-- **Values**  The values sent back to the device, if applicable.
-
-
-### Update360Telemetry.UpdateAgentPostRebootResult
-
-This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current post reboot phase.
-- **FlightId**  The specific ID of the Windows Insider build the device is getting.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PostRebootResult**  Indicates the Hresult.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **RollbackFailureReason**  Indicates the cause of the rollback.
-- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **UpdateOutputState**  A numeric value indicating the state of the update at the time of reboot.
-
-
-### Update360Telemetry.UpdateAgentReboot
-
-This event sends information indicating that a request has been sent to suspend an update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ErrorCode**  The error code returned for the current reboot.
-- **FlightId**  Unique ID for the flight (test instance version).
-- **IsSuspendable**  Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE.
-- **ObjectId**  The unique value for each Update Agent mode.
-- **Reason**  Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0.
-- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
-- **Result**  The HResult of the event.
-- **ScenarioId**  The ID of the update scenario.
-- **SessionId**  The ID of the update attempt.
-- **UpdateId**  The ID of the update.
-- **UpdateState**  Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit.
-
-
-### Update360Telemetry.UpdateAgentSetupBoxLaunch
-
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ContainsExpressPackage**  Indicates whether the download package is express.
-- **FlightId**  Unique ID for each flight.
-- **FreeSpace**  Free space on OS partition.
-- **InstallCount**  Number of install attempts using the same sandbox.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **Quiet**  Indicates whether setup is running in quiet mode.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **SandboxSize**  Size of the sandbox.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **SetupMode**  Mode of setup to be launched.
-- **UpdateId**  Unique ID for each Update.
-- **UserSession**  Indicates whether install was invoked by user actions.
-
-
-## Update notification events
-
-### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat
-
-This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CampaignConfigVersion**  Configuration version for the current campaign.
-- **CampaignID**  Currently campaign that is running on Update Notification Pipeline (UNP).
-- **ConfigCatalogVersion**  Current catalog version of UNP.
-- **ContentVersion**  Content version for the current campaign on UNP.
-- **CV**  Correlation vector.
-- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
-- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
-- **PackageVersion**  Current UNP package version.
-
-
-## Upgrade events
-
-### FacilitatorTelemetry.DCATDownload
-
-This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **DownloadSize**  Download size of payload.
-- **ElapsedTime**  Time taken to download payload.
-- **MediaFallbackUsed**  Used to determine if we used Media CompDBs to figure out package requirements for the upgrade.
-- **ResultCode**  Result returned by the Facilitator DCAT call.
-- **Scenario**  Dynamic update scenario (Image DU, or Setup DU).
-- **Type**  Type of package that was downloaded.
-- **UpdateId**  The ID of the update that was downloaded.
-
-
-### FacilitatorTelemetry.DUDownload
-
-This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PackageCategoriesFailed**  Lists the categories of packages that failed to download.
-- **PackageCategoriesSkipped**  Lists the categories of package downloads that were skipped.
-
-
-### FacilitatorTelemetry.InitializeDU
-
-This event determines whether devices received additional or critical supplemental content during an OS upgrade. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DCATUrl**  The Delivery Catalog (DCAT) URL we send the request to.
-- **DownloadRequestAttributes**  The attributes we send to DCAT.
-- **ResultCode**  The result returned from the initiation of Facilitator with the URL/attributes.
-- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
-- **Url**  The Delivery Catalog (DCAT) URL we send the request to.
-- **Version**  Version of Facilitator.
-
-
-### Setup360Telemetry.Downlevel
-
-This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ClientId**  If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the downlevel OS.
-- **HostOsSkuName**  The operating system edition which is running Setup360 instance (downlevel OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
-- **Setup360Result**  The result of Setup360 (HRESULT used to diagnose errors).
-- **Setup360Scenario**  The Setup360 flow type (for example, Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  An ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
-
-
-### Setup360Telemetry.Finalize
-
-This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  More detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.OsUninstall
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase or action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PostRebootInstall
-
-This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
-
-
-### Setup360Telemetry.PreDownloadQuiet
-
-This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous operating system).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreDownloadUX
-
-This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **HostOSBuildNumber**  The build number of the previous operating system.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous operating system).
-- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
-- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  ID that uniquely identifies a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.PreInstallQuiet
-
-This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
-- **Setup360Scenario**  Setup360 flow type (Boot, Media, Update, MCT).
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-### Setup360Telemetry.PreInstallUX
-
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date.  Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
-
-The following fields are available:
-
-- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
-- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type, Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  Windows Update client ID.
-
-
-### Setup360Telemetry.Setup360
-
-This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **ClientId**  Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FieldName**  Retrieves the data point.
-- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
-- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **ReportId**  Retrieves the report ID.
-- **ScenarioId**  Retrieves the deployment scenario.
-- **Value**  Retrieves the value associated with the corresponding FieldName.
-
-
-### Setup360Telemetry.Setup360DynamicUpdate
-
-This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
-- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **Operation**  Facilitator’s last known operation (scan, download, etc.).
-- **ReportId**  ID for tying together events stream side.
-- **ResultCode**  Result returned for the entire setup operation.
-- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
-- **ScenarioId**  Identifies the update scenario.
-- **TargetBranch**  Branch of the target OS.
-- **TargetBuild**  Build of the target OS.
-
-
-### Setup360Telemetry.Setup360MitigationResult
-
-This event sends data indicating the result of each setup mitigation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  TRUE if the mitigation is applicable for the current update.
-- **ClientId**  In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **CommandCount**  The number of command operations in the mitigation entry.
-- **CustomCount**  The number of custom operations in the mitigation entry.
-- **FileCount**  The number of file operations in the mitigation entry.
-- **FlightData**  The unique identifier for each flight (test release).
-- **Index**  The mitigation index of this particular mitigation.
-- **InstanceId**  The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **Name**  The friendly (descriptive) name of the mitigation.
-- **OperationIndex**  The mitigation operation index (in the event of a failure).
-- **OperationName**  The friendly (descriptive) name of the mitigation operation (in the event of failure).
-- **RegistryCount**  The number of registry operations in the mitigation entry.
-- **ReportId**  In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
-- **Result**  HResult of this operation.
-- **ScenarioId**  Setup360 flow type.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-
-
-### Setup360Telemetry.Setup360MitigationSummary
-
-This event sends a summary of all the setup mitigations available for this update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Applicable**  The count of mitigations that were applicable to the system and scenario.
-- **ClientId**  The Windows Update client ID passed to Setup.
-- **Failed**  The count of mitigations that failed.
-- **FlightData**  The unique identifier for each flight (test release).
-- **InstanceId**  The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
-- **MitigationScenario**  The update scenario in which the mitigations were attempted.
-- **ReportId**  In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
-- **Result**  HResult of this operation.
-- **ScenarioId**  Setup360 flow type.
-- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
-- **Total**  The total number of mitigations that were available.
-
-
-### Setup360Telemetry.Setup360OneSettings
-
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The Windows Update client ID passed to Setup.
-- **Count**  The count of applicable OneSettings for the device.
-- **FlightData**  The ID for the flight (test instance version).
-- **InstanceId**  The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
-- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
-- **ReportId**  The Update ID passed to Setup.
-- **Result**  The HResult of the event error.
-- **ScenarioId**  The update scenario ID.
-- **Values**  Values sent back to the device, if applicable.
-
-
-### Setup360Telemetry.UnexpectedEvent
-
-This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData**  Unique value that identifies the flight.
-- **HostOSBuildNumber**  The build number of the previous OS.
-- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
-- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
-- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
-- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
-- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
-- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
-- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
-- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
-- **TestId**  A string to uniquely identify a group of events.
-- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
-
-
-## Windows as a Service diagnostic events
-
-### Microsoft.Windows.WaaSMedic.DetectionFailed
-
-This event is sent when WaaSMedic fails to apply the named diagnostic. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **diagnostic**  Parameter where the diagnostic failed.
-- **hResult**  Error code from attempting the diagnostic.
-- **isDetected**  Flag indicating whether the condition was detected.
-- **pluginName**  Name of the attempted diagnostic.
-- **versionString**  The version number of the remediation engine.
-
-
-### Microsoft.Windows.WaaSMedic.RemediationFailed
-
-This event is sent when the WaaS Medic update stack remediation tool fails to apply a described resolution to a problem that is blocking Windows Update from operating correctly on a target device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **diagnostic**  Parameter where the resolution failed.
-- **hResult**  Error code that resulted from attempting the resolution.
-- **isRemediated**  Indicates whether the condition was remediated.
-- **pluginName**  Name of the attempted resolution.
-- **versionString**  Version of the engine.
-
-
-### Microsoft.Windows.WaaSMedic.SummaryEvent
-
-This event provides the result of the WaaSMedic operation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **callerApplication**  The name of the calling application.
-- **capsuleCount**  The number of Sediment Pack capsules.
-- **capsuleFailureCount**  The number of capsule failures.
-- **detectionSummary**  Result of each applicable detection that was run.
-- **featureAssessmentImpact**  WaaS Assessment impact for feature updates.
-- **hrEngineBlockReason**  Indicates the reason for stopping WaaSMedic.
-- **hrEngineResult**  Error code from the engine operation.
-- **hrLastSandboxError**  The last error sent by the WaaSMedic sandbox.
-- **initSummary**  Summary data of the initialization method.
-- **isInteractiveMode**  The user started a run of WaaSMedic.
-- **isManaged**  Device is managed for updates.
-- **isWUConnected**  Device is connected to Windows Update.
-- **noMoreActions**  No more applicable diagnostics.
-- **pluginFailureCount**  The number of plugins that have failed.
-- **pluginsCount**  The number of plugins.
-- **qualityAssessmentImpact**  WaaS Assessment impact for quality updates.
-- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
-- **usingBackupFeatureAssessment**  Relying on backup feature assessment.
-- **usingBackupQualityAssessment**  Relying on backup quality assessment.
-- **usingCachedFeatureAssessment**  WaaS Medic run did not get OS build age from the network on the previous run.
-- **usingCachedQualityAssessment**  WaaS Medic run did not get OS revision age from the network on the previous run.
-- **versionString**  Version of the WaaSMedic engine.
-- **waasMedicRunMode**  Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
-
-
-## Windows Error Reporting events
-
-### Microsoft.Windows.WERVertical.OSCrash
-
-This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
-
-The following fields are available:
-
-- **BootId**  Uint32 identifying the boot number for this device.
-- **BugCheckCode**  Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
-- **BugCheckParameter1**  Uint64 parameter providing additional information.
-- **BugCheckParameter2**  Uint64 parameter providing additional information.
-- **BugCheckParameter3**  Uint64 parameter providing additional information.
-- **BugCheckParameter4**  Uint64 parameter providing additional information.
-- **DumpFileAttributes**  Codes that identify the type of data contained in the dump file
-- **DumpFileSize**  Size of the dump file
-- **IsValidDumpFile**  True if the dump file is valid for the debugger, false otherwise
-- **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
-
-
-### Value
-
-This event returns data about Mean Time to Failure (MTTF) for Windows devices. It is the primary means of estimating reliability problems in Basic Diagnostic reporting with very strong privacy guarantees. Since Basic Diagnostic reporting does not include system up-time, and since that information is important to ensuring the safe and stable operation of Windows, the data provided by this event provides that data in a manner which does not threaten a user’s privacy. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **Algorithm**  The algorithm used to preserve privacy.
-- **DPRange**  The upper bound of the range being measured.
-- **DPValue**  The randomized response returned by the client.
-- **Epsilon**  The level of privacy to be applied.
-- **HistType**  The histogram type if the algorithm is a histogram algorithm.
-- **PertProb**  The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”.
-
-
-## Windows Error Reporting MTT events
-
-### Microsoft.Windows.WER.MTT.Denominator
-
-This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date.
-
-The following fields are available:
-
-- **Value**  Standard UTC emitted DP value structure See [Value](#value).
-
-
-## Windows Hardware Error Architecture events
-
-### WheaProvider.WheaErrorRecord
-
-This event collects data about common platform hardware error recorded by the Windows Hardware Error Architecture (WHEA) mechanism. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **creatorId**  The unique identifier for the entity that created the error record.
-- **errorFlags**  Any flags set on the error record.
-- **notifyType**  The unique identifier for the notification mechanism which reported the error to the operating system.
-- **partitionId**  The unique identifier for the partition on which the hardware error occurred.
-- **platformId**  The unique identifier for the platform on which the hardware error occurred.
-- **record**  A collection of binary data containing the full error record.
-- **recordId**  The identifier of the error record.
-- **sectionFlags**  The flags for each section recorded in the error record.
-- **sectionTypes**  The unique identifier that represents the type of sections contained in the error record.
-- **severityCount**  The severity of each individual section.
-- **timeStamp**  The error time stamp as recorded in the error record.
-
-
-## Windows Security Center events
-
-### Microsoft.Windows.Security.WSC.DatastoreMigratedVersion
-
-This event provides information about the datastore migration and whether it was successful. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **datastoreisvtype**  The product category of the datastore.
-- **datastoremigrated**  The version of the datastore that was migrated.
-- **status**  The result code of the migration.
-
-
-### Microsoft.Windows.Security.WSC.GetCallerViaWdsp
-
-This event returns data if the registering product EXE (executable file) does not allow COM (Component Object Model) impersonation. The data collected with this event is used to help keep Windows secure and performing properly.
-
-The following fields are available:
-
-- **callerExe**  The registering product EXE that does not support COM impersonation.
-
-
-## Windows Store events
-
-### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
-
-This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The Item Bundle ID.
-- **CategoryId**  The Item Category ID.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Was this a mandatory update?
-- **IsRemediation**  Was this a remediation install?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Flag indicating if this is an update.
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The product family name of the product being installed.
-- **ProductId**  The identity of the package or packages being installed.
-- **SystemAttemptNumber**  The total number of automatic attempts at installation before it was canceled.
-- **UserAttemptNumber**  The total number of user attempts at installation before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
-
-This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
-
-This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
-
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
-
-This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all package or packages to be downloaded and installed.
-- **AttemptNumber**  Total number of installation attempts.
-- **BundleId**  The identity of the Windows Insider build that is associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Was this requested by a user?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this an automatic restore of a previously acquired product?
-- **IsUpdate**  Is this a product update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of all packages to be downloaded and installed.
-- **PreviousHResult**  The previous HResult code.
-- **PreviousInstallState**  Previous installation state before it was canceled.
-- **ProductId**  The name of the package or packages requested for installation.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  Total number of automatic attempts to install before it was canceled.
-- **UserAttemptNumber**  Total number of user attempts to install before it was canceled.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
-
-This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The Store Product ID of the app being installed.
-- **HResult**  HResult code of the action being performed.
-- **IsBundle**  Is this a bundle?
-- **PackageFamilyName**  The name of the package being installed.
-- **ProductId**  The Store Product ID of the product being installed.
-- **SkuId**  Specific edition of the item being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
-
-This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  Includes a set of package full names for each app that is part of an atomic set.
-- **AttemptNumber**  The total number of attempts to acquire this product.
-- **BundleId**  The bundle ID
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  HResult code to show the result of the operation (success/failure).
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Did the user initiate the installation?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this happening after a device restore?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to acquire this product.
-- **UserAttemptNumber**  The number of attempts by the user to acquire this product
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
-
-This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  Number of retry attempts before it was canceled.
-- **BundleId**  The identity of the Windows Insider build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **DownloadSize**  The total size of the download.
-- **ExtendedHResult**  Any extended HResult error codes.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this initiated by the user?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this a restore of a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
-- **PFN**  The Product Family Name of the app being download.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The number of attempts by the system to download.
-- **UserAttemptNumber**  The number of attempts by the user to download.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
-
-This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
-
-This event is sent after sending the inventory of the products installed to determine whether updates for those products are available.  It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed before this operation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
-
-This event is sent after a product has been installed to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **ExtendedHResult**  The extended HResult error code.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this an interactive installation?
-- **IsMandatory**  Is this a mandatory installation?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this automatically restoring a previously acquired product?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  Product Family Name of the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
-
-This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsApplicability**  Is this request to only check if there are any applicable packages to install?
-- **IsInteractive**  Is this user requested?
-- **IsOnline**  Is the request doing an online check?
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
-
-This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
-
-This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of system attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
-
-This event is sent after a scan for available app updates to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **HResult**  The result code of the last action performed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
-
-This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The name of the product catalog from which this app was chosen.
-- **FailedRetry**  Indicates whether the installation or update retry was successful.
-- **HResult**  The HResult code of the operation.
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **ProductId**  The product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
-
-This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The name of the product catalog from which this app was chosen.
-- **FulfillmentPluginId**  The ID of the plugin needed to install the package type of the product.
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **PluginTelemetryData**  Diagnostic information specific to the package-type plug-in.
-- **ProductId**  The product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
-
-This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **BundleId**  The identity of the build associated with this product.
-- **CatalogId**  If this product is from a private catalog, the Store Product ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specific edition ID being installed.
-- **VolumePath**  The disk path of the installation.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
-
-This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The total number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The Product Full Name.
-- **PreviousHResult**  The result code of the last action performed before this operation.
-- **PreviousInstallState**  Previous state before the installation or update was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector of a previous performed action on this product.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
-
-This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
-- **AttemptNumber**  The number of retry attempts before it was canceled.
-- **BundleId**  The identity of the build associated with this product.
-- **CategoryId**  The identity of the package or packages being installed.
-- **ClientAppId**  The identity of the app that initiated this operation.
-- **HResult**  The result code of the last action performed before this operation.
-- **IsBundle**  Is this a bundle?
-- **IsInteractive**  Is this user requested?
-- **IsMandatory**  Is this a mandatory update?
-- **IsRemediation**  Is this repairing a previous installation?
-- **IsRestore**  Is this restoring previously acquired content?
-- **IsUpdate**  Is this an update?
-- **IsUserRetry**  Did the user initiate the retry?
-- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
-- **PFN**  The name of the package or packages requested for install.
-- **PreviousHResult**  The previous HResult error code.
-- **PreviousInstallState**  Previous state before the installation was paused.
-- **ProductId**  The Store Product ID for the product being installed.
-- **RelatedCV**  Correlation Vector for the original install before it was resumed.
-- **ResumeClientId**  The ID of the app that initiated the resume operation.
-- **SystemAttemptNumber**  The total number of system attempts.
-- **UserAttemptNumber**  The total number of user attempts.
-- **WUContentId**  The Windows Update content ID.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
-
-This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **ProductId**  The Store Product ID for the product being installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
-
-This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The Store Catalog ID for the product being installed.
-- **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specfic edition of the app being updated.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.StateTransition
-
-Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CatalogId**  The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog.
-- **FulfillmentPluginId**  The ID of the plugin needed to install the package type of the product.
-- **HResult**  The resulting HResult error/success code of this operation.
-- **NewState**  The current fulfillment state of this product.
-- **PFN**  The Package Family Name of the app that is being installed or updated.
-- **PluginLastStage**  The most recent product fulfillment step that the plug-in has reported (different than its state).
-- **PluginTelemetryData**  Diagnostic information specific to the package-type plug-in.
-- **Prevstate**  The previous fulfillment state of this product.
-- **ProductId**  Product ID of the app that is being updated or installed.
-
-
-### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
-
-This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
-
-The following fields are available:
-
-- **PFamN**  The name of the app that is requested for update.
-
-
-## Windows Update CSP events
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed
-
-This event sends basic telemetry on the failure of the Feature Rollback. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **hResult**  Failure error code.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice**  This is the device info.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable
-
-This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice**  Represents the device info.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted
-
-This event sends basic information indicating that Feature Rollback has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityFailed
-
-This event sends basic telemetry on the failure of the rollback of the Quality/LCU builds. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **hResult**  Failure Error code.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice**  Release Channel.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityNotApplicable
-
-This event informs you whether a rollback of Quality updates is applicable to the devices that you are attempting to rollback. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **current**  Result of currency check.
-- **dismOperationSucceeded**  Dism uninstall operation status.
-- **oSVersion**  Build number of the device.
-- **paused**  Indicates whether the device is paused.
-- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice**  Device in the General Availability Channel.
-- **wUfBConnected**  Result of Windows Update for Business connection check.
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityStarted
-
-This event indicates that the Quality Rollback process has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualitySucceeded
-
-This event sends basic telemetry on the success of the rollback of the Quality/LCU builds. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-## Windows Update Delivery Optimization events
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
-
-This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download being done in the background?
-- **bytesFromCacheServer**  Bytes received from a cache host.
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same group.
-- **bytesFromLinkLocalPeers**  The number of bytes received from local peers.
-- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp**  The IP Address of the source CDN (Content Delivery Network).
-- **cdnUrl**  The URL of the source CDN (Content Delivery Network).
-- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **gCurMemoryStreamBytes**  Current usage for memory streaming.
-- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **predefinedCallerName**  The name of the API Caller.
-- **reasonCode**  Reason the action or event occurred.
-- **routeToCacheServer**  The cache server setting, source, and value.
-- **sessionID**  The ID of the file download session.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
-
-This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **bytesFromCacheServer**  Bytes received from a cache host.
-- **bytesFromCDN**  The number of bytes received from a CDN source.
-- **bytesFromGroupPeers**  The number of bytes received from a peer in the same domain group.
-- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same domain group.
-- **bytesFromLinkLocalPeers**  The number of bytes received from local peers.
-- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
-- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
-- **bytesRequested**  The total number of bytes requested for download.
-- **cacheServerConnectionCount**  Number of connections made to cache hosts.
-- **cdnConnectionCount**  The total number of connections made to the CDN.
-- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp**  The IP address of the source CDN.
-- **cdnUrl**  Url of the source Content Distribution Network (CDN).
-- **congestionPrevention**  Indicates a download may have been suspended to prevent network congestion.
-- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downlinkBps**  The maximum measured available download bandwidth (in bytes per second).
-- **downlinkUsageBps**  The download speed (in bytes per second).
-- **downloadMode**  The download mode used for this file download session.
-- **downloadModeReason**  Reason for the download.
-- **downloadModeSrc**  Source of the DownloadMode setting.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **expiresAt**  The time when the content will expire from the Delivery Optimization Cache.
-- **fileID**  The ID of the file being downloaded.
-- **fileSize**  The size of the file being downloaded.
-- **gCurMemoryStreamBytes**  Current usage for memory streaming.
-- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
-- **groupConnectionCount**  The total number of connections made to peers in the same group.
-- **internetConnectionCount**  The total number of connections made to peers not in the same LAN or the same group.
-- **isEncrypted**  TRUE if the file is encrypted and will be decrypted after download.
-- **isThrottled**  Event Rate throttled (event represents aggregated data).
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **lanConnectionCount**  The total number of connections made to peers in the same LAN.
-- **linkLocalConnectionCount**  The number of connections made to peers in the same Link-local network.
-- **numPeers**  The total number of peers used for this download.
-- **numPeersLocal**  The total number of local peers used for this download.
-- **predefinedCallerName**  The name of the API Caller.
-- **restrictedUpload**  Is the upload restricted?
-- **routeToCacheServer**  The cache server setting, source, and value.
-- **sessionID**  The ID of the download session.
-- **totalTimeMs**  Duration of the download (in seconds).
-- **updateID**  The ID of the update being downloaded.
-- **uplinkBps**  The maximum measured available upload bandwidth (in bytes per second).
-- **uplinkUsageBps**  The upload speed (in bytes per second).
-- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
-
-This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Is the download a background download?
-- **cdnUrl**  The URL of the source CDN (Content Delivery Network).
-- **errorCode**  The error code that was returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being paused.
-- **isVpn**  Is the device connected to a Virtual Private Network?
-- **jobID**  Identifier for the Windows Update job.
-- **predefinedCallerName**  The name of the API Caller object.
-- **reasonCode**  The reason for pausing the download.
-- **routeToCacheServer**  The cache server setting, source, and value.
-- **sessionID**  The ID of the download session.
-- **updateID**  The ID of the update being paused.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
-
-This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background**  Indicates whether the download is happening in the background.
-- **bytesRequested**  Number of bytes requested for the download.
-- **cdnUrl**  The URL of the source Content Distribution Network (CDN).
-- **costFlags**  A set of flags representing network cost.
-- **deviceProfile**  Identifies the usage or form factor (such as Desktop, Xbox, or VM).
-- **diceRoll**  Random number used for determining if a client will use peering.
-- **doClientVersion**  The version of the Delivery Optimization client.
-- **doErrorCode**  The Delivery Optimization error code that was returned.
-- **downloadMode**  The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
-- **downloadModeReason**  Reason for the download.
-- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **errorCode**  The error code that was returned.
-- **experimentId**  ID used to correlate client/services calls that are part of the same test during A/B testing.
-- **fileID**  The ID of the file being downloaded.
-- **filePath**  The path to where the downloaded file will be written.
-- **fileSize**  Total file size of the file that was downloaded.
-- **fileSizeCaller**  Value for total file size provided by our caller.
-- **groupID**  ID for the group.
-- **isEncrypted**  Indicates whether the download is encrypted.
-- **isThrottled**  Indicates the Event Rate was throttled (event represent aggregated data).
-- **isVpn**  Indicates whether the device is connected to a Virtual Private Network.
-- **jobID**  The ID of the Windows Update job.
-- **peerID**  The ID for this delivery optimization client.
-- **predefinedCallerName**  Name of the API caller.
-- **routeToCacheServer**  Cache server setting, source, and value.
-- **sessionID**  The ID for the file download session.
-- **setConfigs**  A JSON representation of the configurations that have been set, and their sources.
-- **updateID**  The ID of the update being downloaded.
-- **usedMemoryStream**  Indicates whether the download used memory streaming.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
-
-This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cdnHeaders**  The HTTP headers returned by the CDN.
-- **cdnIp**  The IP address of the CDN.
-- **cdnUrl**  The URL of the CDN.
-- **errorCode**  The error code that was returned.
-- **errorCount**  The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **httpStatusCode**  The HTTP status code returned by the CDN.
-- **isHeadRequest**  The type of  HTTP request that was sent to the CDN. Example: HEAD or GET
-- **peerType**  The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
-- **requestOffset**  The byte offset within the file in the sent request.
-- **requestSize**  The size of the range requested from the CDN.
-- **responseSize**  The size of the range response received from the CDN.
-- **sessionID**  The ID of the download session.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.JobError
-
-This event represents a Windows Update job error. It allows for investigation of top errors. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cdnIp**  The IP Address of the source CDN (Content Delivery Network).
-- **doErrorCode**  Error code returned for delivery optimization.
-- **errorCode**  The error code returned.
-- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID**  The ID of the file being downloaded.
-- **jobID**  The Windows Update job ID.
-
-
-## Windows Update events
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
-
-This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activated**  Whether the entire device manifest update is considered activated and in use.
-- **analysisErrorCount**  The number of driver packages that could not be analyzed because errors occurred during analysis.
-- **flightId**  Unique ID for each flight.
-- **missingDriverCount**  The number of driver packages delivered by the device manifest that are missing from the system.
-- **missingUpdateCount**  The number of updates in the device manifest that are missing from the system.
-- **objectId**  Unique value for each diagnostics session.
-- **publishedCount**  The number of drivers packages delivered by the device manifest that are published and available to be used on devices.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **scenarioId**  Indicates the update scenario.
-- **sessionId**  Unique value for each update session.
-- **summary**  A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
-- **summaryAppendError**  A Boolean indicating if there was an error appending more information to the summary string.
-- **truncatedDeviceCount**  The number of devices missing from the summary string because there is not enough room in the string.
-- **truncatedDriverCount**  The number of driver packages missing from the summary string because there is not enough room in the string.
-- **unpublishedCount**  How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices.
-- **updateId**  The unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit
-
-This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  The unique GUID for each diagnostics session.
-- **relatedCV**  A correlation vector value generated from the latest USO scan.
-- **result**  Outcome of the initialization of the session.
-- **scenarioId**  Identifies the Update scenario.
-- **sessionId**  The unique value for each update session.
-- **updateId**  The unique identifier for each Update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest
-
-This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deletedCorruptFiles**  Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  Unique value for each Update Agent mode.
-- **packageCountOptional**  Number of optional packages requested.
-- **packageCountRequired**  Number of required packages requested.
-- **packageCountTotal**  Total number of packages needed.
-- **packageCountTotalCanonical**  Total number of canonical packages.
-- **packageCountTotalDiff**  Total number of diff packages.
-- **packageCountTotalExpress**  Total number of express packages.
-- **packageSizeCanonical**  Size of canonical packages in bytes.
-- **packageSizeDiff**  Size of diff packages in bytes.
-- **packageSizeExpress**  Size of express packages in bytes.
-- **rangeRequestState**  Represents the state of the download range request.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Result of the download request phase of update.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
-
-This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current session initialization.
-- **flightId**  The unique identifier for each flight.
-- **flightMetadata**  Contains the FlightId and the build being flighted.
-- **objectId**  Unique value for each Update Agent mode.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique ID for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall
-
-This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code returned for the current install phase.
-- **flightId**  The unique identifier for each flight.
-- **objectId**  The unique identifier for each diagnostics session.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **result**  Outcome of the install phase of the update.
-- **scenarioId**  The unique identifier for the update scenario.
-- **sessionId**  Unique value for each update session.
-- **updateId**  The unique identifier for each update.
-
-
-### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
-
-This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightId**  The unique identifier for each flight.
-- **mode**  The mode that is starting.
-- **objectId**  The unique value for each diagnostics session.
-- **relatedCV**  Correlation vector value generated from the latest USO scan.
-- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
-- **sessionId**  Unique value for each Update Agent mode attempt.
-- **updateId**  Unique identifier for each update.
-
-
-### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
-
-This event indicates that a notification dialog box is about to be displayed to user. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown.
-- **DaysSinceRebootRequired**  Number of days since restart was required.
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **EngagedModeLimit**  The number of days to switch between DTE dialog boxes.
-- **EnterAutoModeLimit**  The maximum number of days for a device to enter Auto Reboot mode.
-- **ETag**  OneSettings versioning value.
-- **IsForcedEnabled**  Indicates whether Forced Reboot mode is enabled for this device.
-- **IsUltimateForcedEnabled**  Indicates whether Ultimate Forced Reboot mode is enabled for this device.
-- **NotificationUxState**  Indicates which dialog box is shown.
-- **NotificationUxStateString**  Indicates which dialog box is shown.
-- **RebootUxState**  Indicates  the state of the restart (Engaged, Auto, Forced, or UltimateForced).
-- **RebootUxStateString**  Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
-- **RebootVersion**  Version of DTE.
-- **SkipToAutoModeLimit**  The minimum length of time to pass in restart pending before a device can be put into auto mode.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UtcTime**  The time the dialog box notification will be displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog
-
-This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **EnterpriseAttributionValue**  Indicates whether the Enterprise attribution is on in this dialog box.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose on this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
-
-This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time of the device sending the event.
-- **EnterpriseAttributionValue**  Indicates whether the Enterprise attribution is on in this dialog box.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in this dialog box.
-- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
-
-This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  Time the dialog box was shown on the local device.
-- **EnterpriseAttributionValue**  Indicates whether the Enterprise attribution is on in this dialog box.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the dialog box.
-- **RebootVersion**  Version of DTE.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that user chose in this dialog box.
-- **UtcTime**  The time that dialog box was displayed, in Coordinated Universal Time.
-
-
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog
-
-This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The time at which the reboot reminder dialog was shown (based on the local device time settings).
-- **EnterpriseAttributionValue**  Indicates whether Enterprise attribution is on for this dialog.
-- **ETag**  The OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the reboot reminder dialog box.
-- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
-- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
-- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
-- **UserResponseString**  The option chosen by the user on the reboot dialog box.
-- **UtcTime**  The time at which the reboot reminder dialog was shown (in UTC).
-
-
-### Microsoft.Windows.Update.NotificationUx.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows secure and up-to-date by indicating when a reboot is scheduled by the system or a user for a security, quality, or feature update.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether an Active Hours policy is present on the device.
-- **IsEnhancedEngagedReboot**  Indicates whether this is an Enhanced Engaged reboot.
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  Indicates whether a restart is scheduled outside of active hours.
-- **rebootScheduledByUser**  Indicates whether the restart was scheduled by user (if not, it was scheduled automatically).
-- **rebootState**  The current state of the restart.
-- **rebootUsingSmartScheduler**  Indicates whether the reboot is scheduled by smart scheduler.
-- **revisionNumber**  Revision number of the update that is getting installed with this restart.
-- **scheduledRebootTime**  Time of the scheduled restart.
-- **scheduledRebootTimeInUTC**  Time of the scheduled restart in Coordinated Universal Time.
-- **updateId**  ID of the update that is getting installed with this restart.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.ActivityError
-
-This event measures overall health of UpdateOrchestrator. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **callContext**  List of telemetry activities containing this error.
-- **currentContextId**  Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage**  Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName**  Name of the newest telemetry activity containing this error.
-- **failureCount**  Number of failures.
-- **failureId**  Id of the failure.
-- **failureType**  Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName**  Source code file name where the error occurred.
-- **function**  Function where the failure occurred.
-- **hresult**  Failure error code.
-- **lineNumber**  Line number within the source code file where the error occurred.
-- **message**  Custom message associated with the failure (if any).
-- **module**  Name of the binary where the error occurred.
-- **originatingContextId**  Identifier for the oldest telemetry activity containing this error
-- **originatingContextMessage**  Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName**  Name of the oldest telemetry activity containing this error.
-- **PartA_PrivTags**  Privacy tags.
-- **threadId**  Identifier of the thread the error occurred on.
-- **wilActivity**  This struct provides a Windows Internal Library context used for Product and Service diagnostics. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
-
-This event indicates a policy is present that may restrict update activity to outside of active hours. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursEnd**  The end of the active hours window.
-- **activeHoursStart**  The start of the active hours window.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours
-
-This event indicates that update activity was blocked because it is within the active hours window. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursEnd**  The end of the active hours window.
-- **activeHoursStart**  The start of the active hours window.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel
-
-This event indicates that Windows Update activity was blocked due to low battery level. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  The current battery charge capacity.
-- **batteryLevelThreshold**  The battery capacity threshold to stop update activity.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.DeferRestart
-
-This event indicates that a restart required for installing updates was postponed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **displayNeededReason**  List of reasons for needing display.
-- **eventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **filteredDeferReason**  Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
-- **gameModeReason**  Name of the executable that caused the game mode state check to start.
-- **ignoredReason**  List of reasons that were intentionally ignored.
-- **IgnoreReasonsForRestart**  List of reasons why restart was deferred.
-- **revisionNumber**  Update ID revision number.
-- **systemNeededReason**  List of reasons why system is needed.
-- **updateId**  Update ID.
-- **updateScenarioType**  Update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Detection
-
-This event sends launch data for a Windows Update scan to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  Reason why the device could not check for updates.
-- **detectionBlockingPolicy**  State of update action.
-- **detectionBlockreason**  The reason detection did not complete.
-- **detectionRetryMode**  Indicates whether we will try to scan again.
-- **errorCode**  The error code returned for the current process.
-- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the session was user initiated.
-- **networkStatus**  Error info
-- **revisionNumber**  Update revision number.
-- **scanTriggerSource**  Source of the triggered scan.
-- **updateId**  Update ID.
-- **updateScenarioType**  Identifies the type of update session being performed.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DetectionActivity
-
-This event returns data about detected updates, as well as the types of update (optional or recommended). This data helps keep Windows up to date.
-
-The following fields are available:
-
-- **applicableUpdateIdList**  The list of update identifiers.
-- **applicableUpdateList**  The list of available updates.
-- **durationInSeconds**  The amount of time (in seconds) it took for the event to run.
-- **expeditedMode**  Indicates whether Expedited Mode is on.
-- **networkCostPolicy**  The network cost.
-- **scanTriggerSource**  Indicates whether the scan is Interactive or Background.
-- **scenario**  The result code of the event.
-- **scenarioReason**  The reason for the result code (scenario).
-- **seekerUpdateIdList**  The list of “seeker” update identifiers.
-- **seekerUpdateList**  The list of “seeker” updates.
-- **services**  The list of services that were called during update.
-- **wilActivity**  The activity results. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
-
-This event indicates the reboot was postponed due to needing a display. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **displayNeededReason**  Reason the display is needed.
-- **eventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
-
-
-### Microsoft.Windows.Update.Orchestrator.Download
-
-This event sends launch data for a Windows Update download to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **deferReason**  Reason for download not completing.
-- **errorCode**  An error code represented as a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the session is user initiated.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DTUEnabled
-
-This event indicates that Inbox DTU functionality was enabled. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.DTUInitiated
-
-This event indicates that Inbox DTU functionality was initiated. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **dtuErrorCode**  Return code from creating the DTU Com Server.
-- **isDtuApplicable**  Determination of whether DTU is applicable to the machine it is running on.
-- **utilizeDtuOverWu**  Whether DTU should be utilized over Windows Update.
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels
-
-This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configVersion**  The escalation configuration version on the device.
-- **downloadElapsedTime**  Indicates how long since the download is required on device.
-- **downloadRiskLevel**  At-risk level of download phase.
-- **installElapsedTime**  Indicates how long since the install is required on device.
-- **installRiskLevel**  The at-risk level of install phase.
-- **isSediment**  Assessment of whether is device is at risk.
-- **scanElapsedTime**  Indicates how long since the scan is required on device.
-- **scanRiskLevel**  At-risk level of the scan phase.
-- **wuDeviceid**  Device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask
-
-This event indicated that USO failed to add a trigger time to a task. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The Windows Update error code.
-- **wuDeviceid**  The Windows Update device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
-
-This event sends data on whether the update was applicable to the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time when this event was generated.
-- **flightID**  The specific ID of the Windows Insider build.
-- **inapplicableReason**  The reason why the update is inapplicable.
-- **revisionNumber**  Update revision number.
-- **updateId**  Unique Windows Update ID.
-- **updateScenarioType**  Update session type.
-- **UpdateStatus**  Last status of update.
-- **UUPFallBackConfigured**  Indicates whether UUP fallback is configured.
-- **wuDeviceid**  Unique Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
-
-This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  Time of the event.
-- **flightID**  Unique update ID
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
-- **revisionNumber**  Revision number of the update.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.Install
-
-This event sends launch data for a Windows Update install to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **errorCode**  The error code reppresented by a hexadecimal value.
-- **eventScenario**  End-to-end update session ID.
-- **flightID**  The ID of the Windows Insider build the device is getting.
-- **flightUpdate**  Indicates whether the update is a Windows Insider build.
-- **ForcedRebootReminderSet**  A boolean value that indicates if a forced reboot will happen for updates.
-- **IgnoreReasonsForRestart**  The reason(s) a Postpone Restart command was ignored.
-- **installCommitfailedtime**  The time it took for a reboot to happen but the upgrade failed to progress.
-- **installRebootinitiatetime**  The time it took for a reboot to be attempted.
-- **interactive**  Identifies if session is user initiated.
-- **minutesToCommit**  The time it took to install updates.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.LowUptimes
-
-This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **availableHistoryMinutes**  The number of minutes available from the local machine activity history.
-- **isLowUptimeMachine**  Is the machine considered low uptime or not.
-- **lowUptimeMinHours**  Current setting for the minimum number of hours needed to not be considered low uptime.
-- **lowUptimeQueryDays**  Current setting for the number of recent days to check for uptime.
-- **uptimeMinutes**  Number of minutes of uptime measured.
-- **wuDeviceid**  Unique device ID for Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
-
-This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **externalOneshotupdate**  The last time a task-triggered scan was completed.
-- **interactiveOneshotupdate**  The last time an interactive scan was completed.
-- **oldlastscanOneshotupdate**  The last time a scan completed successfully.
-- **wuDeviceid**  The Windows Update Device GUID (Globally-Unique ID).
-
-
-### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
-
-This event is generated before the shutdown and commit operations. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### Microsoft.Windows.Update.Orchestrator.RebootFailed
-
-This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  Current battery capacity in mWh or percentage left.
-- **deferReason**  Reason for install not completing.
-- **EventPublishedTime**  The time that the reboot failure occurred.
-- **flightID**  Unique update ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot was scheduled outside of active hours.
-- **RebootResults**  Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RefreshSettings
-
-This event sends basic data about the version of upgrade settings applied to the system to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  Hex code for the error message, to allow lookup of the specific error.
-- **settingsDownloadTime**  Timestamp of the last attempt to acquire settings.
-- **settingsETag**  Version identifier for the settings.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
-
-This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **RebootTaskMissedTimeUTC**  The time when the reboot task was scheduled to run, but did not.
-- **RebootTaskNextTimeUTC**  The time when the reboot task was rescheduled for.
-- **RebootTaskRestoredTime**  Time at which this reboot task was restored.
-- **wuDeviceid**  Device ID for the device on which the reboot is restored.
-
-
-### Microsoft.Windows.Update.Orchestrator.ScanTriggered
-
-This event indicates that Update Orchestrator has started a scan operation. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **interactive**  Indicates whether the scan is interactive.
-- **isDTUEnabled**  Indicates whether DTU (internal abbreviation for Direct Feature Update) channel is enabled on the client system.
-- **isScanPastSla**  Indicates whether the SLA has elapsed for scanning.
-- **isScanPastTriggerSla**  Indicates whether the SLA has elapsed for triggering a scan.
-- **minutesOverScanSla**  Indicates how many minutes the scan exceeded the scan SLA.
-- **minutesOverScanTriggerSla**  Indicates how many minutes the scan exceeded the scan trigger SLA.
-- **scanTriggerSource**  Indicates what caused the scan.
-- **updateScenarioType**  The update session type.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.SeekerUpdateAvailable
-
-This event defines when an optional update is available for the device to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The unique identifier of the Windows Insider build on this device.
-- **isFeatureUpdate**  Indicates whether the update is a Feature Update.
-- **revisionNumber**  The revision number of the update.
-- **updateId**  The GUID (Globally Unique Identifier) of the update.
-- **wuDeviceid**  The Windows Update device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.SeekUpdate
-
-This event occurs when user initiates "seeker" scan. This helps keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The ID of the Windows Insider builds on the device.
-- **isFeatureUpdate**  Indicates that the target of the Seek is a feature update.
-- **revisionNumber**  The revision number of the update.
-- **updateId**  The identifier of the update.
-- **wuDeviceid**  The Windows Update device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.StickUpdate
-
-This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updateId**  Identifier associated with the specific piece of content.
-- **wuDeviceid**  Unique device ID controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.Orchestrator.SystemNeeded
-
-This event sends data about why a device is unable to reboot, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **eventScenario**  End-to-end update session ID.
-- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
-- **revisionNumber**  Update revision number.
-- **systemNeededReason**  List of apps or tasks that are preventing the system from restarting.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours
-
-This event indicates that update activity was stopped due to active hours starting. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursEnd**  The end of the active hours window.
-- **activeHoursStart**  The start of the active hours window.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  The device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel
-
-This event is sent when update activity was stopped due to a low battery level. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **batteryLevel**  The current battery charge capacity.
-- **batteryLevelThreshold**  The battery capacity threshold to stop update activity.
-- **updatePhase**  The current state of the update process.
-- **wuDeviceid**  The device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorInvalidSignature
-
-This event is sent when an updater has attempted to register a binary that is not signed by Microsoft. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updaterCmdLine**  The callback executable for the updater.
-- **updaterId**  The ID of the updater.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkInvalidCmd
-
-This event indicates a critical error with the callback binary requested by the updater. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updaterCmdLine**  The command line requested by the updater.
-- **updaterId**  The ID of the updater that requested the work.
-- **wuDeviceid**  Windows Update device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkNonSystem
-
-This event ensures that only callers with system or admin privileges are allowed to schedule work through Windows Update Universal Orchestrator. The data collected with this event is used to help keep Windows product and service secure.
-
-The following fields are available:
-
-- **updaterCmdLine**  Updater Command Line.
-- **updaterId**  Updater ID.
-- **wuDeviceid**  Device ID.
-
-
-### Microsoft.Windows.Update.Orchestrator.UnstickUpdate
-
-This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updateId**  Identifier associated with the specific piece of content.
-- **wuDeviceid**  Unique device ID controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateNotApplicableForReserves
-
-This event reports a critical error when using update reserves for OS updates to help keep Windows up to date.
-
-The following fields are available:
-
-- **updateId**  The GUID (Globally Unique Identifier) of the update.
-- **wuDeviceid**  The Windows Update device identifier.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
-
-This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **configuredPoliciescount**  Number of policies on the device.
-- **policiesNamevaluesource**  Policy name and source of policy (group policy, MDM or flight).
-- **policyCacherefreshtime**  Time when policy cache was refreshed.
-- **updateInstalluxsetting**  Indicates whether a user has set policies via a user experience option.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdaterCallbackFailed
-
-This event is sent when an updater failed to execute the registered callback. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **updaterArgument**  The argument to pass to the updater callback.
-- **updaterCmdLine**  The callback executable for the updater.
-- **updaterId**  The ID of the updater.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
-
-This event sends data about whether an update required a reboot to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **flightID**  The specific ID of the Windows Insider build the device is getting.
-- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
-- **revisionNumber**  Update revision number.
-- **updateId**  Update ID.
-- **updateScenarioType**  The update session type.
-- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.UpdaterMalformedData
-
-This event is sent when a registered updater has missing or corrupted information, to help keep Windows up to date.
-
-The following fields are available:
-
-- **malformedRegValue**  The registry value that contains the malformed or missing entry.
-- **updaterId**  The ID of the updater.
-- **wuDeviceid**  Unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
-
-This event sends information about an update that encountered problems and was not able to complete. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **errorCode**  The error code encountered.
-- **wuDeviceid**  The ID of the device in which the error occurred.
-
-
-### Microsoft.Windows.Update.Orchestrator.UsoSession
-
-This event represents the state of the USO service at start and completion. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeSessionid**  A unique session GUID.
-- **eventScenario**  The state of the update action.
-- **interactive**  Is the USO session interactive?
-- **lastErrorcode**  The last error that was encountered.
-- **lastErrorstate**  The state of the update when the last error was encountered.
-- **sessionType**  A GUID that refers to the update session type.
-- **updateScenarioType**  A descriptive update session type.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.Update.Orchestrator.UUPFallBack
-
-This event sends data when UUP needs to fall back, to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventPublishedTime**  The current event time.
-- **UUPFallBackCause**  The reason for UUP fall back.
-- **UUPFallBackConfigured**  The fall back error code.
-- **UUPFallBackErrorReason**  The reason for fall back error.
-- **wuDeviceid**  A Windows Update device ID.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
-
-This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
-- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
-- **DeviceLocalTime**  The date and time (based on the device date/time settings) the reboot mode changed.
-- **EngagedModeLimit**  The number of days to switch between DTE (Direct-to-Engaged) dialogs.
-- **EnterAutoModeLimit**  The maximum number of days a device can enter Auto Reboot mode.
-- **ETag**  The Entity Tag that represents the OneSettings version.
-- **IsForcedEnabled**  Identifies whether Forced Reboot mode is enabled for the device.
-- **IsUltimateForcedEnabled**  Identifies whether Ultimate Forced Reboot mode is enabled for the device.
-- **OldestUpdateLocalTime**  The date and time (based on the device date/time settings) this update’s reboot began pending.
-- **RebootUxState**  Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
-- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
-- **SkipToAutoModeLimit**  The maximum number of days to switch to start while in Auto Reboot mode.
-- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
-- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
-
-This event is sent when a security update has successfully completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **UtcTime**  The Coordinated Universal Time that the restart was no longer needed.
-
-
-### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
-
-This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Indicates whether Active Hours applies on this device.
-- **IsEnhancedEngagedReboot**  Indicates whether Enhanced reboot was enabled.
-- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
-- **rebootOutsideOfActiveHours**  True, if a reboot is scheduled outside of active hours. False, otherwise.
-- **rebootScheduledByUser**  True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
-- **rebootState**  Current state of the reboot.
-- **rebootUsingSmartScheduler**  Indicates that the reboot is scheduled by SmartScheduler.
-- **revisionNumber**  Revision number of the OS.
-- **scheduledRebootTime**  Time scheduled for the reboot.
-- **scheduledRebootTimeInUTC**  Time scheduled for the reboot, in UTC.
-- **updateId**  Identifies which update is being scheduled.
-- **wuDeviceid**  The unique device ID used by Windows Update.
-
-
-### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
-
-This event sends basic information for scheduling a device restart to install security updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **activeHoursApplicable**  Is the restart respecting Active Hours?
-- **IsEnhancedEngagedReboot**  TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE.
-- **rebootArgument**  The arguments that are passed to the OS for the restarted.
-- **rebootOutsideOfActiveHours**  Was the restart scheduled outside of Active Hours?
-- **rebootScheduledByUser**  Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
-- **rebootState**  The state of the restart.
-- **rebootUsingSmartScheduler**  TRUE if the reboot should be performed by the Smart Scheduler. Otherwise, FALSE.
-- **revisionNumber**  The revision number of the OS being updated.
-- **scheduledRebootTime**  Time of the scheduled reboot
-- **scheduledRebootTimeInUTC**  Time of the scheduled restart, in Coordinated Universal Time.
-- **updateId**  The Windows Update device GUID.
-- **wuDeviceid**  The Windows Update device GUID.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ControlId**  String identifying the control (if any) that was selected by the user during presentation.
-- **hrInteractionHandler**  The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
-- **hrScheduler**  The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
-- **InteractionCampaignID**  The ID of the interaction campaign that was processed.
-- **LanguageCode**  The language used to display the interaction campaign.
-- **ResultId**  The result of the evaluation/presentation.
-- **WasCompleted**  True if the interaction campaign is complete.
-- **WasPresented**  True if the Interaction Handler displayed the interaction campaign to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMICS.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncExit
-
-This event is sent when RUXIM completes checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ETagValue**  eTag for sync.
-- **hrInitialize**  Error, if any, that occurred while initializing OneSettings.
-- **hrQuery**  Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncLaunch
-
-This event is sent when RUXIM begins checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHBeginPresentation
-
-This event is generated when RUXIM is about to present an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying interaction campaign being presented.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHEndPresentation
-
-This event is generated when Interaction Handler completes presenting an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **hrPresentation**  Error, if any, occurring during the presentation.
-- **InteractionCampaignID**  GUID identifying the interaction campaign being presented.
-- **ResultId**  Result generated by the presentation.
-- **WasCompleted**  True if the interaction campaign is now considered complete.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
-
-This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **hrLocal**  The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
-- **hrPresentation**  The error (if any) reported by RUXIM Presentation Handler during presentation.
-- **InteractionCampaignID**  GUID; the user interaction campaign processed by RUXIM Interaction Handler.
-- **ResultId**  The result generated by the evaluation and presentation.
-- **WasCompleted**  True if the user interaction campaign is complete.
-- **WasPresented**  True if the user interaction campaign is displayed to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID**  GUID identifying the interaction campaign that RUXIMIH processed.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine**  The command line used to launch RUXIMIH.
-- **InteractionCampaignID**  GUID identifying the user interaction campaign that the Interaction Handler will process.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
-
-This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **HRESULT**  Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
-- **Id**  GUID passed in by the caller to identify the evaluation.
-- **NodeEvaluationData**  Structure showing the results of individual checks that occurred during the overall evaluation.
-- **Result**  Overall result generated by the evaluation.
-
-
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext**  The function where the failure occurred.
-- **currentContextId**  The ID of the current call context where the failure occurred.
-- **currentContextMessage**  The message of the current call context where the failure occurred.
-- **currentContextName**  The name of the current call context where the failure occurred.
-- **failureCount**  The number of failures for this failure ID.
-- **failureId**  The ID of the failure that occurred.
-- **failureType**  The type of the failure that occurred.
-- **fileName**  The file name where the failure occurred.
-- **function**  The function where the failure occurred.
-- **hresult**  The HResult of the overall activity.
-- **lineNumber**  The line number where the failure occurred.
-- **message**  The message of the failure that occurred.
-- **module**  The module where the failure occurred.
-- **originatingContextId**  The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
-- **originatingContextName**  The name of the originating call context that resulted in the failure.
-- **threadId**  The ID of the thread on which the activity is executing.
-
-
-## Windows Update mitigation events
-
-### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete
-
-This event provides summary information after attempting to enable In-Place Upgrade. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **applicable**  The operations that were needed to be attempted.
-- **failed**  Result of the individual operations that were attempted.
-- **hr**  Result of the overall operation to evaluate and enable In-Place Upgrade.
-
-
-### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed
-
-This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (i.e. reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **activeProcesses**  Number of active processes.
-- **atleastOneMitigationSucceeded**  Bool flag indicating if at least one mitigation succeeded.
-- **contactTSServiceAttempts**  Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
-- **countDownloadedPayload**  Count instances of payload downloaded.
-- **description**  Description of failure.
-- **devicePreference**  Recommended Troubleshooting Setting on the device.
-- **downloadBinaryAttempts**  Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
-- **downloadCabAttempts**  Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
-- **executionHR**  HR code of the execution of the mitigation.
-- **executionPreference**  Current Execution level Preference. This may not be same as devicePreference, eg when executing Critical troubleshooters, the executionPreference is set to the Silent option.
-- **exitCode**  Exit code of the execution of the mitigation.
-- **experimentFeatureId**  Experiment feature ID.
-- **experimentFeatureState**  Config state of the experiment.
-- **hr**  HRESULT for error code.
-- **isActiveSessionPresent**  If an active user session is present on the device.
-- **isCriticalMitigationAvailable**  If a critical mitigation is available to this device.
-- **isFilteringSuccessful**  If the filtering operation was successful.
-- **isReApply**  reApply status for the mitigation.
-- **mitigationId**  ID value of the mitigation.
-- **mitigationProcessCycleTime**  Process cycle time used by the mitigation.
-- **mitigationRequestWithCompressionFailed**  Boolean flag indicating if HTTP request with compression failed for this device.
-- **mitigationServiceResultFetched**  Boolean flag indicating if mitigation details were fetched from the admin service.
-- **mitigationVersion**  String indicating version of the mitigation.
-- **oneSettingsMetadataParsed**  If OneSettings metadata was parsed successfully.
-- **oneSettingsSchemaVersion**  Schema version used by the OneSettings parser.
-- **onlyNoOptMitigationsPresent**  Checks if all mitigations were no opt.
-- **parsedOneSettingsFile**  Indicates if OneSettings parsing was successful.
-- **sessionAttempts**  Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter.
-- **SessionId**  Random GUID used for grouping events in a session.
-- **subType**  Error type.
-- **totalKernelTime**  Total kernel time used by the mitigation.
-- **totalNumberOfApplicableMitigations**  Total number of applicable mitigations.
-- **totalProcesses**  Total number of processes assigned to the job object.
-- **totalTerminatedProcesses**  Total number of processes in terminated state assigned to the job object.
-- **totalUserTime**  Total user mode time used by the job object.
-
-
-### Microsoft.Windows.RecommendedTroubleshootingService.MitigationSucceeded
-
-This event is raised after an executable delivered by Mitigation Service has successfully run. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **activeProcesses**  Number of active processes.
-- **contactTSServiceAttempts**  Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
-- **devicePreference**  Recommended troubleshooting setting on the device.
-- **downloadBinaryAttempts**  Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
-- **downloadCabAttempts**  Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
-- **executionPreference**  Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option.
-- **experimentFeatureId**  Experiment feature ID.
-- **experimentFeatureState**  Feature state for the experiment.
-- **mitigationId**  ID value of the mitigation.
-- **mitigationProcessCycleTime**  Process cycle time used by the mitigation.
-- **mitigationVersion**  String indicating version of the mitigation.
-- **sessionAttempts**  Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter.
-- **SessionId**  Random GUID used for grouping events in a session.
-- **totalKernelTime**  Total kernel time used by the mitigation.
-- **totalProcesses**  Total number of processes assigned to the job object.
-- **totalTerminatedProcesses**  Total number of processes in terminated state assigned to the job object.
-- **totalUserTime**  Total user mode time used by the job object.
-
-
-### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
-
-This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The client ID used by Windows Update.
-- **FlightId**  The ID of each Windows Insider build the device received.
-- **InstanceId**  A unique device ID that identifies each update instance.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **MountedImageCount**  The number of mounted images.
-- **MountedImageMatches**  The number of mounted image matches.
-- **MountedImagesFailed**  The number of mounted images that could not be removed.
-- **MountedImagesRemoved**  The number of mounted images that were successfully removed.
-- **MountedImagesSkipped**  The number of mounted images that were not found.
-- **RelatedCV**  The correlation vector value generated from the latest USO scan.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each Windows Update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints
-
-This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightId**  Unique identifier for each flight.
-- **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ReparsePointsFailed**  Number of reparse points that are corrupted but we failed to fix them.
-- **ReparsePointsFixed**  Number of reparse points that were corrupted and were fixed by this mitigation.
-- **ReparsePointsSkipped**  Number of reparse points that are not corrupted and no action is required.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each Update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-### Mitigation360Telemetry.MitigationCustom.FixupEditionId
-
-This event sends data specific to the FixupEditionId mitigation used for OS updates. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **EditionIdUpdated**  Determine whether EditionId was changed.
-- **FlightId**  Unique identifier for each flight.
-- **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
-- **MitigationScenario**  The update scenario in which the mitigation was executed.
-- **ProductEditionId**  Expected EditionId value based on GetProductInfo.
-- **ProductType**  Value returned by GetProductInfo.
-- **RegistryEditionId**  EditionId value in the registry.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **Result**  HResult of this operation.
-- **ScenarioId**  ID indicating the mitigation scenario.
-- **ScenarioSupported**  Indicates whether the scenario was supported.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-- **WuId**  Unique ID for the Windows Update client.
-
-
-### Mitigation360Telemetry.MitigationCustom.FixupWimmountSysPath
-
-This event sends data specific to the FixupWimmountSysPath mitigation used for OS Updates. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightId**  Unique identifier for each flight.
-- **ImagePathDefault**  Default path to wimmount.sys driver defined in the system registry.
-- **ImagePathFixedup**  Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation.
-- **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
-- **MitigationScenario**  The update scenario in which the mitigations were attempted.
-- **RelatedCV**  Correlation vector value.
-- **Result**  HResult of this operation.
-- **ScenarioId**  Setup360 flow type.
-- **ScenarioSupported**  Whether the updated scenario that was passed in was supported.
-- **SessionId**  The UpdateAgent “SessionId” value.
-- **UpdateId**  Unique identifier for the Update.
-- **WuId**  Unique identifier for the Windows Update client.
-
-
-## Windows Update Reserve Manager events
-
-### Microsoft.Windows.UpdateReserveManager.BeginScenario
-
-This event is sent when the Update Reserve Manager is called to begin a scenario. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Flags**  The flags that are passed to the begin scenario function.
-- **HardReserveSize**  The size of the hard reserve.
-- **HardReserveUsedSpace**  The used space in the hard reserve.
-- **OwningScenarioId**  The scenario ID the client that called the begin scenario function.
-- **ReturnCode**  The return code for the begin scenario operation.
-- **ScenarioId**  The scenario ID that is internal to the reserve manager.
-- **SoftReserveSize**  The size of the soft reserve.
-- **SoftReserveUsedSpace**  The amount of soft reserve space that was used.
-
-
-### Microsoft.Windows.UpdateReserveManager.ClearReserve
-
-This event is sent when the Update Reserve Manager clears one of the reserves. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FinalReserveUsedSpace**  The amount of used space for the reserve after it was cleared.
-- **Flags**  The context of clearing the reserves.
-- **InitialReserveUsedSpace**  The amount of used space for the reserve before it was cleared.
-- **ReserveId**  The ID of the reserve that needs to be cleared.
-
-
-### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FinalAdjustment**  Final adjustment for the hard reserve following the addition or removal of optional content.
-- **InitialAdjustment**  Initial intended adjustment for the hard reserve following the addition or removal of optional content.
-
-
-### Microsoft.Windows.UpdateReserveManager.EndScenario
-
-This event is sent when the Update Reserve Manager ends an active scenario. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ActiveScenario**  The current active scenario.
-- **Flags**  The flags passed to the end scenario call.
-- **HardReserveSize**  The size of the hard reserve when the end scenario is called.
-- **HardReserveUsedSpace**  The used space in the hard reserve when the end scenario is called.
-- **ReturnCode**  The return code of this operation.
-- **ScenarioId**  The ID of the internal reserve manager scenario.
-- **SoftReserveSize**  The size of the soft reserve when end scenario is called.
-- **SoftReserveUsedSpace**  The amount of the soft reserve used when end scenario is called.
-
-
-### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError
-
-This event is sent when the Update Reserve Manager returns an error from one of its internal functions. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FailedExpression**  The failed expression that was returned.
-- **FailedFile**  The binary file that contained the failed function.
-- **FailedFunction**  The name of the function that originated the failure.
-- **FailedLine**  The line number of the failure.
-- **ReturnCode**  The return code of the function.
-
-
-### Microsoft.Windows.UpdateReserveManager.InitializeReserves
-
-This event is sent when reserves are initialized on the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FallbackInitUsed**  Indicates whether fallback initialization is used.
-- **FinalUserFreeSpace**  The amount of user free space after initialization.
-- **Flags**  The flags used in the initialization of Update Reserve Manager.
-- **FreeSpaceToLeaveInUpdateScratch**  The amount of space that should be left free after using the reserves.
-- **HardReserveFinalSize**  The final size of the hard reserve.
-- **HardReserveFinalUsedSpace**  The used space in the hard reserve.
-- **HardReserveInitialSize**  The size of the hard reserve after initialization.
-- **HardReserveInitialUsedSpace**  The utilization of the hard reserve after initialization.
-- **HardReserveTargetSize**  The target size that was set for the hard reserve.
-- **InitialUserFreeSpace**  The user free space during initialization.
-- **PostUpgradeFreeSpace**  The free space value passed into the Update Reserve Manager to determine reserve sizing post upgrade.
-- **SoftReserveFinalSize**  The final size of the soft reserve.
-- **SoftReserveFinalUsedSpace**  The used space in the soft reserve.
-- **SoftReserveInitialSize**  The soft reserve size after initialization.
-- **SoftReserveInitialUsedSpace**  The utilization of the soft reserve after initialization.
-- **SoftReserveTargetSize**  The target size that was set for the soft reserve.
-- **TargetUserFreeSpace**  The target user free space that was passed into the reserve manager to determine reserve sizing post upgrade.
-- **UpdateScratchFinalUsedSpace**  The used space in the scratch reserve.
-- **UpdateScratchInitialUsedSpace**  The utilization of the scratch reserve after initialization.
-- **UpdateScratchReserveFinalSize**  The utilization of the scratch reserve after initialization.
-- **UpdateScratchReserveInitialSize**  The size of the scratch reserve after initialization.
-
-
-### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
-
-This event returns data about the Update Reserve Manager, including whether it’s been initialized. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ClientId**  The ID of the caller application.
-- **Flags**  The enumerated flags used to initialize the manager.
-- **FlightId**  The flight ID of the content the calling client is currently operating with.
-- **Offline**  Indicates whether or the reserve manager is called during offline operations.
-- **PolicyPassed**  Indicates whether the machine is able to use reserves.
-- **ReturnCode**  Return code of the operation.
-- **Version**  The version of the Update Reserve Manager.
-
-
-### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
-
-This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FallbackLogicUsed**  Indicates whether fallback logic was used for initialization.
-- **Flags**  The flags that are passed to the function to prepare the Trusted Installer for reserve initialization.
-
-
-### Microsoft.Windows.UpdateReserveManager.ReevaluatePolicy
-
-This event is sent when the Update Reserve Manager reevaluates policy to determine reserve usage. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **PolicyChanged**  Indicates whether the policy has changed.
-- **PolicyFailedEnum**  The reason why the policy failed.
-- **PolicyPassed**  Indicates whether the policy passed.
-
-
-### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateReserveManager.TurnOffReserves
-
-This event is sent when the Update Reserve Manager turns off reserve functionality for certain operations. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Flags**  Flags used in the turn off reserves function.
-- **HardReserveSize**  The size of the hard reserve when Turn Off is called.
-- **HardReserveUsedSpace**  The amount of space used by the hard reserve when Turn Off is called
-- **ScratchReserveSize**  The size of the scratch reserve when Turn Off is called.
-- **ScratchReserveUsedSpace**  The amount of space used by the scratch reserve when Turn Off is called.
-- **SoftReserveSize**  The size of the soft reserve when Turn Off is called.
-- **SoftReserveUsedSpace**  The amount of the soft reserve used when Turn Off is called.
-
-
-### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
-
-This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ChangeSize**  The change in the hard reserve size based on the addition or removal of optional content.
-- **Disposition**  The parameter for the hard reserve adjustment function.
-- **Flags**  The flags passed to the hard reserve adjustment function.
-- **PendingHardReserveAdjustment**  The final change to the hard reserve size.
-- **UpdateType**  Indicates whether the change is an increase or decrease in the size of the hard reserve.
-
-
-## Winlogon events
-
-### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
-
-This event signals the completion of the setup process. It happens only once during the first logon.
-
-
-
-## XBOX events
-
-### Microsoft.Xbox.XamTelemetry.AppActivationError
-
-This event indicates whether the system detected an activation error in the app.
-
-The following fields are available:
-
-- **ActivationUri**  Activation URI (Uniform Resource Identifier) used in the attempt to activate the app.
-- **AppId**  The Xbox LIVE Title ID.
-- **AppUserModelId**  The AUMID (Application User Model ID) of the app to activate.
-- **Result**  The HResult error.
-- **UserId**  The Xbox LIVE User ID (XUID).
-
-
-### Microsoft.Xbox.XamTelemetry.AppActivity
-
-This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
-
-The following fields are available:
-
-- **AppActionId**  The ID of the application action.
-- **AppCurrentVisibilityState**  The ID of the current application visibility state.
-- **AppId**  The Xbox LIVE Title ID of the app.
-- **AppPackageFullName**  The full name of the application package.
-- **AppPreviousVisibilityState**  The ID of the previous application visibility state.
-- **AppSessionId**  The application session ID.
-- **AppType**  The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
-- **BCACode**  The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
-- **DurationMs**  The amount of time (in milliseconds) since the last application state transition.
-- **IsTrialLicense**  This boolean value is TRUE if the application is on a trial license.
-- **LicenseType**  The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
-- **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
-- **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
-- **UserId**  The XUID (Xbox User ID) of the current user.
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
deleted file mode 100644
index 090b84a4dd..0000000000
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Changes to Windows diagnostic data collection
-description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 06/04/2020
-ms.topic: conceptual
-ms.collection: privacy-windows
----
-
-# Changes to Windows diagnostic data collection
-
-**Applies to**
-- Windows 11, version 21H2 and later
-- Windows 10, version 1903 and later
-- Windows Server 2022
-
-Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we've moved our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this change will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
-
-This article is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
-
-- [Taxonomy changes](#taxonomy-changes)
-- [Behavioral changes](#behavioral-changes)
-
-## Summary of changes
-
-In Windows 10, version 1903 and later, you'll see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
-
-Additionally, starting in Windows 11 and Windows Server 2022, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
-
-Prior to December 13 2022, the default setting for Windows Server 2022 Datacenter: Azure Edition images deployed using Azure Marketplace was **Diagnostic data off**. Beginning December 13 2022, all newly deployed images are set to **Required diagnostic data** to align with all other Windows releases. All other Windows releases and existing installations remain unchanged.
-
-## Taxonomy changes
-
-Starting in Windows 10, version 1903 and later, both the **Out-of-Box-Experience** (OOBE) and the **Diagnostics & feedback** privacy setting pages will reflect the following changes:
-
-- The **Basic** diagnostic data level is being labeled as **Required**.
-- The **Full** diagnostic data level is being labeled as **Optional**.
-
-> [!IMPORTANT]
-> No action is required for the taxonomy changes, and your existing settings will be maintained as part of this update.
-
-## Behavioral changes
-
-Starting in Windows 11 and Windows Server 2022, we’re simplifying the Windows diagnostic data controls by moving from four diagnostic data settings to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they're upgraded to a supported version of the operating system, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that use enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change.
-
-Additionally, you'll see the following policy changes in Windows Server 2022, Windows 11, and Windows Holographic, version 21H1 (HoloLens 2):
-
-| Policy type | Current policy | Renamed policy |
-| --- | --- | --- |
-| Group Policy | Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow Telemetry**<ul><li>**0 - Security** <br /></li><li>**1 - Basic**<br /></li><li>**2 - Enhanced**<br /></li><li>**3 - Full**<br /></li></ul>| Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow Diagnostic Data**<ul><li>**Diagnostic data off (not recommended)** <br /></li><li>**Send required diagnostic data**<br /></li><li>**Send optional diagnostic data**<br /></li></ul> |
-| Group Policy |Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure telemetry opt-in settings user interface**| Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure diagnostic data opt-in settings user interface** |
-| Group Policy |Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure telemetry opt-in change notifications**| Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure diagnostic data opt-in change notifications** |
-
-A final set of changes includes two new policies that can help you fine-tune diagnostic data collection within your organization. These policies let you limit the amount of optional diagnostic data that’s sent back to Microsoft.
-
-- The **Limit dump collection** policy is a new policy that can be used to limit the types of [crash dumps](/windows/win32/dxtecharts/crash-dump-analysis) that can be sent back to Microsoft. If this policy is enabled, Windows Error Reporting will send only kernel mini dumps and user mode triage dumps.
-  - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Dump Collection**
-  - MDM policy: System/LimitDumpCollection 
-- The **Limit diagnostic log collection** policy is another new policy that limits the number of diagnostic logs that are sent back to Microsoft. If this policy is enabled, diagnostic logs aren't sent back to Microsoft.
-  - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection**
-  - MDM policy: System/LimitDiagnosticLogCollection
-
-For more info, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
-
-## Services that rely on Enhanced diagnostic data
-
-Customers who use services that depend on Windows diagnostic data, such as [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data), may be impacted by the behavioral changes when they're released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
-
-## Significant change to the Windows diagnostic data processor configuration
-
-> [!NOTE]
-> The information in this section applies to the following versions of Windows:
-> - Windows 10, versions 20H2, 21H2, 22H2, and newer
-> - Windows 11, versions 21H2, 22H2, 23H2, and newer
-
-Previously, IT admins could use policies (for example, the “Allow commercial data pipeline” policy) at the individual device level to enroll devices in the Windows diagnostic data processor configuration.
-
-Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined.
-
-We made this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way and in the same geographic region, and to help us implement our plan to [store and process EU Data for European enterprise customers in the EU](/privacy/eudb/eu-data-boundary-learn).
-
-For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration).
-
-## Data collection changes
-
-> [!NOTE]
-> The information in this section applies to the following versions of Windows:
-> - Windows 10, version 22H2 and newer
-> - Windows 11, version 23H2 and newer
-
-As of March 6, 2024, Microsoft Edge diagnostic data is collected separately from Windows diagnostic data on Windows 10 and Windows 11 devices in the European Economic Area. The collection of Microsoft Edge diagnostic data is subject to its own settings. For more information related to this change, see [Microsoft Edge, browsing data, and privacy](https://support.microsoft.com/windows/bb8174ba-9d73-dcf2-9b4a-c582b4e640dd).
\ No newline at end of file
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 638225c604..8747c838f4 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -70,6 +70,8 @@ Depending on the diagnostic data settings on the device, diagnostic data can be
 
 Later in this document we provide further details about how to control what’s collected and what data can be included in these different types of diagnostic data.
 
+As of March 6, 2024, Microsoft Edge diagnostic data is collected separately from Windows diagnostic data on Windows 10 (version 22H2 and newer) and Windows 11 (version 23H2 and newer) devices in the European Economic Area. The collection of Microsoft Edge diagnostic data is subject to its own settings. For more information related to this change, see [Microsoft Edge, browsing data, and privacy](https://support.microsoft.com/windows/bb8174ba-9d73-dcf2-9b4a-c582b4e640dd).
+
 ### Data transmission
 
 All diagnostic data is encrypted using Transport Layer Security (TLS) and uses certificate pinning during transfer from the device to the Microsoft data management services.
@@ -351,7 +353,6 @@ From a compliance standpoint, this change means that Microsoft will be the proce
 For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data:
 
 - [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview)
-- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)
 - [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)
 - [Windows updates reports (in Microsoft Intune)](/mem/intune/protect/data-enable-windows-data#windows-data)
 
diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md
index 45dd76cdba..63e25e508f 100644
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@@ -44,7 +44,7 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn
 Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
 
 > [!Important]
-> It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](./microsoft-diagnosticdataviewer.md).
+> It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](./diagnostic-data-viewer-powershell.md).
 
 ### Start the Diagnostic Data Viewer
 
diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/diagnostic-data-viewer-powershell.md
similarity index 100%
rename from windows/privacy/Microsoft-DiagnosticDataViewer.md
rename to windows/privacy/diagnostic-data-viewer-powershell.md
diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json
index 74a8cc0de8..7c6d2bef5b 100644
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@@ -59,7 +59,9 @@
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "alekyaj"
+        "alekyaj",
+        "padmagit77",
+        "aditisrivastava07"
       ]
     },
     "searchScope": [
@@ -70,4 +72,4 @@
   "template": [],
   "dest": "privacy",
   "markdownEngineName": "markdig"
-}
\ No newline at end of file
+}
diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
deleted file mode 100644
index c31afd7cdc..0000000000
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ /dev/null
@@ -1,424 +0,0 @@
----
-title: Enhanced diagnostic data required by Windows Analytics (Windows 10)
-description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 10/12/2017
-ms.topic: reference
----
-
-
-# Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy
-
- **Applies to**
-
-- Windows 10, version 1709 and newer
-
-> [!IMPORTANT]
-> - The Upgrade Readiness and Device Health solutions of Windows Analytics were retired on January 31, 2020.
-> - Desktop Analytics is deprecated and was retired on November 30, 2022.
-
-Desktop Analytics reports are powered by diagnostic data not included in the Basic level.
-
-In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only the events described below. The Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
-
-With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
-
-## KernelProcess.AppStateChangeSummary
-This event summarizes application usage and performance characteristics to help Microsoft improve performance and reliability. Organizations can use this event with Desktop Analytics to gain insights into application reliability.
-
-The following fields are available:
-
-- **CommitChargeAtExit_Sum:** Total memory commit charge for a process when it exits
-- **CommitChargePeakAtExit_Sum**: Total peak memory commit charge for a process when it exits
-- **ContainerId:** Server Silo Container ID
-- **CrashCount:** Number of crashes for a process instance
-- **CycleCountAtExit_Sum:** Total processor cycles for a process when it exited
-- **ExtraInfoFlags:** Flags indicating internal states of the logging
-- **GhostCount_Sum:** Total number of instances where the application stopped responding
-- **HandleCountAtExit_Sum:** Total handle count for a process when it exits
-- **HangCount_Max:** Maximum number of hangs detected
-- **HangCount_Sum:** Total number of application hangs that are detected
-- **HardFaultCountAtExit_Sum:** Total number of hard page faults detected for a process when it exits
-- **HeartbeatCount:** Heartbeats logged for this summary
-- **HeartbeatSuspendedCount:** Heartbeats logged for this summary where the process was suspended
-- **LaunchCount:** Number of process instances started
-- **LicenseType:** Reserved for future use
-- **ProcessDurationMS_Sum:** Total duration of wall clock process instances
-- **ReadCountAtExit_Sum:** Total IO reads for a process when it exited
-- **ReadSizeInKBAtExit_Sum:** Total IO read size for a process when it exited
-- **ResumeCount:** Number of times a process instance has resumed
-- **RunningDurationMS_Sum:** Total uptime
-- **SuspendCount:** Number of times a process instance was suspended
-- **TargetAppId:** Application identifier
-- **TargetAppType:** Application type
-- **TargetAppVer:** Application version
-- **TerminateCount:** Number of times a process terminated
-- **WriteCountAtExit_Sum:** Total number of IO writes for a process when it exited
-- **WriteSizeInKBAtExit_Sum:** Total size of IO writes for a process when it exited          
-
-## Microsoft.Office.TelemetryEngine.IsPreLaunch
-Applicable for Office UWP applications. This event is fired when an Office application is initiated for the first-time post upgrade/install from the store. It's part of basic diagnostic data. It's used to track whether a particular session is a launch session or not.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **SessionID:** ID of the session
-
-## Microsoft.Office.SessionIdProvider.OfficeProcessSessionStart
-This event sends basic information upon the start of a new Office session. It's used to count the number of unique sessions seen on a given device. The event is used as a heartbeat event to ensure that the application is running on a device. In addition, it serves as a critical signal for overall application reliability.
-
-- **AppSessionGuid:** ID of the session that maps to the process of the application
-- **processSessionId:** ID of the session that maps to the process of the application
-
-## Microsoft.Office.TelemetryEngine.SessionHandOff
-Applicable to Win32 Office applications. This event helps us understand whether there was a new session created to handle a user-initiated file open event. It is a critical diagnostic information that is used to derive reliability signal and ensure that the application is working as expected.
-
-- **appVersionBuild:** Third part Build version of the application *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **childSessionID:** ID of the session that was created to handle the user initiated file open
-- **parentSessionId:** ID of the session that was already running
-
-## Microsoft.Office.CorrelationMetadata.UTCCorrelationMetadata
-Collects Office metadata through UTC to compare with equivalent data collected through the Office telemetry pipeline to check correctness and completeness of data.
-
-- **abConfigs:** List of features enabled for this session
-- **abFlights:** List of features enabled for this session
-- **AppSessionGuid:** ID of the session
-- **appVersionBuild:** Third part Build version of the application *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRevision:** Fourth part of the version *.*.*.XXXXX
-- **audienceGroup:** Is this group part of the insiders or production?
-- **audienceId:** ID of the audience setting
-- **channel:** Are you part of Semi annual channel or Semi annual channel-Targeted?
-- **deviceClass:** Is this device a desktop device or a mobile device?
-- **impressionId:** What features were available to you in this session
-- **languageTag:** Language of the app
-- **officeUserID:** A unique identifier tied to the office installation on a particular device.
-- **osArchitecture:** Is the machine 32 bit or 64 bit?
-- **osEnvironment:** Is this app a win32 app or a UWP app?
-- **osVersionString:** Version of the OS
-- **sessionID:** ID of the session
-
-## Microsoft.Office.ClickToRun.UpdateStatus
-Applicable to all Win32 applications. Helps us understand the status of the update process of the office suite (Success or failure with error details).
-
-- **build:** App version
-- **channel:** Is this part of GA Channel?
-- **errorCode:** What error occurred during the upgrade process?
-- **errorMessage:** what was the error message during the upgrade process?
-- **status:** Was the upgrade successful or not?
-- **targetBuild:** What app version were we trying to upgrade to?
-
-## Microsoft.Office.TelemetryEngine.FirstIdle
-This event is fired when the telemetry engine within an office application is ready to send telemetry. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.FirstProcessed
-This event is fired when the telemetry engine within an office application has processed the rules or the list of events that we need to collect. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.FirstRuleRequest
-This event is fired when the telemetry engine within an office application has received the first rule or list of events that need to be sent by the app. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.Init
-This event is fired when the telemetry engine within an office application has been initialized or not. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.Resume
-This event is fired when the application resumes from sleep state. Used for understanding whether there are issues in the application life cycle.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.RuleRequestFailed
-This event is fired when the telemetry engine within an office application fails to retrieve the rules containing the list of telemetry events. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.RuleRequestFailedDueToClientOffline
-This event is fired when the telemetry engine within an office application fails to retrieve the rules containing the list of telemetry events, when the device is offline. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.ShutdownComplete
-This event is fired when the telemetry engine within an office application has processed the rules or the list of events that we need to collect. Useful for understanding whether a particular crash is happening during an app-shutdown, and could potentially lead in data loss or not.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.ShutdownStart
-This event is fired when the telemetry engine within an office application has been uninitialized, and the application is shutting down. Useful for understanding whether a particular crash is happening during an app-shutdown, and could potentially lead in data loss or not.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
-- **SessionID:** ID of the session
-
-## Microsoft.Office.TelemetryEngine.SuspendComplete
-This event is fired when the telemetry engine within an office application has processed the rules or the list of events that we need to collect. Used for understanding whether there are issues in telemetry.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
-- **SessionID:** ID of the session
-- **SuspendType:** Type of suspend
-
-## Microsoft.Office.TelemetryEngine.SuspendStart
-This event is fired when the office application suspends as per app life-cycle change. Used for understanding whether there are issues in the application life cycle.
-
-- **appVersionBuild:** Third part of the version *.*.XXXXX.*
-- **appVersionMajor:** First part of the version X.*.*.*
-- **appVersionMinor:** Second part of the version *.X.*.*
-- **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
-- **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
-- **SessionID:** ID of the session
-- **SuspendType:** Type of suspend
-
-## Microsoft.OSG.OSS.CredProvFramework.ReportResultStop
-This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve sign-in reliability. Using this event with Desktop Analytics can help organizations monitor and improve sign-in success for different methods (for example, biometric) on managed devices.
-
-The following fields are available:
-
-- **CredTileProviderId:** ID of the Credential Provider
-- **IsConnectedUser:** Flag indicating whether a user is connected or not
-- **IsPLAPTile:** Flag indicating whether this credential tile is a pre-logon access provider or not
-- **IsRemoteSession:** Flag indicating whether the session is remote or not
-- **IsV2CredProv:** Flag indicating whether the credential provider of V2 or not
-- **OpitonalStatusText:** Status text
-- **ProcessImage:** Image path to the process
-- **ProviderId:** Credential provider ID
-- **ProviderStatusIcon:** Indicates which status icon should be displayed
-- **ReturnCode:** Output of the ReportResult function
-- **SessionId:** Session identifier
-- **Sign-in error status:** The sign-in error status
-- **SubStatus:** Sign-in error substatus
-- **UserTag:** Count of the number of times a user has selected a provider
-
-## Microsoft.Windows.Kernel.Power.OSStateChange
-This event denotes the transition between operating system states (On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can monitor reliability and performance of managed devices.
-
-The following fields are available:
-
-- **AcPowerOnline:** If "TRUE," the device is using AC power. If "FALSE," the device is using battery power.
-- **ActualTransitions:** The number of transitions between operating system states since the last system boot
-- **BatteryCapacity:** Maximum battery capacity in mWh
-- **BatteryCharge:** Current battery charge as a percentage of total capacity
-- **BatteryDischarging:** Flag indicating whether the battery is discharging or charging
-- **BootId:** Total boot count since the operating system was installed
-- **BootTimeUTC:** Date and time of a particular boot event (identified by BootId)
-- **EnergyChangeV2:** A snapshot value in mWh reflecting a change in power usage
-- **EnergyChangeV2Flags:** Flags for disambiguating EnergyChangeV2 context
-- **EventSequence:** A sequential number used to evaluate the completeness of the data
-- **LastStateTransition:** ID of the last operating system state transition
-- **LastStateTransitionSub:** ID of the last operating system substate transition
-- **StateDurationMS:** Number of milliseconds spent in the last operating system state
-- **StateTransition:** ID of the operating system state the system is transitioning to
-- **StateTransitionSub:** ID of the operating system substate the system is transitioning to
-- **TotalDurationMS:** Total time (in milliseconds) spent in all states since the last boot
-- **TotalUptimeMS:** Total time (in milliseconds) the device was in Up or Running states since the last boot
-- **TransitionsToOn:** Number of transitions to the Powered On state since the last boot
-- **UptimeDeltaMS:** Total time (in milliseconds) added to Uptime since the last event
-
-## Microsoft.Windows.LogonController.LogonAndUnlockSubmit
-Sends details of the user attempting to sign into or unlock the device.
-
-The following fields are available:
-
-- **isSystemManagedAccount:** Indicates if the user's account is System Managed
-- **isUnlockScenario:** Flag indicating whether the event is a Logon or an Unlock
-- **userType:** Indicates the user type: 0 = unknown; 1 = local; 2 = Active Directory domain user; 3 = Microsoft Account; 4 = Azure Active Directory user
-
-## Microsoft.Windows.LogonController.SignInFailure
-Sends details about any error codes detected during a failed sign-in.
-
-The following fields are available:
-
-- **ntsStatus:** The NTSTATUS error code status returned from an attempted sign-in
-- **ntsSubstatus:** The NTSTATUS error code substatus returned from an attempted sign-in 
-
-## Microsoft.Windows.Security.Biometrics.Service.BioServiceActivityCapture
-Indicates that a biometric capture was compared to known templates
-
-The following fields are available:
-
-- **captureDetail:** Result of biometric capture, either matched to an enrollment or an error 
-- **captureSuccessful:** Indicates whether a biometric capture was successfully matched or not
-- **hardwareId:** ID of the sensor that collected the biometric capture
-- **isSecureSensor:** Flag indicating whether a biometric sensor was in enhanced security mode
-- **isTrustletRunning:** Indicates whether an enhanced security component is currently running
-- **isVsmCfg:** Flag indicating whether virtual secure mode is configured or not
-
-## Microsoft.Windows.Security.Winlogon.SystemBootStop
-System boot has completed.
-
-The following field is available:
-
-- **ticksSinceBoot:** Duration of boot event (milliseconds)
-
-## Microsoft.Windows.Shell.Desktop.LogonFramework.AllLogonTasks
-This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics, organizations can help identify logon problems on managed devices.
-
-The following fields are available:
-
-- **isAadUser:** Indicates whether the current logon is for an Azure Active Directory account
-- **isDomainUser:** Indicates whether the current logon is for a domain account
-- **isMSA:** Indicates whether the current logon is for a Microsoft Account
-- **logonOptimizationFlags:** Flags indicating optimization settings for this logon session
-- **logonTypeFlags:** Flags indicating logon type (first logon vs. a later logon)
-- **systemManufacturer:** Device manufacturer
-- **systemProductName:** Device product name
-- **wilActivity:** Indicates errors in the task to help Microsoft improve reliability.
-
-## Microsoft.Windows.Shell.Desktop.LogonFramework.LogonTask
-This event describes system tasks that are part of the user logon sequence and helps Microsoft to improve reliability.
-
-The following fields are available:
-
-- **isStartWaitTask:** Flag indicating whether the task starts a background task 
-- **isWaitMethod:** Flag indicating the task is waiting on a background task
-- **logonTask:** Indicates which logon step is currently occurring
-- **wilActivity:** Indicates errors in the task to help Microsoft improve reliability.
-
-## Microsoft.Windows.Shell.Explorer.DesktopReady
-Initialization of Explorer is complete.
-
-## Microsoft-Windows-Security-EFS-EDPAudit-ApplicationLearning.EdpAuditLogApplicationLearning
-For a device subject to Windows Information Protection policy, learning events are generated when an app encounters a policy boundary (for example, trying to open a work document from a personal app). These events help the Windows Information Protection administrator tune policy rules and prevent unnecessary user disruption.
-
-The following fields are available:
-
-- **actiontype:** Indicates what type of resource access the app was attempting (for example, opening a local document vs. a network resource) when it encountered a policy boundary. Useful for Windows Information Protection administrators to tune policy rules.
-- **appIdType:** Based on the type of application, this field indicates what type of app rule a Windows Information Protection administrator would need to create for this app.
-- **appname:** App that triggered the event
-- **status:** Indicates whether errors occurred during Windows Information Protection learning events
-
-## Win32kTraceLogging.AppInteractivitySummary
-Summarizes which app windows are being used (for example, have focus) to help Microsoft improve compatibility and user experience. Also helps organizations (by using Desktop Analytics) to understand and improve application reliability on managed devices.
-
-The following fields are available:
-   
-- **AggregationDurationMS:** Actual duration of aggregation period (in milliseconds)
-- **AggregationFlags:** Flags denoting aggregation settings
-- **AggregationPeriodMS:** Intended duration of aggregation period (in milliseconds)
-- **AggregationStartTime:** Start date and time of AppInteractivity aggregation
-- **AppId:** Application ID for usage
-- **AppSessionId:** GUID identifying the application's usage session
-- **AppVersion:** Version of the application that produced this event
-- **AudioInMS:** Audio capture duration (in milliseconds)
-- **AudioOutMS:** Audio playback duration (in milliseconds)
-- **BackgroundMouseSec:** Indicates that there was a mouse hover event while the app was in the background
-- **BitPeriodMS:** Length of the period represented by InFocusBitmap
-- **CommandLineHash:** A hash of the command line
-- **CompositionDirtyGeneratedSec:** Represents the amount of time (in seconds) during which the active app reported that it had an update
-- **CompositionDirtyPropagatedSec:** Total time (in seconds) that a separate process with visuals hosted in an app signaled updates
-- **CompositionRenderedSec:** Time (in seconds) that an app's contents were rendered
-- **EventSequence:** [need more info]
-- **FocusLostCount:** Number of times that an app lost focus during the aggregation period
-- **GameInputSec:** Time (in seconds) there was user input using a game controller
-- **HidInputSec:** Time (in seconds) there was user input using devices other than a game controller
-- **InFocusBitmap:** Series of bits representing application having and losing focus
-- **InFocusDurationMS:** Total time (in milliseconds) the application had focus
-- **InputSec:** Total number of seconds during which there was any user input
-- **InteractiveTimeoutPeriodMS:** Total time (in milliseconds) that inactivity expired interactivity sessions
-- **KeyboardInputSec:** Total number of seconds during which there was keyboard input
-- **MonitorFlags:** Flags indicating app use of individual monitor(s)
-- **MonitorHeight:** Number of vertical pixels in the application host monitor resolution
-- **MonitorWidth:** Number of horizontal pixels in the application host monitor resolution
-- **MouseInputSec:** Total number of seconds during which there was mouse input
-- **NewProcessCount:** Number of new processes contributing to the aggregate
-- **PartATransform_AppSessionGuidToUserSid:** Flag that influences how other parts of the event are constructed
-- **PenInputSec:** Total number of seconds during which there was pen input
-- **SpeechRecognitionSec:** Total number of seconds of speech recognition
-- **SummaryRound:** Incrementing number indicating the round (batch) being summarized
-- **TargetAsId:** Flag that influences how other parts of the event are constructed
-- **TotalUserOrDisplayActiveDurationMS:** Total time the user or the display was active (in milliseconds)
-- **TouchInputSec:** Total number of seconds during which there was touch input
-- **UserActiveDurationMS:** Total time that the user was active including all input methods
-- **UserActiveTransitionCount:** Number of transitions in and out of user activity
-- **UserOrDisplayActiveDurationMS:** Total time the user was using the display
-- **ViewFlags:** Flags denoting  properties of an app view (for example, special VR view or not)
-- **WindowFlags:** Flags denoting runtime properties of an app window
-- **WindowHeight:** Number of vertical pixels in the application window
-- **WindowWidth:** Number of horizontal pixels in the application window
-
-## Revisions
-
-### PartA_UserSid removed
-A previous revision of this list stated that a field named PartA_UserSid was a member of the event Microsoft.Windows.LogonController.LogonAndUnlockSubmit. This statement was incorrect. The list has been updated to reflect that no such field is present in the event.
-
-### Office events added
-In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 16 events were added, describing Office app launch and availability. These events were added to improve the precision of Office data in Windows Analytics.
-
-> [!NOTE]
-> Office data will no longer be provided through this policy in Desktop Analytics.
-
-### CertAnalytics events removed
-In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 3 "CertAnalytics" events were removed, as they are no longer required for Desktop Analytics.
-
->[!NOTE]
->You can use the Windows Diagnostic Data Viewer to observe and review events and their fields as described in this topic.
diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index a1a6c53040..d59b42605f 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -109,22 +109,12 @@ To view endpoints for Windows Enterprise, see:
 
 - [Manage connection endpoints for Windows 11](manage-windows-11-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
-- [Manage connection endpoints for Windows 10  version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
 
 To view endpoints for non-Enterprise Windows editions, see:
 
 - [Windows 11 connection endpoints for non-Enterprise editions](windows-11-endpoints-non-enterprise-editions.md)
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+
 
 > [!IMPORTANT]
 > To inquire about Windows data access or interoperability related to the Digital Markets Act (DMA), [submit this form](https://go.microsoft.com/fwlink/p/?linkid=2271128).
\ No newline at end of file
diff --git a/windows/privacy/images/ddv-event-feedback.png b/windows/privacy/images/ddv-event-feedback.png
deleted file mode 100644
index 61c1c15e99..0000000000
Binary files a/windows/privacy/images/ddv-event-feedback.png and /dev/null differ
diff --git a/windows/privacy/images/ddv-event-view-basic.png b/windows/privacy/images/ddv-event-view-basic.png
deleted file mode 100644
index 5668e13bec..0000000000
Binary files a/windows/privacy/images/ddv-event-view-basic.png and /dev/null differ
diff --git a/windows/privacy/images/ddv-event-view-filter.png b/windows/privacy/images/ddv-event-view-filter.png
deleted file mode 100644
index addd53271d..0000000000
Binary files a/windows/privacy/images/ddv-event-view-filter.png and /dev/null differ
diff --git a/windows/privacy/images/ddv-export.png b/windows/privacy/images/ddv-export.png
deleted file mode 100644
index 25e62858db..0000000000
Binary files a/windows/privacy/images/ddv-export.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-azure-info-protection.png b/windows/privacy/images/gdpr-azure-info-protection.png
deleted file mode 100644
index ff4581286d..0000000000
Binary files a/windows/privacy/images/gdpr-azure-info-protection.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-comp-info-protection.png b/windows/privacy/images/gdpr-comp-info-protection.png
deleted file mode 100644
index a332b3476f..0000000000
Binary files a/windows/privacy/images/gdpr-comp-info-protection.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-cve-graph.png b/windows/privacy/images/gdpr-cve-graph.png
deleted file mode 100644
index ebc3e7e36b..0000000000
Binary files a/windows/privacy/images/gdpr-cve-graph.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-intelligent-security-graph.png b/windows/privacy/images/gdpr-intelligent-security-graph.png
deleted file mode 100644
index 9448465c08..0000000000
Binary files a/windows/privacy/images/gdpr-intelligent-security-graph.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-security-center.png b/windows/privacy/images/gdpr-security-center.png
deleted file mode 100644
index 26936520a9..0000000000
Binary files a/windows/privacy/images/gdpr-security-center.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-security-center2.png b/windows/privacy/images/gdpr-security-center2.png
deleted file mode 100644
index 971a9918a5..0000000000
Binary files a/windows/privacy/images/gdpr-security-center2.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-security-center3.png b/windows/privacy/images/gdpr-security-center3.png
deleted file mode 100644
index 2c5e279211..0000000000
Binary files a/windows/privacy/images/gdpr-security-center3.png and /dev/null differ
diff --git a/windows/privacy/images/gdpr-steps-diagram.png b/windows/privacy/images/gdpr-steps-diagram.png
deleted file mode 100644
index 8fce18bccd..0000000000
Binary files a/windows/privacy/images/gdpr-steps-diagram.png and /dev/null differ
diff --git a/windows/privacy/images/priv-telemetry-levels.png b/windows/privacy/images/priv-telemetry-levels.png
deleted file mode 100644
index 9581cee54d..0000000000
Binary files a/windows/privacy/images/priv-telemetry-levels.png and /dev/null differ
diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml
index 45001f0589..f06366e02f 100644
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@@ -9,7 +9,7 @@ metadata:
   description: Learn about how privacy is managed in Windows.
   ms.service: windows-client
   ms.subservice: itpro-privacy
-  ms.topic: hub-page # Required
+  ms.topic: hub-page
   ms.collection:
   - highpri
   - essentials-privacy
@@ -17,162 +17,49 @@ metadata:
   author: DHB-MSFT
   ms.author: danbrown
   manager: laurawi
-  ms.date: 09/08/2021 #Required; mm/dd/yyyy format.
+  ms.date: 06/27/2024
   ms.localizationpriority: high
 
-# highlightedContent section (optional)
-# Maximum of 8 items
 highlightedContent:
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
   items:
-    # Card
     - title: Windows privacy & compliance guide for IT and compliance professionals
       itemType: overview
-      url: Windows-10-and-privacy-compliance.md
-    # Card
+      url: windows-privacy-compliance-guide.md
     - title: Configure Windows diagnostic data
       itemType: how-to-guide
       url: configure-windows-diagnostic-data-in-your-organization.md
-    # Card
     - title: View Windows diagnostic data
       itemType: how-to-guide
       url: diagnostic-data-viewer-overview.md
 
-# productDirectory section (optional)
 productDirectory:
   title: Understand Windows diagnostic data in Windows 10 and Windows 11
   summary: For the latest Windows 10 version and Windows 11, learn more about what Windows diagnostic data is collected under the different settings.
   items:
-    # Card
     - title: Windows 11 required diagnostic data
-      # imageSrc should be square in ratio with no whitespace
       imageSrc: /media/common/i_extend.svg
       summary: Learn more about basic Windows diagnostic data events and fields collected.
       url: required-diagnostic-events-fields-windows-11-22H2.md
-    # Card
     - title: Windows 10 required diagnostic data
       imageSrc: /media/common/i_build.svg
       summary: See what changes Windows is making to align to the new data collection taxonomy
       url: required-windows-diagnostic-data-events-and-fields-2004.md
-    # Card
     - title: Optional diagnostic data
       imageSrc: /media/common/i_get-started.svg
       summary: Get examples of the types of optional diagnostic data collected from Windows
-      url: windows-diagnostic-data.md
+      url: optional-diagnostic-data.md
 
-# conceptualContent section (optional)
-# conceptualContent:
-# # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
-#   title: sectiontitle # < 60 chars (optional)
-#   summary: sectionsummary # < 160 chars (optional)
-#   items:
-#     # Card
-#     - title: cardtitle1
-#       links:
-#         - url: file1.md OR https://learn.microsoft.com/file1
-#           itemType: itemType
-#           text: linktext1
-#         - url: file2.md OR https://learn.microsoft.com/file2
-#           itemType: itemType
-#           text: linktext2
-#         - url: file3.md OR https://learn.microsoft.com/file3
-#           itemType: itemType
-#           text: linktext3
-#       # footerLink (optional)
-#       footerLink:
-#         url: filefooter.md OR https://learn.microsoft.com/filefooter
-#         text: See more
-#     # Card
-#     - title: cardtitle2
-#       links:
-#         - url: file1.md OR https://learn.microsoft.com/file1
-#           itemType: itemType
-#           text: linktext1
-#         - url: file2.md OR https://learn.microsoft.com/file2
-#           itemType: itemType
-#           text: linktext2
-#         - url: file3.md OR https://learn.microsoft.com/file3
-#           itemType: itemType
-#           text: linktext3
-#       # footerLink (optional)
-#       footerLink:
-#         url: filefooter.md OR https://learn.microsoft.com/filefooter
-#         text: See more
-#     # Card
-#     - title: cardtitle3
-#       links:
-#         - url: file1.md OR https://learn.microsoft.com/file1
-#           itemType: itemType
-#           text: linktext1
-#         - url: file2.md OR https://learn.microsoft.com/file2
-#           itemType: itemType
-#           text: linktext2
-#         - url: file3.md OR https://learn.microsoft.com/file3
-#           itemType: itemType
-#           text: linktext3
-#       # footerLink (optional)
-#       footerLink:
-#         url: filefooter.md OR https://learn.microsoft.com/filefooter
-#         text: See more
-
-# # tools section (optional)
-# tools:
-#   title: sectiontitle # < 60 chars (optional)
-#   summary: sectionsummary # < 160 chars (optional)
-#   items:
-#     # Card
-#     - title: cardtitle1
-#       # imageSrc should be square in ratio with no whitespace
-#       imageSrc: ./media/index/image1.svg OR https://learn.microsoft.com/media/logos/image1.svg
-#       url: file1.md
-#     # Card
-#     - title: cardtitle2
-#       imageSrc: ./media/index/image2.svg OR https://learn.microsoft.com/media/logos/image2.svg
-#       url: file2.md
-#     # Card
-#     - title: cardtitle3
-#       imageSrc: ./media/index/image3.svg OR https://learn.microsoft.com/media/logos/image3.svg
-#       url: file3.md
-
-# additionalContent section (optional)
-# Card with summary style
-# additionalContent:
-#   # Supports up to 3 sections
-#   sections:
-#     - title: sectiontitle # < 60 chars (optional)
-#       summary: sectionsummary # < 160 chars (optional)
-#       items:
-#         # Card
-#         - title: cardtitle1
-#           summary: cardsummary1
-#           url: file1.md OR https://learn.microsoft.com/file1
-#         # Card
-#         - title: cardtitle2
-#           summary: cardsummary2
-#           url: file1.md OR https://learn.microsoft.com/file2
-#         # Card
-#         - title: cardtitle3
-#           summary: cardsummary3
-#           url: file1.md OR https://learn.microsoft.com/file3
-#   # footer (optional)
-#   footer: "footertext [linktext](/footerfile)"
-
-# additionalContent section (optional)
-# Card with links style
 additionalContent:
-  # Supports up to 3 sections
   sections:
     - items:
-        # Card
         - title: View and manage Windows 10 connection endpoints
           links:
             - text: Manage Windows 10 connection endpoints
-              url: ./manage-windows-2004-endpoints.md
+              url: ./manage-windows-21h2-endpoints.md
             - text: Manage connection endpoints for non-Enterprise editions of Windows 10
-              url: windows-endpoints-2004-non-enterprise-editions.md
+              url: windows-endpoints-21h1-non-enterprise-editions.md
             - text: Manage connections from Windows to Microsoft services
               url: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
-        # Card
         - title: Additional resources
           links:
             - text: Windows 10 on Trust Center
@@ -181,5 +68,4 @@ additionalContent:
               url: /microsoft-365/compliance/gdpr
             - text: Support for GDPR Accountability on Service Trust Portal
               url: https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
-  # footer (optional)
-  # footer: "footertext [linktext](/footerfile)"
+
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index e664498af2..0632da527d 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -19,7 +19,7 @@ ms.topic: reference
 - Windows 10 Enterprise 1903 version and newer
 
 
-This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article.  While it's possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
+This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](/mem/intune/configuration/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article.  While it's possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
 
 >[!IMPORTANT]
 >- The Allowed Traffic endpoints for an MDM configuration are here: [Allowed Traffic](#bkmk-mdm-allowedtraffic)
@@ -30,13 +30,13 @@ This article describes the network connections that Windows 10 and Windows 11 co
 >- The **Get Help** and **Give us Feedback** links in Windows may no longer work after applying some or all of the MDM/CSP settings.
 
 >[!Warning]
->If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Remove Everything" option the >Windows Restricted Traffic Limited Functionality settings will need to be re-applied in order re-restrict the device's egress traffic. >To do this the client must be re-enrolled to the Microsoft Intune service. Egress traffic may occur during the period prior to the re->application of the Restricted Traffic Limited Functionality settings.  If the user executes a "Reset this PC" with the "Keep my files" >option the Restricted Traffic Limited Functionality settings are retained on the device, and therefore the client will remain in a >Restricted Traffic configuration during and after the "Keep my files" reset, and no re-enrollment is required. 
+>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Remove Everything" option the >Windows Restricted Traffic Limited Functionality settings will need to be re-applied in order re-restrict the device's egress traffic. >To do this the client must be re-enrolled to the Microsoft Intune service. Egress traffic may occur during the period prior to the re->application of the Restricted Traffic Limited Functionality settings.  If the user executes a "Reset this PC" with the "Keep my files" >option the Restricted Traffic Limited Functionality settings are retained on the device, and therefore the client will remain in a >Restricted Traffic configuration during and after the "Keep my files" reset, and no re-enrollment is required.
 
-For more information on Microsoft Intune, see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](/intune/).
+For more information on Microsoft Intune, see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](/mem/intune/).
 
 For detailed information about managing network connections to Microsoft services using Windows Settings, Group Policies and Registry settings see [Manage connections from Windows operating system components to Microsoft services](./manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
-We're always striving to improve our documentation and welcome your feedback. You can provide feedback by sending email to **telmhelp**@**microsoft.com**. 
+We're always striving to improve our documentation and welcome your feedback. You can provide feedback by sending email to **telmhelp**@**microsoft.com**.
 
 
 ## Settings for Windows 10 Enterprise edition 1903 and later and Windows 11
@@ -55,15 +55,15 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
 1. **Date & Time**
    1. MDM Policy: [Settings/AllowDateTime](/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime). Allows the user to change date and time settings.  **Set to 0 (zero)**
 
-1. **Device metadata retrieval** 
+1. **Device metadata retrieval**
    1. MDM Policy: [DeviceInstallation/PreventDeviceMetadataFromNetwork](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork). Choose whether to prevent Windows from retrieving device metadata from the Internet.  **Set to Enabled**
 
-1. **Find My Device** 
+1. **Find My Device**
    1. MDM Policy: [Experience/AllowFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice). This policy turns on Find My Device.  **Set to 0  (zero)**
 
-1. **Font streaming** 
+1. **Font streaming**
    1. MDM Policy: [System/AllowFontProviders](/windows/client-management/mdm/policy-csp-system#system-allowfontproviders).  Setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. **Set to 0  (zero)**
-1. **Insider Preview builds** 
+1. **Insider Preview builds**
    1. MDM Policy: [System/AllowBuildPreview](/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview). This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. **Set to 0  (zero)**
 
 1. **Internet Explorer** The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](/windows/client-management/mdm/policy-csp-internetexplorer)
@@ -74,7 +74,7 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
    1. MDM Policy: [InternetExplorer/DisableHomePageChange](/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange). Determines whether users can change the default Home Page or not. **Set to String** with Value:
       1. **\<enabled/>\<data id=”EnterHomePagePrompt” value=”Start Page”/>**
    1. MDM Policy: [InternetExplorer/DisableFirstRunWizard](/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard). Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to String** with Value:
-      1. **\<enabled/>\<data id=”FirstRunOptions” value=”1”/>** 
+      1. **\<enabled/>\<data id=”FirstRunOptions” value=”1”/>**
 
 1. **Live Tiles**
    1. MDM Policy: [Notifications/DisallowTileNotification](/windows/client-management/mdm/policy-csp-notifications). This policy setting turns off tile notifications. If you enable this policy setting applications and system features won't be able to update their tiles and tile badges in the Start screen.  **Integer value 1**
@@ -101,8 +101,8 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
    1. MDM Policy: [EnableOfflineMapsAutoUpdate](/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate). Disables the automatic download and update of map data. **Set to 0  (zero)**
 
 1. **OneDrive**
-   1. MDM Policy: [DisableOneDriveFileSync](/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** 
-   1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 or Windows 11 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (for example "18.162.0812.0001"). There's a folder named "adm" which contains the admx and adml policy definition files. 
+   1. MDM Policy: [DisableOneDriveFileSync](/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
+   1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 or Windows 11 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (for example "18.162.0812.0001"). There's a folder named "adm" which contains the admx and adml policy definition files.
    1. MDM Policy: Prevent Network Traffic before User SignIn. **PreventNetworkTrafficPreUserSignIn**. The OMA-URI value is:  **./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn**, Data type: **String**, Value: **\<enabled/>**
 
 
@@ -118,21 +118,21 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
    1. Account info - [Privacy/LetAppsAccessAccountInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo). Specifies whether Windows apps can access account information. **Set to 2 (two)**
    1. Contacts - [Privacy/LetAppsAccessContacts](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts). Specifies whether Windows apps can access contacts. **Set to 2 (two)**
    1. Calendar - [Privacy/LetAppsAccessCalendar](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar). Specifies whether Windows apps can access the calendar. **Set to 2 (two)**
-   1. Call history - [Privacy/LetAppsAccessCallHistory](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory). Specifies whether Windows apps can access account information. **Set to 2 (two)** 
-   1. Email - [Privacy/LetAppsAccessEmail](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail). Specifies whether Windows apps can access email. **Set to 2 (two)** 
-   1. Messaging - [Privacy/LetAppsAccessMessaging](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging). Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)** 
+   1. Call history - [Privacy/LetAppsAccessCallHistory](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory). Specifies whether Windows apps can access account information. **Set to 2 (two)**
+   1. Email - [Privacy/LetAppsAccessEmail](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail). Specifies whether Windows apps can access email. **Set to 2 (two)**
+   1. Messaging - [Privacy/LetAppsAccessMessaging](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging). Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)**
    1. Phone calls - [Privacy/LetAppsAccessPhone](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone). Specifies whether Windows apps can make phone calls. **Set to 2 (two)**
-   1. Radios - [Privacy/LetAppsAccessRadios](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios). Specifies whether Windows apps have access to control radios. **Set to 2 (two)** 
-   1. Other devices - [Privacy/LetAppsSyncWithDevices](/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices). Specifies whether Windows apps can sync with devices. **Set to 2 (two)** 
+   1. Radios - [Privacy/LetAppsAccessRadios](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios). Specifies whether Windows apps have access to control radios. **Set to 2 (two)**
+   1. Other devices - [Privacy/LetAppsSyncWithDevices](/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices). Specifies whether Windows apps can sync with devices. **Set to 2 (two)**
    1. Other devices - [Privacy/LetAppsAccessTrustedDevices](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices). Specifies whether Windows apps can access trusted devices. **Set to 2 (two)**
    1. Feedback & diagnostics - [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry). Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)**
-   1. Feedback & diagnostics - [Experience/DoNotShowFeedbackNotifications](/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications). Prevents devices from showing feedback questions from Microsoft.  **Set to 1 (one)** 
+   1. Feedback & diagnostics - [Experience/DoNotShowFeedbackNotifications](/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications). Prevents devices from showing feedback questions from Microsoft.  **Set to 1 (one)**
    1. Background apps - [Privacy/LetAppsRunInBackground](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground). Specifies whether Windows apps can run in the background. **Set to 2 (two)**
    1. Motion - [Privacy/LetAppsAccessMotion](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion). Specifies whether Windows apps can access motion data. **Set to 2 (two)**
    1. Tasks - [Privacy/LetAppsAccessTasks](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks). Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)**
-   1. App Diagnostics - [Privacy/LetAppsGetDiagnosticInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo). Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)** 
+   1. App Diagnostics - [Privacy/LetAppsGetDiagnosticInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo). Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)**
 1. **Software Protection Platform** - [Licensing/DisallowKMSClientOnlineAVSValidation](/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation). Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)**
-1. **Storage Health** - [Storage/AllowDiskHealthModelUpdates](/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates). Allows disk health model updates. **Set to 0 (zero)** 
+1. **Storage Health** - [Storage/AllowDiskHealthModelUpdates](/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates). Allows disk health model updates. **Set to 0 (zero)**
 1. **Sync your settings** - [Experience/AllowSyncMySettings](/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings). Control whether your settings are synchronized. **Set to 0 (zero)**
 1. **Teredo** - No MDM needed. Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM.
 1. **Wi-Fi Sense** - No MDM needed. Wi-Fi Sense is no longer available from Windows 10 version 1803 and later or Windows 11.
@@ -162,7 +162,7 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
 ### <a href="" id="bkmk-mdm-allowedtraffic"></a> Allowed traffic for Microsoft Intune / MDM configurations
 
 |**Allowed traffic endpoints**
-| --- | 
+| --- |
 |activation-v2.sls.microsoft.com/*|
 |cdn.onenote.net|
 |client.wns.windows.com|
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 8d8aa99a85..ce375a294b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -7,7 +7,7 @@ ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: laurawi
-ms.date: 03/07/2016
+ms.date: 06/27/2024
 ms.topic: reference
 ---
 
@@ -425,7 +425,7 @@ To turn off Insider Preview builds for Windows 10 and Windows 11:
 ### <a href="" id="bkmk-ie"></a>8. Internet Explorer
 
 > [!NOTE]
-> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](/troubleshoot/browsers/enhanced-security-configuration-faq). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
+> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](/previous-versions/troubleshoot/browsers/security-privacy/enhanced-security-configuration-faq). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -537,6 +537,9 @@ To turn off Live Tiles:
 
 ### <a href="" id="bkmk-mailsync"></a>11. Mail synchronization
 
+> [!NOTE]
+> The Mail app and mail synchronization aren't available on Windows Server.
+
 To turn off mail synchronization for Microsoft Accounts that are configured on a device:
 
 - In **Settings** > **Accounts** > **Your email and accounts**, remove any connected Microsoft Accounts.
@@ -1607,7 +1610,7 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
 
   -or-
 
-- Create a new REG_SZ registry setting named **Teredo_State** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition** with a value of **Disabled**.
+- Create a new REG_SZ registry setting named **Teredo_State** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition** with a value of `Disabled`.
 
 
 ### <a href="" id="bkmk-wifisense"></a>23. Wi-Fi Sense
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index 1bebf8277d..f67087eb36 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -27,7 +27,7 @@ Some Windows components, app, and related services transfer data to Microsoft ne
 
 This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
 Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it.
+Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it.
 
 We used the following methodology to derive these network endpoints:
 
@@ -157,9 +157,9 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Certificates
 
-Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or is not trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
+Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
 
-If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
+If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
 
 The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses.
 
@@ -218,7 +218,7 @@ To turn off traffic for these endpoints, enable the following Group Policy: Admi
 ## Font streaming
 
 The following endpoints are used to download fonts on demand.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you won't be able to download fonts on demand.
 
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@@ -451,7 +451,7 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 | svchost | HTTP  | `*.dl.delivery.mp.microsoft.com` |
 
 The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store.
 
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@@ -463,7 +463,7 @@ These are dependent on enabling:
 - [Microsoft account](manage-windows-1809-endpoints.md#microsoft-account)
 
 The following endpoint is used for content regulation.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint, and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
 
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@@ -486,11 +486,6 @@ To view endpoints for other versions of Windows 10 Enterprise, see:
 
 - [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
 
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-
 
 ## Related links
 
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
deleted file mode 100644
index 4ac562a487..0000000000
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ /dev/null
@@ -1,183 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 1903
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-# Manage connection endpoints for Windows 10 Enterprise, version 1903
-
-**Applies to**
-
-- Windows 10 Enterprise, version 1903
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic. 
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 
-4. Compile reports on traffic going to public IP addresses.
-5.  The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here. 
-7.  These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8.  These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 1903 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|`blob.weather.microsoft.com`|
-|||HTTP|tile-service.weather.microsoft.com|
-|||HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US|
-||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
-||The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|candycrushsoda.king.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|wallet.microsoft.com|
-||The following endpoint is used by the Groove Music app for update HTTP handler status. If you turn off traffic for this endpoint, apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app.|HTTPS|mediaredirect.microsoft.com|
-||The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint disable the Microsoft Store.|HTTPS|int.whiteboard.microsoft.com|
-|||HTTPS|wbd.ms|
-|||HTTPS|whiteboard.microsoft.com|
-|||HTTP / HTTPS|whiteboard.ms|
-|Azure |The following endpoints are related to Azure. |HTTPS|wd-prod-*fe*.cloudapp.azure.com|
-|||HTTPS|ris-prod-atm.trafficmanager.net|
-|||HTTPS|validation-v2.sls.trafficmanager.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||HTTP|ctldl.windowsupdate.com|
-|Cortana and Search|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you'll block images that are used for Microsoft Store suggestions.|HTTPS|store-images.*microsoft.com|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com/client|
-|||HTTPS|www.bing.com|
-|||HTTPS|www.bing.com/proactive|
-|||HTTPS|www.bing.com/threshold/xls.aspx|
-|||HTTP|exo-ring.msedge.net|
-|||HTTP|fp.msedge.net|
-|||HTTP|fp-vp.azureedge.net|
-|||HTTP|odinvzc.azureedge.net|
-|||HTTP|spo-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-||The following endpoint is used to retrieve device metadata. If you  turn off traffic for this endpoint, metadata won't be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||HTTP|v10.events.data.microsoft.com|
-|||HTTPS|v10.vortex-win.data.microsoft.com/collect/v1|
-|||HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|HTTPS|co4.telecommand.telemetry.microsoft.com|
-|||HTTP|cs11.wpc.v0cdn.net|
-|||HTTPS|cs1137.wpc.gammacdn.net|
-|||TLS v1.2|modern.watson.data.microsoft.com*|
-|||HTTPS|watson.telemetry.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||HTTPS|*licensing.mp.microsoft.com*|
-|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps can't use location data. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location)|
-|||HTTPS|inference.location.live.net|
-|||HTTP|location-inference-westus.cloudapp.net|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|HTTPS|*g.akamaiedge.net|
-|||HTTP|*maps.windows.com*|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
-|||HTTP|us.configsvc1.live.com.akadns.net|
-|Microsoft Edge|This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|||HTTP|www.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com*|
-|||HTTPS|store-images.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLS v1.2|*.md.mp.microsoft.com*|
-|||HTTPS|*displaycatalog.mp.microsoft.com|
-|||HTTP|storeedgefd.dsx.mp.microsoft.com|
-|||HTTP|markets.books.microsoft.com|
-|||HTTP |share.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTP|*.c-msedge.net|
-|||HTTPS|*.e-msedge.net|
-|||HTTPS|*.s-msedge.net|
-|||HTTPS|nexusrules.officeapps.live.com|
-|||HTTPS|ocos-office365-s2s.msedge.net|
-|||HTTPS|officeclient.microsoft.com|
-|||HTTPS|outlook.office365.com|
-|||HTTPS|client-office365-tas.msedge.net|
-|||HTTPS|www.office.com|
-|||HTTPS|onecollector.cloudapp.aria|
-|||HTTP|v10.events.data.microsoft.com/onecollector/1.0/|
-|||HTTPS|self.events.data.microsoft.com|
-||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
-|||HTTP|msagfx.live.com|
-|||HTTPS|oneclient.sfx.ms|
-|||HTTP| windows.policies.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||HTTPS|cy2.settings.data.microsoft.com.akadns.net|
-|||HTTPS|settings.data.microsoft.com|
-|||HTTPS|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS|browser.pipe.aria.microsoft.com|
-|||HTTP|config.edge.skype.com|
-|||HTTP|s2s.config.skype.com|
-|||HTTPS|skypeecs-prod-usw-0-b.cloudapp.net|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS|wdcp.microsoft.com|
-|||HTTPS|definitionupdates.microsoft.com|
-|||HTTPS|go.microsoft.com|
-||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications won't appear.|HTTPS|*.smartscreen.microsoft.com|
-|||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
-|||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLS v1.2|*.search.msn.com|
-|||HTTPS|arc.msn.com|
-|||HTTPS|g.msn.com*|
-|||HTTPS|query.prod.cms.rt.microsoft.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||HTTPS|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
-|||HTTPS|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com|
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
deleted file mode 100644
index 7e47f156a7..0000000000
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ /dev/null
@@ -1,133 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 1909
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-# Manage connection endpoints for Windows 10 Enterprise, version 1909
-
-**Applies to**
-
-- Windows 10 Enterprise, version 1909
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 1909 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-|||HTTP|tile-service.weather.microsoft.com/en-us/livetile/preinstall|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/*|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com*|
-|||HTTPS|www.bing.com/client/config|
-|||TLS v1.2|fp.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|HTTPS|*.telecommand.telemetry.microsoft.com|
-|||TLS v1.2|watson.*.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||HTTPS|*licensing.mp.microsoft.com|
-|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
-|Location|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location)|
-||The following endpoints are used for location data. If you turn off traffic for this endpoint, apps can't use location data.|TLS v1.2|inference.location.live.net|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|HTTP|*maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLS v1.2|*login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
-||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLS v1.2|1storecatalogrevocation.storequality.microsoft.com|
-|||HTTPS|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTP/ TLS v1.2|v10.events.data.microsoft.com/onecollector/1.0/|
-|||TLS v1.2|*.blob.core.windows.net|
-|||HTTP|officehomeblobs.blob.core.windows.net|
-||The following endpoints are used by Microsoft OfficeHub to get the metadata of Microsoft Office apps |TLS v1.2|c-ring.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLS v1.2|*g.live.com|
-|||HTTPS|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|||HTTP| windows.policies.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLS v1.2|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS|*.pipe.aria.microsoft.com|
-|||HTTP/TLS v1.2|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLS v1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS/TLS v1.2|*.smartscreen-prod.microsoft.com|
-|||HTTPS|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||HTTPS/TLS v1.2|arc.msn.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||HTTPS/TLS v1.2|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTP|*.delivery.mp.microsoft.com|
-|||HTTPS/TLS v1.2|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS/TLS v1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
deleted file mode 100644
index f9101f343c..0000000000
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ /dev/null
@@ -1,135 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 2004
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 2004.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-# Manage connection endpoints for Windows 10 Enterprise, version 2004
-
-**Applies to**
-
-- Windows 10 Enterprise, version 2004
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 2004 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoints are used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|blob.weather.microsoft.com|
-|||HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/*|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2|www.bing.com*|
-|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-||The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.|HTTPS|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Windows Diagnostic Data, Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|HTTPS|*.telecommand.telemetry.microsoft.com|
-|||TLS v1.2|watson.*.microsoft.com|
-|Font Streaming|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-||The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand. |HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||HTTPS|*licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2|*maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2|*login.live.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLSv1.2/HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLSv1.2|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com|
-|||HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|*ow1.res.office365.com|
-|||HTTPS|office.com|
-|||HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS|self.events.data.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2|*g.live.com|
-|||TLSv1.2|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS|*.pipe.aria.microsoft.com|
-|||HTTPS|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||TLSv1.2|wdcp.microsoft.com|
-|||HTTPS|go.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
-|||HTTPS|*.smartscreen.microsoft.com |
-|||HTTPS|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2|arc.msn.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
-|||TLSv1.2|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|TLSv1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2|dlassets-ssl.xboxlive.com|
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md
deleted file mode 100644
index 8ae07104f4..0000000000
--- a/windows/privacy/manage-windows-20H2-endpoints.md
+++ /dev/null
@@ -1,151 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 20H2
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-
-# Manage connection endpoints for Windows 10 Enterprise, version 20H2
-
-**Applies to**
-
-- Windows 10 Enterprise, version 20H2
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 20H2 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|I-ring.msedge.net|
-|||HTTPS|s-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-|||HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
-|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-|||HTTPS|fs.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
-||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won't be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTP|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTP|share.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|www.office.com|
-|||HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS|officehomeblobs.blob.core.windows.net|
-|||HTTPS|self.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2/HTTPS/HTTP|g.live.com|
-|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
-|||HTTPS|settings.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
-|||HTTPS/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|dlassets-ssl.xboxlive.com|
-
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md
deleted file mode 100644
index 0d0e1bd833..0000000000
--- a/windows/privacy/manage-windows-21H1-endpoints.md
+++ /dev/null
@@ -1,153 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 21H1
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-
-# Manage connection endpoints for Windows 10 Enterprise, version 21H1
-
-**Applies to**
-
-- Windows 10 Enterprise, version 21H1
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 21H1 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft Store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft Store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft Store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|I-ring.msedge.net|
-|||HTTPS|s-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-|||HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: **Administrative Templates** > **Windows Components** > **Windows Error Reporting** > **Disable Windows Error Reporting**. This means error reporting information won't be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
-|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-|||HTTPS|fs.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
-||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won't be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead, disable the traffic that's getting forwarded.|HTTP|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTP|share.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|www.office.com|
-|||HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS|officehomeblobs.blob.core.windows.net|
-|||HTTPS|self.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2/HTTPS/HTTP|g.live.com|
-|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
-|||HTTPS|settings.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
-|||HTTPS/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Microsoft Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|dlassets-ssl.xboxlive.com|
-
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md
index 029867e536..d9b12eeca8 100644
--- a/windows/privacy/manage-windows-21h2-endpoints.md
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@@ -129,18 +129,8 @@ The following methodology was used to derive these network endpoints:
 
 To view endpoints for other versions of Windows 10 Enterprise, see:
 
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
 
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
 
 ## Related links
 
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/optional-diagnostic-data.md
similarity index 98%
rename from windows/privacy/windows-diagnostic-data.md
rename to windows/privacy/optional-diagnostic-data.md
index 44ea57dcd1..6b1643a86d 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/optional-diagnostic-data.md
@@ -1,5 +1,5 @@
 ---
-title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10)
+title: Optional diagnostic data for Windows 11 and Windows 10
 description: Use this article to learn about the types of optional diagnostic data that is collected.
 ms.service: windows-client
 ms.subservice: itpro-privacy
@@ -12,7 +12,7 @@ ms.collection: highpri
 ms.topic: reference
 ---
 
-# Windows 10, version 1709 and later and Windows 11 optional diagnostic data
+# Optional diagnostic data for Windows 11 and Windows 10
 
 Applies to:
 - Windows 11, version 23H2
@@ -20,14 +20,10 @@ Applies to:
 - Windows 11, version 21H2
 - Windows 10, version 22H2
 - Windows 10, version 21H2
-- Windows 10, version 21H1
-- Windows 10, version 20H2
-- Windows 10, version 2004
-- Windows 10, version 1909
-- Windows 10, version 1903
 - Windows 10, version 1809
-- Windows 10, version 1803
-- Windows 10, version 1709
+
+> [!NOTE]
+> The information in this article also applies to these versions of Windows 10: 21H1, 20H2, 2004, 1909, 1903, 1803, and 1709. But those versions have reached their end of servicing date. For more information, see [Microsoft Product Lifecycle](/lifecycle/products).
 
 Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of optional diagnostic data collected by Windows, with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 11 required diagnostic events and fields](/windows/privacy/required-windows-11-diagnostic-events-and-fields).
 
diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
index 99496ee032..97d13f6d72 100644
--- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
@@ -29,11 +29,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 
diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
index 7969cc1cca..15649caaf5 100644
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@@ -29,11 +29,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 
diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index c336dba245..4fb9beb260 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -1,6 +1,6 @@
 ---
 description: Learn more about the required Windows 10 diagnostic data gathered.
-title: Required diagnostic events and fields for Windows 10 (versions 22H2, 21H2, 21H1, 20H2, and 2004)
+title: Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2
 ms.service: windows-client
 ms.subservice: itpro-privacy
 ms.localizationpriority: high
@@ -13,16 +13,15 @@ ms.topic: reference
 ---
 
 
-# Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004
+# Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2
 
  **Applies to**
 
 - Windows 10, version 22H2
 - Windows 10, version 21H2
-- Windows 10, version 21H1
-- Windows 10, version 20H2
-- Windows 10, version 2004
 
+> [!NOTE]
+> The information in this article also applies to these versions of Windows 10: 21H1, 20H2, and 2004. But those versions have reached their end of servicing date. For more information, see [Microsoft Product Lifecycle](/lifecycle/products).
 
 Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
 
@@ -34,11 +33,7 @@ You can learn more about Windows functional and diagnostic data through these ar
 
 - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
 - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 
diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index b6ad626c23..9c47130eca 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -2,43 +2,29 @@
   href: index.yml
   items: 
     - name: "Windows Privacy Compliance: A Guide for IT and Compliance Professionals"
-      href: windows-10-and-privacy-compliance.md
+      href: windows-privacy-compliance-guide.md
     - name: Configure Windows diagnostic data in your organization
       href: configure-windows-diagnostic-data-in-your-organization.md
-    - name: Changes to Windows diagnostic data collection
-      href: changes-to-windows-diagnostic-data-collection.md
     - name: Diagnostic Data Viewer
       items: 
         - name: Diagnostic Data Viewer Overview
           href: diagnostic-data-viewer-overview.md
         - name: Diagnostic Data Viewer for PowerShell Overview
-          href: Microsoft-DiagnosticDataViewer.md
+          href: diagnostic-data-viewer-powershell.md
     - name: Required Windows diagnostic data events and fields
       items: 
         - name: Windows 11, versions 23H2 and 22H2
           href: required-diagnostic-events-fields-windows-11-22H2.md
         - name: Windows 11, version 21H2
           href: required-windows-11-diagnostic-events-and-fields.md
-        - name: Windows 10, versions 22H2, 21H2, 21H1, 20H2, and 2004
+        - name: Windows 10, versions 22H2 and 21H2
           href: required-windows-diagnostic-data-events-and-fields-2004.md
-        - name: Windows 10, versions 1909 and 1903
-          href: basic-level-windows-diagnostic-events-and-fields-1903.md
         - name: Windows 10, version 1809
           href: basic-level-windows-diagnostic-events-and-fields-1809.md
-        - name: Windows 10, version 1803
-          href: basic-level-windows-diagnostic-events-and-fields-1803.md
-        - name: Windows 10, version 1709
-          href: basic-level-windows-diagnostic-events-and-fields-1709.md
-        - name: Windows 10, version 1703
-          href: basic-level-windows-diagnostic-events-and-fields-1703.md
-    - name: Optional Windows diagnostic data events and fields
+    - name: Optional Windows diagnostic data
       items:
-        - name: Windows 10, version 1709 and later and Windows 11 optional diagnostic data
-          href: windows-diagnostic-data.md
-        - name: Windows 10, version 1703 optional diagnostic data
-          href: windows-diagnostic-data-1703.md
-    - name: Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy
-      href: enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+        - name: Optional diagnostic data for Windows 11 and Windows 10
+          href: optional-diagnostic-data.md
     - name: Manage Windows connected experiences
       items: 
         - name: Manage connections from Windows operating system components to Microsoft services
@@ -51,29 +37,7 @@
           href: manage-windows-11-endpoints.md
         - name: Connection endpoints for Windows 10, version 21H2
           href: manage-windows-21h2-endpoints.md
-        - name: Connection endpoints for Windows 10, version 21H1
-          href: manage-windows-21H1-endpoints.md
-        - name: Connection endpoints for Windows 10, version 20H2
-          href: manage-windows-20H2-endpoints.md
-        - name: Connection endpoints for Windows 10, version 2004
-          href: manage-windows-2004-endpoints.md
-        - name: Connection endpoints for Windows 10, version 1909
-          href: manage-windows-1909-endpoints.md
-        - name: Connection endpoints for Windows 10, version 1903
-          href: manage-windows-1903-endpoints.md
         - name: Connection endpoints for Windows 10, version 1809
           href: manage-windows-1809-endpoints.md
         - name: Connection endpoints for non-Enterprise editions of Windows 11
           href: windows-11-endpoints-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 21H1
-          href: windows-endpoints-21H1-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 20H2
-          href: windows-endpoints-20H2-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 2004
-          href: windows-endpoints-2004-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1909
-          href: windows-endpoints-1909-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1903
-          href: windows-endpoints-1903-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1809
-          href: windows-endpoints-1809-non-enterprise-editions.md
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
deleted file mode 100644
index 6716304894..0000000000
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
-description: Use this article to learn about the types of data that is collected the Full diagnostic data level.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 03/31/2017
-ms.topic: reference
----
-
-# Windows 10 diagnostic data for the Full diagnostic data level
-
-**Applies to:**
-- Windows 10, version 1703
-
-Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs.   This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](./basic-level-windows-diagnostic-events-and-fields-1709.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](./basic-level-windows-diagnostic-events-and-fields-1703.md).
-
-The data covered in this article is grouped into the following categories:
-
--   Common Data (diagnostic header information)
--   Device, Connectivity, and Configuration data
--   Product and Service Usage data
--   Product and Service Performance data
--   Software Setup and Inventory data
--   Browsing History data
--   Inking, Typing, and Speech Utterance data
-
-> [!NOTE]
-> The majority of diagnostic data falls into the first four categories.
-
-## Common data
-
-Most diagnostic events contain a header of common data:
-
-| Category Name | Examples |
-| - | - |
-| Common Data | Information that is added to most diagnostic events, if relevant and available:<br><ul><li>OS name, version, build, and [locale](/windows/win32/intl/locales-and-languages)</li><li>User ID - a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data</li><li>Xbox UserID</li><li>Environment from which the event was logged - Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.</li><li>The diagnostic event name, Event ID, [ETW](/windows/win32/etw/event-tracing-portal) opcode, version, schema signature, keywords, and flags</li><li>HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.</li><li>Various IDs that are used to correlate and sequence related events together.</li><li>Device ID. This ID is not the user provided device name, but an ID that is unique for that device.</li><li>Device class - Desktop, Server, or Mobile</li><li>Event collection time</li><li>Diagnostic level -  Basic or Full, Sample level - for sampled data, what sample level is this device opted into</li></ul> |
-
-## ​Device, Connectivity, and Configuration data
-
-This type of data includes details about the device, its configuration and connectivity capabilities, and status.
-
-| Category Name |  Examples |
-| - | - |
-| Device properties | Information about the OS and device hardware, such as:<br><ul><li> OS - version name, Edition</li><li>Installation type, subscription status, and genuine OS status</li><li>Processor architecture, speed, number of cores, manufacturer, and model</li><li>OEM details - manufacturer, model, and serial number<li>Device identifier and Xbox serial number</li><li>Firmware/BIOS - type, manufacturer, model, and version</li><li>Memory - total memory, video memory, speed, and how much memory is available after the device has reserved memory</li><li>Storage - total capacity and disk type</li><li>Battery - charge capacity and InstantOn support</li><li>Hardware chassis type, color, and form factor</li><li>Is this machine a virtual machine?</li></ul> |
-| Device capabilities | Information about the specific device capabilities such as:<br/><ul><li>Camera - whether the device has a front facing, a rear facing camera, or both.</li><li>Touch screen - does the device include a touch screen? If so, how many hardware touch points are supported?</li><li>Processor capabilities - CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2</li><li>Trusted Platform Module (TPM) – whether present and what version</li><li>Virtualization hardware - whether an IOMMU is present, SLAT support, is virtualization enabled in the firmware</li><li>Voice – whether voice interaction is supported and the number of active microphones</li><li>Number of displays, resolutions, DPI</li><li>Wireless capabilities</li><li>OEM or platform face detection</li><li>OEM or platform video stabilization and quality level set</li><li>Advanced Camera Capture mode (HDR vs. LowLight), OEM vs. platform implementation, HDR probability, and Low Light probability</li></ul> |
-| Device preferences and settings | Information about the device settings and user preferences such as:<br><ul><li>User Settings – System, Device, Network &amp; Internet, Personalization, Cortana, Apps, Accounts, Time &amp; Language, Gaming, Ease of Access, Privacy, Update &amp; Security</li><li>User-provided device name</li><li>Whether device is domain-joined, or cloud-domain joined (that is, part of a company-managed network)</li><li>Hashed representation of the domain name</li><li>MDM (mobile device management) enrollment settings and status</li><li>BitLocker, Secure Boot, encryption settings, and status</li><li>Windows Update settings and status</li><li>Developer Unlock settings and status</li><li>Default app choices</li><li>Default browser choice</li><li>Default language settings for app, input, keyboard, speech, and display</li><li>App store update settings</li><li>Enterprise OrganizationID, Commercial ID</li></ul> |
-| Device peripherals | Information about the device peripherals such as:<br><ul><li>Peripheral name, device model, class, manufacturer, and description</li><li>Peripheral device state, install state, and checksum</li><li>Driver name, package name, version, and manufacturer</li><li>HWID - A hardware vendor defined ID to match a device to a driver [INF file](/windows-hardware/drivers/install/hardware-ids)</li><li>Driver state, problem code, and checksum</li><li>Whether driver is kernel mode, signed, and image size</li></ul> |
-| Device network info | Information about the device network configuration such as:<br><ul><li>Network system capabilities</li><li>Local or Internet connectivity status</li><li>Proxy, gateway, DHCP, DNS details, and addresses</li><li>Paid or free network</li><li>Wireless driver is emulated or not</li><li>Access point mode capable</li><li>Access point manufacturer, model, and MAC address</li><li>WDI Version</li><li>Name of networking driver service</li><li>Wi-Fi Direct details</li><li>Wi-Fi device hardware ID and manufacturer</li><li>Wi-Fi scan attempt counts and item counts</li><li>Mac randomization is supported/enabled or not</li><li>Number of spatial streams and channel frequencies supported</li><li>Manual or Auto Connect enabled</li><li>Time and result of each connection attempt</li><li>Airplane mode status and attempts</li><li>Interface description provided by the manufacturer</li><li>Data transfer rates</li><li>Cipher algorithm</li><li>Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)</li><li>Mobile operator and service provider name</li><li>Available SSIDs and BSSIDs</li><li>IP Address type - IPv4 or IPv6</li><li>Signal Quality percentage and changes</li><li>Hotspot presence detection and success rate</li><li>TCP connection performance</li><li>Miracast device names</li><li>Hashed IP address</li></ul>
-
-## Product and Service Usage data
-
-This type of data includes details about the usage of the device, operating system, applications, and services. 
-
-| Category Name | Examples |
-| - | - |
-| App usage | Information about Windows and application usage such as:<ul><li>OS component and app feature usage</li><li>User navigation and interaction with app and Windows features. This information could include user input, such as the name of a new alarm set, user menu choices, or user favorites.</li><li>Time of and count of app/component launches, duration of use, session GUID, and process ID</li><li>App time in various states – running foreground or background, sleeping, or receiving active user interaction</li><li>User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller</li><li>Cortana launch entry point/reason</li><li>Notification delivery requests and status</li><li>Apps used to edit images and videos</li><li>SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line</li><li>Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line</li><li>Emergency alerts are received or displayed statistics</li><li>Content searches within an app</li><li>Reading activity - bookmarking used, print used, layout changed</li></ul>|
-| App or product state | Information about Windows and application state such as:<ul><li>Start Menu and Taskbar pins</li><li>Online/Offline status</li><li>App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.</li><li>Personalization impressions delivered</li><li>Whether the user clicked or hovered on UI controls or hotspots</li><li>User feedback Like or Dislike or rating was provided</li><li>Caret location or position within documents and media files - how much of a book has been read in a single session or how much of a song has been listened to.</li></ul>|
-| Login properties | <ul><li>Login success or failure</li><li>Login sessions and state</li></ul>|
-
-
-## Product and Service Performance data
-
-This type of data includes details about the health of the device, operating system, apps, and drivers.
-
-| Category Name | Description and Examples |
-| - | - |
-|Device health and crash data | Information about the device and software health such as:<br><ul><li>Error codes and error messages, name and ID of the app, and process reporting the error</li><li>DLL library predicted to be the source of the error - xyz.dll</li><li>System-generated files - app or product logs and trace files to help diagnose a crash or hang</li><li>System settings such as registry keys</li><li>User-generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang</li><li>Details and counts of abnormal shutdowns, hangs, and crashes</li><li>Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data</li><li>Crash and Hang dumps<ul><li>The recorded state of the working memory at the point of the crash.</li><li>Memory in use by the kernel at the point of the crash.</li><li>Memory in use by the application at the point of the crash.</li><li>All the physical memory used by Windows at the point of the crash.</li><li>Class and function name within the module that failed.</li></li></ul> |
-|Device performance and reliability data | Information about the device and software performance such as:<br><ul><li>User Interface interaction durations - Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.</li><li>Device on/off performance - Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).</li><li>In-app responsiveness - time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.</li><li>User input responsiveness – onscreen keyboard invocation times for different languages, time to show autocomplete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.</li><li>UI and media performance and glitches/smoothness - video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance</li><li>Disk footprint - Free disk space, out of memory conditions, and disk score.</li><li>Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states</li><li>Background task performance - download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results</li><li>Peripheral and devices - USB device connection times, time to connect to a wireless display, printing times, network availability, and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP, and so on), smart card authentication times, automatic brightness environmental response times</li><li>Device setup - first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.</li><li>Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, autobrightness details, time device is plugged into AC vs. battery, battery state transitions</li><li>Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.</li><li>Diagnostic heartbeat – regular signal to validate the health of the diagnostics system</li></ul>|
-|Movies|Information about movie consumption functionality on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>Video Width, height, color pallet, encoding (compression) type, and encryption type</li><li>Instructions for how to stream content for the user - the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth</li><li>URL for a specific two-second chunk of content if there is an error</li><li>Full screen viewing mode details|
-|Music & TV|Information about music and TV consumption on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service</li><li>Content type (video, audio, surround audio)</li><li>Local media library collection statistics - number of purchased tracks, number of playlists</li><li>Region mismatch - User OS Region, and Xbox Live region</li></ul>|
-|Reading|Information about reading consumption functionality on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>App accessing content and status and options used to open a Microsoft Store book</li><li>Language of the book</li><li>Time spent reading content</li><li>Content type and size details</li></ul>|
-|Photos App|Information about photos usage on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>File source data - local, SD card, network device, and OneDrive</li><li>Image &amp; video resolution, video length, file sizes types and encoding</li><li>Collection view or full screen viewer use and duration of view</li></ul></ul>|
-|On-device file query | Information about local search activity on the device such as: <ul><li>Type of query issued and index type (ConstraintIndex, SystemIndex)</li><li>Number of items requested and retrieved</li><li>File extension of search result user interacted with</li><li>Launched item kind, file extension, index of origin, and the App ID of the opening app.</li><li>Name of process calling the indexer and time to service the query.</li><li>A hash of the search scope (file, Outlook, OneNote, IE history) </li><li>The state of the indices (fully optimized, partially optimized, being built)</li></ul> |
-|Purchasing| Information about purchases made on the device such as: <br><ul><li>Product ID, edition ID, and product URI</li><li>Offer details - price</li><li>Order requested date/time</li><li>Store client type - web or native client</li><li>Purchase quantity and price</li><li>Payment type - credit card type and PayPal</li></ul> |
-|Entitlements | Information about entitlements on the device such as:<br><ul><li>Service subscription status and errors</li><li>DRM and license rights details - Groove subscription or OS volume license</li><li>Entitlement ID, lease ID, and package ID of the install package</li><li>Entitlement revocation</li><li>License type (trial, offline versus online) and duration</li><li>License usage session</li></ul> |
-
-## Software Setup and Inventory data
-
-This type of data includes software installation and update information on the device.
-
-| Category Name | Data Examples |
-| - | - |
-| Installed Applications and Install History | Information about apps, drivers, update packages, or OS components installed on the device such as:<br><ul><li>App, driver, update package, or component’s Name, ID, or Package Family Name</li><li>Product, SKU, availability, catalog, content, and Bundle IDs</li><li>OS component, app or driver publisher, language, version and type (Win32 or UWP)</li><li>Install date, method, and install directory, count of install attempts</li><li>MSI package code and product code</li><li>Original OS version at install time</li><li>User or administrator or mandatory installation/update</li><li>Installation type – clean install, repair, restore, OEM, retail, upgrade, and update</li></ul> |
-| Device update information | Information about Windows Update such as:<br><ul><li>Update Readiness analysis of device hardware, OS components, apps, and drivers (progress, status, and results)</li><li>Number of applicable updates, importance, type</li><li>Update download size and source - CDN or LAN peers</li><li>Delay upgrade status and configuration</li><li>OS uninstall and rollback status and count</li><li>Windows Update server and service URL</li><li>Windows Update machine ID</li><li>Windows Insider build details</li></ul>
-
-## Browsing History data
-
-**Microsoft browser data**: This type of data includes details about web browsing, the address bar, and search box performance on the device in the Microsoft browsers, such as:
-
-- Text typed in address bar and search box
-- Text selected for Ask Cortana search
-- Service response time
-- Autocompleted text if there was an autocomplete
-- Navigation suggestions provided based on local history and favorites
-- Browser ID
-- URLs (which may include search terms)
-- Page title
-
-## Inking Typing and Speech Utterance data
-
-**Voice, inking, and typing**: This type of data gathers details about the voice, inking, and typing input features on the device, such as:
-
-- Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
-- Pen gestures (click, double-click, pan, zoom, rotate)
-- Palm Touch x,y coordinates
-- Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
-- Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
-- Text input from Windows on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
-- Text of speech recognition results - result codes and recognized text
-- Language and model of the recognizer, System Speech language
-- App ID using speech features
-- Whether user is known to be a child
-- Confidence and Success/Failure of speech recognition
diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
deleted file mode 100644
index 0cf4435b8a..0000000000
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ /dev/null
@@ -1,157 +0,0 @@
----
-title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 06/29/2018
-ms.topic: reference
----
-# Windows 10, version 1809, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 1809
-- Windows 10 Professional, version 1809
-- Windows 10 Education, version 1809
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809.
-
-We used the following methodology to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5.  The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using a IPV4 network.  Therefore no IPV6 traffic is reported here. 
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|\*.aria.microsoft.com\*	| HTTPS |	Office Telemetry
-|\*.dl.delivery.mp.microsoft.com\*	| HTTP |	Enables connections to Windows Update.
-|\*.download.windowsupdate.com\*	| HTTP |	Used to download operating system patches and updates.
-|\*.g.akamai.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use.
-|\*.msn.com\*	|TLSv1.2/HTTPS |	Windows Spotlight related traffic
-|\*.Skype.com	| HTTP/HTTPS |	Skype related traffic
-|\*.smartscreen.microsoft.com	| HTTPS |	Windows Defender Smartscreen related traffic
-|\*.telecommand.telemetry.microsoft.com\*	| HTTPS |	Used by Windows Error Reporting.
-|\*cdn.onenote.net*	| HTTP |	OneNote related traffic
-|\*displaycatalog.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
-|\*geo-prod.do.dsp.mp.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|\*hwcdn.net*	| HTTP |	Used by the Highwinds Content Delivery Network to perform Windows updates.
-|\*img-prod-cms-rt-microsoft-com.akamaized.net*	| HTTPS |	Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
-|\*maps.windows.com\*	| HTTPS |	Related to Maps application.
-|\*msedge.net*	| HTTPS |	Used by OfficeHub to get the metadata of Office apps.
-|\*nexusrules.officeapps.live.com\*	| HTTPS |	Office Telemetry
-|\*photos.microsoft.com\*	| HTTPS |	Photos App related traffic
-|\*prod.do.dsp.mp.microsoft.com\*	|TLSv1.2/HTTPS |	Used for Windows Update downloads of apps and OS updates.
-|\*wac.phicdn.net*	| HTTP |	Windows Update related traffic
-|\*windowsupdate.com\*	| HTTP |	Windows Update related traffic
-|\*wns.windows.com\*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
-|\*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
-|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
-|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
-|fe2.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fe3.\*.mp.microsoft.com.\* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fs.microsoft.com	| |	Font Streaming (in ENT traffic)
-|g.live.com\*	| HTTPS |	Used by OneDrive
-|iriscoremetadataprod.blob.core.windows.net	| HTTPS |	Windows Telemetry
-|mscrl.microsoft.com	| |	Certificate Revocation List related traffic.
-|ocsp.digicert.com\*	| HTTP |	CRL and OCSP checks to the issuing certificate authorities.
-|officeclient.microsoft.com	| HTTPS |	Office related traffic.
-|oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates.
-|purchase.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
-|query.prod.cms.rt.microsoft.com\*	| HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris.api.iris.microsoft.com\*	|TLSv1.2/HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris-prod-atm.trafficmanager.net	| HTTPS |	Azure traffic manager
-|settings.data.microsoft.com\*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|settings-win.data.microsoft.com\*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|sls.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|store*.dsx.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
-|storecatalogrevocation.storequality.microsoft.com\*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store.
-|store-images.s-microsoft.com\*	| HTTP |	Used to get images that are used for Microsoft Store suggestions.
-|tile-service.weather.microsoft.com\*	| HTTP |	Used to download updates to the Weather app Live Tile.
-|tsfe.trafficshaping.dsp.mp.microsoft.com\*	|TLSv1.2 |	Used for content regulation.
-|v10.events.data.microsoft.com	| HTTPS |	Diagnostic Data
-|wdcp.microsoft.*	|TLSv1.2 |	Used for Windows Defender when Cloud-based Protection is enabled.
-|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com	| HTTPS |	Windows Defender related traffic.
-|www.bing.com*	| HTTP |	Used for updates for Cortana, apps, and Live Tiles.
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| \*.tlu.dl.delivery.mp.microsoft.com/\* | HTTP | Enables connections to Windows Update. |
-| *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
-| arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
-| ctldl.windowsupdate.com/msdownload/update/* | HTTP |	Used to download certificates that are publicly known to be fraudulent. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS) |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
-| location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
-| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
-| ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| vip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic |
-
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.b.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
-| *.tlu.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update. |
-| *.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
-| *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
-| au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
-| cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
-| config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
-| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
-| cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| displaycatalog.mp.microsoft.com/*	| HTTPS |	Used to communicate with Microsoft Store. | 
-| download.windowsupdate.com/*	| HTTPS |	Enables connections to Windows Update. |
-| fe2.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.mp.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| g.live.com/odclientsettings/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
-| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
-| licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
-| maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
-| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center's shared infrastructure. |
-| ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
-| oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
-| settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
-| sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |
-| storecatalogrevocation.storequality.microsoft.com/*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
-| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| vip5.afdorigin-prod-ch02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
-| watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
-| bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |
diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
deleted file mode 100644
index 465c0dd961..0000000000
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ /dev/null
@@ -1,267 +0,0 @@
----
-title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 06/29/2018
-ms.topic: reference
----
-
-# Windows 10, version 1903, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 1903
-- Windows 10 Professional, version 1903
-- Windows 10 Education, version 1903
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1903.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| Destination | Protocol | Description |
-| ----------- | -------- | ----------- |
-| \*.aria.microsoft.com\* | HTTPS | Microsoft Office Telemetry
-| \*.b.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-| \*.c-msedge.net | HTTP | Microsoft Office
-| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
-| \*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates
-| \*.g.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-| \*.login.msa.\*.net | HTTPS | Microsoft Account related
-| \*.msn.com\* | TLSv1.2/HTTPS | Windows Spotlight
-| \*.skype.com | HTTP/HTTPS | Skype
-| \*.smartscreen.microsoft.com | HTTPS | Windows Defender Smartscreen
-| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-| \*cdn.onenote.net\* | HTTP | OneNote
-| \*displaycatalog.\*mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-| \*geo-prod.do.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
-| \*hwcdn.net\* | HTTP | Highwinds Content Delivery Network / Windows updates
-| \*img-prod-cms-rt-microsoft-com\* | HTTPS | Microsoft Store or Inbox MSN Apps image download
-| \*licensing.\*mp.microsoft.com\* | HTTPS | Licensing
-| \*maps.windows.com\* | HTTPS | Related to Maps application
-| \*msedge.net\* | HTTPS | Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps
-| \*nexusrules.officeapps.live.com\* | HTTPS | Microsoft Office Telemetry
-| \*photos.microsoft.com\* | HTTPS | Photos App
-| \*prod.do.dsp.mp.microsoft.com* | TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates
-| \*purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| \*settings.data.microsoft.com.akadns.net | HTTPS | Used for Windows apps to dynamically update their configuration
-| \*wac.phicdn.net\* | HTTP | Windows Update
-| \*windowsupdate.com\* | HTTP | Windows Update
-| \*wns.\*windows.com\* | TLSv1.2/HTTPS | Used for the Windows Push Notification Services (WNS)
-| \*wpc.v0cdn.net\* | HTTP | Windows Telemetry
-| arc.msn.com | HTTPS | Spotlight
-| auth.gfx.ms\* | HTTPS | MSA related
-| cdn.onenote.net | HTTPS | OneNote Live Tile
-| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
-| e-0009.e-msedge.net | HTTPS | Microsoft Office
-| e10198.b.akamaiedge.net | HTTPS | Maps application
-| evoke-windowsservices-tas.msedge\* | HTTPS | Photos app
-| fe2.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-| fe3.\*.mp.microsoft.com.\* | TLSv1.2/HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
-| g.live.com\* | HTTPS | OneDrive
-| go.microsoft.com | HTTP | Windows Defender
-| iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
-| login.live.com | HTTPS | Device Authentication
-| msagfx.live.com | HTTP | OneDrive
-| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| officeclient.microsoft.com | HTTPS | Microsoft Office
-| oneclient.sfx.ms\* | HTTPS | Used by OneDrive for Business to download and verify app updates
-| onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
-| ow1.res.office365.com | HTTP | Microsoft Office
-| purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-| query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata
-| ris.api.iris.microsoft.com\* | TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata
-| ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
-| s-0001.s-msedge.net | HTTPS | Microsoft Office
-| self.events.data.microsoft.com | HTTPS | Microsoft Office
-| settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
-| settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
-| share.microsoft.com | HTTPS | Microsoft Store
-| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Store
-| sls.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
-| slscr.update.microsoft.com\* | HTTPS | Enables connections to Windows Update
-| store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-| storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
-| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
-| store-images.\*microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions
-| storesdk.dsx.mp.microsoft.com | HTTP | Microsoft Store
-| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
-| time.windows.com | HTTP | Microsoft Windows Time related
-| tsfe.trafficshaping.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Used for content regulation
-| v10.events.data.microsoft.com | HTTPS | Diagnostic Data
-| watson.telemetry.microsoft.com | HTTPS | Diagnostic Data
-| wdcp.microsoft.\* | TLSv1.2, HTTPS | Used for Windows Defender when Cloud-based Protection is enabled
-| wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender
-| wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| `www.bing.com`* | HTTP | Used for updates for Cortana, apps, and Live Tiles
-| `www.msftconnecttest.com` | HTTP | Network Connection (NCSI)
-| `www.office.com` | HTTPS | Microsoft Office
-| adl.windows.com | HTTP | Used for compatibility database updates for Windows
-| windows.policies.live.net | HTTP | OneDrive
-
-
-## Windows 10 Pro
-
-| Destination | Protocol | Description |
-| ----------- | -------- | ----------- |
-| \*.cloudapp.azure.com | HTTPS | Azure
-| \*.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
-| \*.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
-| \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
-| \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.windowsupdate.com\* | HTTP | Enables connections to Windows Update
-| \*.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS)
-| \*dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update
-| \*c-msedge.net | HTTP | Office
-| a1158.g.akamai.net | HTTP | Maps application
-| arc.msn.com\* | HTTP / HTTPS | Used to retrieve Windows Spotlight metadata
-| blob.mwh01prdstr06a.store.core.windows.net | HTTPS | Microsoft Store
-| browser.pipe.aria.microsoft.com | HTTPS | Microsoft Office
-| bubblewitch3mobile.king.com | HTTPS | Bubble Witch application
-| candycrush.king.com | HTTPS | Candy Crush application
-| cdn.onenote.net | HTTP | Microsoft OneNote
-| cds.p9u4n2q3.hwcdn.net | HTTP | Highwinds Content Delivery Network traffic for Windows updates
-| client.wns.windows.com | HTTPS | Windows Notification System
-| co4.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Windows Error Reporting
-| config.edge.skype.com | HTTPS | Microsoft Skype
-| cs11.wpc.v0cdn.net | HTTP | Windows Telemetry
-| cs9.wac.phicdn.net | HTTP | Windows Update
-| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| cy2.purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| dmd.metaservices.microsoft.com.akadns.net | HTTP | Device Authentication
-| e-0009.e-msedge.net | HTTPS | Microsoft Office
-| e10198.b.akamaiedge.net | HTTPS | Maps application
-| fe3.update.microsoft.com | HTTPS | Windows Update
-| g.live.com | HTTPS | Microsoft OneDrive
-| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
-| geo-prod.do.dsp.mp.microsoft.com | HTTPS | Windows Update
-| go.microsoft.com | HTTP | Windows Defender
-| iecvlist.microsoft.com | HTTPS | Microsoft Edge
-| img-prod-cms-rt-microsoft-com.akamaized.net | HTTP / HTTPS | Microsoft Store
-| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
-| licensing.mp.microsoft.com | HTTP | Licensing
-| location-inference-westus.cloudapp.net | HTTPS | Used for location data
-| login.live.com | HTTP | Device Authentication
-| maps.windows.com | HTTP | Maps application
-| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
-| msagfx.live.com | HTTP | OneDrive
-| nav.smartscreen.microsoft.com | HTTPS | Windows Defender
-| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| oneclient.sfx.ms | HTTP | OneDrive
-| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata
-| ris-prod-atm.trafficmanager.net | HTTPS | Azure
-| s2s.config.skype.com | HTTP | Microsoft Skype
-| settings-win.data.microsoft.com | HTTPS | Application settings
-| share.microsoft.com | HTTPS | Microsoft Store
-| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Skype
-| slscr.update.microsoft.com | HTTPS | Windows Update
-| storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
-| store-images.microsoft.com | HTTPS | Microsoft Store
-| tile-service.weather.microsoft.com/\* | HTTP | Used to download updates to the Weather app Live Tile
-| time.windows.com | HTTP | Windows time
-| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation
-| v10.events.data.microsoft.com\* | HTTPS | Microsoft Office
-| vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic
-| watson.telemetry.microsoft.com | HTTPS | Telemetry
-| wdcp.microsoft.com | HTTPS | Windows Defender
-| wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| `www.bing.com` | HTTPS | Cortana and Search
-| `www.microsoft.com` | HTTP | Diagnostic
-| `www.msftconnecttest.com` | HTTP | Network connection
-| `www.office.com` | HTTPS | Microsoft Office
-
-
-
-## Windows 10 Education
-
-| Destination | Protocol | Description |
-| ----------- | -------- | ----------- |
-| \*.b.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
-| \*.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps
-| \*.dl.delivery.mp.microsoft.com\* | HTTP | Windows Update
-| \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.g.akamaiedge.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-| \*.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*.settings.data.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*.skype.com\* | HTTPS | Used to retrieve Skype configuration values
-| \*.smartscreen\*.microsoft.com | HTTPS | Windows Defender
-| \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-| \*.wac.phicdn.net | HTTP | Windows Update
-| \*.windowsupdate.com\* | HTTP | Windows Update
-| \*.wns.windows.com | HTTPS | Windows Notifications Service
-| \*.wpc.\*.net | HTTP | Diagnostic Data
-| \*displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*dsp.mp.microsoft.com | HTTPS | Windows Update
-| a1158.g.akamai.net | HTTP | Maps
-| a122.dscg3.akamai.net | HTTP | Maps
-| a767.dscg3.akamai.net | HTTP | Maps
-| au.download.windowsupdate.com\* | HTTP | Windows Update
-| bing.com/\* | HTTPS | Used for updates for Cortana, apps, and Live Tiles
-| blob.dz5prdstr01a.store.core.windows.net | HTTPS | Microsoft Store
-| browser.pipe.aria.microsoft.com | HTTP | Used by OfficeHub to get the metadata of Office apps
-| cdn.onenote.net/livetile/\* | HTTPS | Used for OneNote Live Tile
-| cds.p9u4n2q3.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates
-| client-office365-tas.msedge.net/\* | HTTPS | Microsoft 365 admin center and Office in a browser
-| ctldl.windowsupdate.com\* | HTTP | Used to download certificates that are publicly known to be fraudulent
-| displaycatalog.mp.microsoft.com/\* | HTTPS | Microsoft Store
-| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
-| download.windowsupdate.com\* | HTTPS | Windows Update
-| evoke-windowsservices-tas.msedge.net | HTTPS | Photo app
-| fe2.update.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-| fe3.delivery.mp.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-| g.live.com\* | HTTPS | Used by OneDrive for Business to download and verify app updates
-| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
-| go.microsoft.com | HTTP | Windows Defender
-| iecvlist.microsoft.com | HTTPS | Microsoft Edge browser
-| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
-| licensing.mp.microsoft.com\* | HTTPS | Used for online activation and some app licensing
-| login.live.com | HTTPS | Device Authentication
-| maps.windows.com/windows-app-web-link | HTTPS | Maps application
-| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
-| msagfx.live.com | HTTPS | OneDrive
-| ocos-office365-s2s.msedge.net/\* | HTTPS | Used to connect to the Microsoft 365 admin center's shared infrastructure
-| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| oneclient.sfx.ms/\* | HTTPS | Used by OneDrive for Business to download and verify app updates
-| onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
-| settings-win.data.microsoft.com/settings/\* | HTTPS | Used as a way for apps to dynamically update their configuration
-| share.microsoft.com | HTTPS | Microsoft Store
-| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Skype
-| sls.update.microsoft.com\* | HTTPS | Windows Update
-| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
-| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
-| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Windows Update
-| v10.events.data.microsoft.com\* | HTTPS | Diagnostic Data
-| vip5.afdorigin-prod-ch02.afdogw.com | HTTPS | Used to serve Office 365 experimentation traffic
-| watson.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-| wdcp.microsoft.com | HTTPS | Windows Defender
-| wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com | HTTPS | Azure
-| wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| `www.bing.com` | HTTPS | Cortana and Search
-| `www.microsoft.com` | HTTP | Diagnostic Data
-| `www.microsoft.com/pkiops/certs/`* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| `www.msftconnecttest.com` | HTTP | Network Connection
-| `www.office.com` | HTTPS | Microsoft Office
diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
deleted file mode 100644
index 90d651940c..0000000000
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ /dev/null
@@ -1,205 +0,0 @@
----
-title: Windows 10, version 1909, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 07/20/2020
-ms.topic: reference
----
-# Windows 10, version 1909, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 1909
-- Windows 10 Professional, version 1909
-- Windows 10 Education, version 1909
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1909.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|arc.msn.com|HTTP/TLS v1.2|Windows Spotlight  
-|api.asm.skype.com|TLS v1.2|Used to retrieve Skype configuration values
-|browser.pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ctldl.windowsupdate.com/*|HTTP|Certificate Trust List
-|client.wns.windows.com|HTTP|Used for the Windows Push Notification Service(WNS)
-|config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
-|dmd.metaservices.microsoft.com|HTTP|Device metadata
-|config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|*.tlu.dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|\*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Used to communicate with Microsoft Store
-|evoke-windowsservices-tas.msedge.net|HTTP/TLS v1.2|Used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser
-|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Enables connections to Windows Update, Microsoft Update, and the online services of the Store
-|fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Used to download operating system patches, updates, and apps from Microsoft Store
-|go.microsoft.com|HTTP|Windows Defender and/or Microsoft forward link redirection service (FWLink)
-|g.live.com|HTTP|OneDrive
-|checkappexec.microsoft.com|HTTPS|Used for Windows Defender Smartscreen reporting and notifications
-|*.prod.do.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|*.au.download.windowsupdate.com|HTTP|Windows Update
-|download.windowsupdate.com|HTTP|Windows Update
-|inference.location.live.net|TLS v1.2|Used for Location Data
-|iecvlist.microsoft.com|HTTP|This endpoint is related to Microsoft Edge
-|login.live.com|HTTPS/TLS v1.2|Device Authentication
-|logincdn.msauth.net|HTTPS|OneDrive
-|licensing.mp.microsoft.com|HTTP/TLS v1.2|Licensing
-|maps.windows.com|TLS v1.2|Used to check for updates to maps that have been downloaded for offline use
-|mobile.pipe.aria.microsoft.com|HTTP|Office Telemetry
-|nav.smartscreen.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
-|outlook.office365.com|HTTP|Used to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser
-|ocsp.digicert.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
-|manage.devcenter.microsoft.com|HTTP/TLS v1.2|Used to get Microsoft Store analytics
-|ris.api.iris.microsoft.com|HTTPS|Used to retrieve Windows Spotlight metadata that describes content
-|settings-win.data.microsoft.com|HTTPS/TLS v1.2|Used for Windows apps to dynamically update their configuration
-|smartscreen-prod.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
-|*.blob.core.windows.net|HTTP/TLS v1.2|Windows Telemetry
-|storage.live.com|HTTP/TLS v1.2|OneDrive
-|skydrivesync.policies.live.net|TLS v1.2|OneDrive
-|dm2302.settings.live.net|HTTP|OneDrive
-|slscr.update.microsoft.com|HTTPS/TLS V1.2|Windows Update
-|tile-service.weather.microsoft.com|HTTP|Used for the Weather app
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP|This endpoint is used for content regulation
-|watson.telemetry.microsoft.com*|HTTPS/TLS v1.2|Diagnostic Data
-|v10.events.data.microsoft.com/onecollector/1.0/|HTTPS|Microsoft Office
-|v10.events.data.microsoft.com|HTTPS/TLS v1.2|Used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service
-|www.bing.com|HTTPS/TLS v1.2|Cortana and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection Status Indicator (NCSI)
-|wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
-|activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
-|adl.windows.com|HTTP|Used for compatibility database updates for Windows
-|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
-|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.prod.do.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|api.onedrive.com|HTTP|OneDrive
-|smartscreen-prod.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
-|nav.smartscreen.microsoft.com|HTTPS/TLS v1.2|Windows Defender
-|*.update.microsoft.com|HTTP|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store  
-|browser.pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*.wns.windows.com|TLS v1.2|Used for the Windows Push Notification Services (WNS)
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|c-ring.msedge.net|TLS v1.2|Cortana and Live Tiles
-|a-ring.msedge.net|TLS v1.2|Cortana and Live Tiles
-|*storecatalogrevocation.storequality.microsoft.com|HTTP/TLS v1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|HTTP/TLS v1.2|Windows Spotlight
-|*.blob.core.windows.net|HTTP/TLS v1.2|Windows Telemetry
-|cdn.onenote.net|HTTPS/TLS v1.2|OneNote Live Tile
-|checkappexec.microsoft.com|HTTPS|Used for Windows Defender SmartScreen reporting and notifications
-|config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
-|config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
-|ctldl.windowsupdate.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Microsoft Store
-|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|evoke-windowsservices-tas.msedge.net|HTTPS/TLS v1.2|Used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser
-|fp.msedge.net|HTTPS/TLS v1.2|Cortana and Live Tiles
-|fp-vp.azureedge.net|TLS v1.2|Cortana and Live Tiles
-|g.live.com|TLS v1.2|OneDrive
-|go.microsoft.com|HTTP|Windows Defender and/or Microsoft forward link redirection service (FWLink)
-|iecvlist.microsoft.com|HTTP|Microsoft Edge
-|inference.location.live.net|TLS v1.2|Used for Location Data
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
-|licensing.mp.microsoft.com*|HTTP/TLS v1.2|Licensing
-|login.live.com|HTTPS/TLS v1.2|Device Authentication
-|logincdn.msauth.net|HTTPS|Used for Microsoft accounts to sign in
-|manage.devcenter.microsoft.com|HTTP/TLS v1.2|Microsoft Store analytics
-|maps.windows.com|TLS v1.2|Related to Maps application
-|ocsp.digicert.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|ocsp.msocsp.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|mobile.pipe.aria.microsoft.com|HTTP|Office Telemetry
-|ris.api.iris.microsoft.com|TLS v1.2|Windows Spotlight
-|settings-win.data.microsoft.com|HTTPS/TLS v1.2|Used for Windows apps to dynamically update their configuration
-|spo-ring.msedge.net|TLSv1.2|Cortana and Live Tiles
-|telecommand.telemetry.microsoft.com|TLS v1.2|Used by Windows Error Reporting 
-|tile-service.weather.microsoft.com|HTTP|Used for the Weather app
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation
-|v10.events.data.microsoft.com/onecollector/1.0/|HTTPS/TLS v1.2|Diagnostic Data
-|v10.events.data.microsoft.com|HTTPS/TLS v1.2|Used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service
-|watson.telemetry.microsoft.com*|HTTPS/TLS v1.2|Used by Windows Error Reporting
-|wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|HTTPS/TLS v1.2|Cortana and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection Status Indicator (NCSI)
-|outlook.office365.com|HTTP|Microsoft Office
-|storage.live.com|HTTP/TLS v1.2|OneDrive
-|skydrivesync.policies.live.net|TLS v1.2|OneDrive
-|windows.policies.live.net|HTTP|OneDrive
-|activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
-|adl.windows.com|HTTP|Used for compatibility database updates for Windows
-|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
-|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|arc.msn.com|HTTPS/TLS v1.2|Windows Spotlight
-|*.dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|client.wns.windows.com|TLS v1.2|Used for the Windows Push Notification Services (WNS)
-|*storecatalogrevocation.storequality.microsoft.com|TLS v1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List
-|dmd.metaservices.microsoft.com|HTTP|Device metadata
-|Inference.location.live.net|TLS v1.2|Location
-|oneclient.sfx.ms|HTTPS|OneDrive
-|storage.live.com|HTTP/TLS v1.2|OneDrive
-|skydrivesync.policies.live.net|TLS v1.2|OneDrive
-|slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|officehomeblobs.blob.core.windows.net|HTTP|Windows Telemetry
-|\*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Microsoft Store
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
-|config.teams.microsoft.com|HTTPS|Teams
-|api.asm.skype.com|TLS v1.2|Used to retrieve Skype configuration values
-|config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
-|logincdn.msauth.net|HTTPS|OneDrive
-|iecvlist.microsoft.com|HTTP|Microsoft Edge
-|download.windowsupdate.com|HTTP|Windows Update
-|checkappexec.microsoft.com|HTTPS|Windows Defender
-|evoke-windowsservices-tas.msedge.net|HTTPS/TLS v1.2|Photos app
-|g.live.com|TLS v1.2|OneDrive
-|go.microsoft.com|HTTP|Windows Defender
-|licensing.mp.microsoft.com|HTTP/TLS v1.2|Licensing
-|login.live.com|HTTPS/TLS v1.2|Device Authentication
-|manage.devcenter.microsoft.com|TLS v1.2|Microsoft Store analytics
-|ocsp.digicert.com|HTTP|CRL and OCSP checks to the issuing certificate authorities
-|ris.api.iris.microsoft.com|TLS v1.2|Windows spotlight
-|telecommand.telemetry.microsoft.com|TLS v1.2|Used by Windows Error Reporting  
-|tile-service.weather.microsoft.com|HTTP|Used to download updates to the Weather app Live Tile
-|v10.events.data.microsoft.com|HTTPS/TLS v1.2|Diagnostic Data
-|V10.events.data.microsoft.com/onecollector/1.0/|HTTPS|Diagnostic Data
-|Watson.telemetry.microsoft.com/telemetry.request|HTTPS|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|outlook.office365.com|HTTP|Microsoft Office
-|www.bing.com|TLS v1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|adl.windows.com|HTTP|Used for compatibility database updates for Windows
diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
deleted file mode 100644
index bfe4a21c48..0000000000
--- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
+++ /dev/null
@@ -1,196 +0,0 @@
----
-title: Windows 10, version 2004, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 05/11/2020
-ms.topic: reference
----
-# Windows 10, version 2004, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 2004
-- Windows 10 Professional, version 2004
-- Windows 10 Education, version 2004
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 2004.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here. 
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer you may have different results.
-
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*.prod.do.dsp.mp.microsoft.com|TLSv1.2|Windows Update 
-|*.smartscreen.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.smartscreen-prod.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.update.microsoft.com|TLSv1.2|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft 
-|*storecatalogrevocation.storequality.microsoft.com|TLSv1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|TLSv1.2|Windows Spotlight 
-|cdn.onenote.net|HTTPS|OneNote
-|config.edge.skype.com|HTTPS|Skype 
-|config.teams.microsoft.com|HTTPS|Skype 
-|crl.microsoft.com|HTTPS|Skype 
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List 
-|da.xboxservices.com|HTTPS|Microsoft Edge  
-|*displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
-|dmd.metaservices.microsoft.com|HTTP|Device Authentication 
-|evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
-|fs.microsoft.com|TLSv1.2|Maps application
-|g.live.com|TLSv1.2|OneDrive 
-|go.microsoft.com|HTTPS|Windows Defender
-|img-prod-cms-rt-microsoft-com|TLSv1.2|This endpoint is related to Microsoft Edge 
-|licensing.mp.microsoft.com|HTTPS|Licensing 
-|login.live.com|TLSv1.2|Device Authentication
-|logincdn.msauth.net|TLSv1.2|Device Authentication
-|manage.devcenter.microsoft.com|TLSv1.2|Microsoft Store analytics  
-|maps.windows.com|TLSv1.2|Related to Maps application 
-|ocsp.digicert.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ris.api.iris.microsoft.com|TLSv1.2|Windows Telemetry
-|settings-win.data.microsoft.com|TLSv1.2|Used for Windows apps to dynamically update their configuration
-|storesdk.dsx.mp.microsoft.com|HTTPS|Used to communicate with Microsoft Store
-|telecommand.telemetry.microsoft.com|TLSv1.2|Used by Windows Error Reporting
-|tile-service.weather.microsoft.com|HTTPS|Used to download updates to the Weather app Live Tile
-|tsfe.trafficshaping.dsp.mp.microsoft.com|TLSv1.2|Used for content regulation
-|v10.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|v20.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
-
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*.prod.do.dsp.mp.microsoft.com|TLSv1.2|Windows Update 
-|*.smartscreen.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.smartscreen-prod.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.update.microsoft.com|TLSv1.2|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*.wns.windows.com|TLSv1.2|Used for the Windows Push Notification Services (WNS)
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*msn-com.akamaized.net|HTTPS|This endpoint is related to Microsoft Edge
-|*ring.msedge.net|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
-|*storecatalogrevocation.storequality.microsoft.com|TLSv1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|TLSv1.2|Windows Spotlight 
-|blobs.officehome.msocdn.com|HTTPS|OneNote
-|cdn.onenote.net|HTTPS|OneNote
-|checkappexec.microsoft.com|HTTPS|OneNote
-|config.edge.skype.com|HTTPS|Skype 
-|config.teams.microsoft.com|HTTPS|Skype 
-|crl.microsoft.com|HTTPS|Skype 
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List 
-|d2i2wahzwrm1n5.cloudfront.net|HTTPS|Microsoft Edge
-|da.xboxservices.com|HTTPS|Microsoft Edge  
-|*displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
-|dlassets-ssl.xboxlive.com|HTTPS|Xbox Live 
-|dmd.metaservices.microsoft.com|HTTP|Device Authentication 
-|evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
-|fp.msedge.net|HTTPS|Cortana and Live Tiles
-|fs.microsoft.com|TLSv1.2|Maps application
-|g.live.com|TLSv1.2|OneDrive 
-|go.microsoft.com|HTTPS|Windows Defender
-|img-prod-cms-rt-microsoft-com*|TLSv1.2|This endpoint is related to Microsoft Edge 
-|licensing.mp.microsoft.com|HTTPS|Licensing 
-|login.live.com|TLSv1.2|Device Authentication
-|manage.devcenter.microsoft.com|TLSv1.2|Microsoft Store analytics  
-|maps.windows.com|TLSv1.2|Related to Maps application 
-|ocsp.digicert.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ris.api.iris.microsoft.com|TLSv1.2|Windows Telemetry
-|s1325.t.eloqua.com|HTTPS|Microsoft Edge
-|self.events.data.microsoft.com|HTTPS|Microsoft Office
-|settings-win.data.microsoft.com|TLSv1.2|Used for Windows apps to dynamically update their configuration
-|store-images.*microsoft.com|HTTPS|Used to get images that are used for Microsoft Store suggestions
-|storesdk.dsx.mp.microsoft.com|HTTPS|Microsoft Store
-|telecommand.telemetry.microsoft.com|TLSv1.2|Used by Windows Error Reporting
-|tile-service.weather.microsoft.com|HTTPS|Used to download updates to the Weather app Live Tile
-|time.windows.com|HTTPS|Fetch the time
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|The following endpoint is used for content regulation
-|v10.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.msn.com|HTTPS|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
-
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*.prod.do.dsp.mp.microsoft.com|TLSv1.2|Windows Update 
-|*.smartscreen.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.smartscreen-prod.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.update.microsoft.com|TLSv1.2|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*.wns.windows.com|TLSv1.2|Used for the Windows Push Notification Services (WNS)
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*ring.msedge.net|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
-|*storecatalogrevocation.storequality.microsoft.com|TLSv1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|TLSv1.2|Windows Spotlight 
-|blobs.officehome.msocdn.com|HTTPS|OneNote
-|cdn.onenote.net|HTTPS|OneNote
-|checkappexec.microsoft.com|HTTPS|OneNote
-|config.edge.skype.com|HTTPS|Skype 
-|config.teams.microsoft.com|HTTPS|Skype 
-|crl.microsoft.com|HTTPS|Skype 
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List 
-|da.xboxservices.com|HTTPS|Microsoft Edge  
-|dmd.metaservices.microsoft.com|HTTP|Device Authentication 
-|evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
-|fp.msedge.net|HTTPS|Cortana and Live Tiles
-|fs.microsoft.com|TLSv1.2|Maps application
-|g.live.com|TLSv1.2|OneDrive 
-|go.microsoft.com|HTTPS|Windows Defender
-|licensing.mp.microsoft.com|HTTPS|Licensing 
-|login.live.com|TLSv1.2|Device Authentication
-|logincdn.msauth.net|HTTPS|Device Authentication
-|manage.devcenter.microsoft.com|TLSv1.2|Microsoft Store analytics  
-|ocsp.digicert.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|ocsp.msocsp.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|ow1.res.office365.com|HTTPS|Microsoft Office
-|pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ris.api.iris.microsoft.com|TLSv1.2|Windows Telemetry
-|s1325.t.eloqua.com|HTTPS|Microsoft Edge
-|settings-win.data.microsoft.com|TLSv1.2|Used for Windows apps to dynamically update their configuration
-|telecommand.telemetry.microsoft.com|TLSv1.2|Used by Windows Error Reporting
-|tile-service.weather.microsoft.com|HTTPS|Used to download updates to the Weather app Live Tile
-|v10.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|v20.events.data.microsoft.com|HTTPS|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.microsoft.com|HTTP|Connected User Experiences and Telemetry, Microsoft Data Management service
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
deleted file mode 100644
index 2f2d8eb8f3..0000000000
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ /dev/null
@@ -1,256 +0,0 @@
----
-title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 12/17/2020
-ms.topic: reference
----
-# Windows 10, version 20H2, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 20H2
-- Windows 10 Professional, version 20H2
-- Windows 10 Education, version 20H2
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 20H2.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-|-----------|--------------- |------------- |-----------------|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||HTTPS/HTTP|k-ring.msedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||TLSv1.2/HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| 
-|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net|
-|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net|
-|||HTTPS/HTTP|dev.virtualearth.net|
-|||HTTPS/HTTP|ecn.dev.virtualearth.net|
-|||HTTPS/HTTP|ssl.bing.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoints are used for Microsoft Edge Browser Services.|HTTPS/HTTP|edge.activity.windows.com|
-|||HTTPS/HTTP|edge.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|HTTP|go.microsoft.com/fwlink/|
-|||TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||HTTP|roaming.officeapps.live.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|api.onedrive.com|
-|||HTTPS/HTTP|skydrivesync.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-|||TLSv1.2|definitionupdates.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|||HTTPS|mucp.api.account.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|||HTTPS|www.xboxab.com|
-|
-
-## Windows 10 Pro
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||TLSv1.2/HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|
-
-## Windows 10 Education
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|odinvzc.azureedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||TLSv1.2/HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
-|||TLSv1.2/HTTPS|da.xboxservices.com|
diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
deleted file mode 100644
index d6d6383582..0000000000
--- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
+++ /dev/null
@@ -1,250 +0,0 @@
----
-title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 12/17/2020
-ms.topic: reference
----
-# Windows 10, version 21H1, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 21H1
-- Windows 10 Professional, version 21H1
-- Windows 10 Education, version 21H1
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-21H1-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 21H1.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer, you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-|-----------|--------------- |------------- |-----------------|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||HTTPS/HTTP|k-ring.msedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. <br/>If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| 
-|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net|
-|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net|
-|||HTTPS/HTTP|dev.virtualearth.net|
-|||HTTPS/HTTP|ecn.dev.virtualearth.net|
-|||HTTPS/HTTP|ssl.bing.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoints are used for Microsoft Edge Browser Services.|HTTPS/HTTP|edge.activity.windows.com|
-|||HTTPS/HTTP|edge.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|HTTP|go.microsoft.com/fwlink/|
-|||TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||HTTP|roaming.officeapps.live.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|api.onedrive.com|
-|||HTTPS/HTTP|skydrivesync.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-|||TLSv1.2|definitionupdates.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|||HTTPS|mucp.api.account.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|||HTTPS|www.xboxab.com|
-|
-
-## Windows 10 Pro
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. <br/>If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|
-
-## Windows 10 Education
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|odinvzc.azureedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. <br/>If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
-|||TLSv1.2/HTTPS|da.xboxservices.com|
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-privacy-compliance-guide.md
similarity index 96%
rename from windows/privacy/windows-10-and-privacy-compliance.md
rename to windows/privacy/windows-privacy-compliance-guide.md
index ab86dc703a..c6ccfd9bec 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-privacy-compliance-guide.md
@@ -44,7 +44,7 @@ The following table provides an overview of the Windows 10 and Windows 11 privac
 
 | Feature/Setting | Description | Supporting content | Privacy statement |
 | --- | --- | --- | --- |
-| Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./optional-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Inking & typing | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy) |[Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
 | Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
@@ -56,7 +56,7 @@ The following table provides an overview of the Windows 10 and Windows 11 privac
 
 [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) is a Microsoft Store app (available in Windows 10, version 1803 and later and Windows 11) that lets a user review the Windows diagnostic data that is being collected on their Windows device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected.
 
-An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
+An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](diagnostic-data-viewer-powershell.md) provides further information.
 
 > [!Note]
 > If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s device usage. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
@@ -104,8 +104,8 @@ Alternatively, your administrators can also choose to use Windows Autopilot. Win
 
 You can use the following articles to learn more about Windows Autopilot and how to use Windows Autopilot to deploy Windows:
 
-- [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
-- [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
+- [Overview of Windows Autopilot](/autopilot/overview)
+- [Windows Autopilot deployment process](/autopilot/deployment-process)
 
 #### _2.3.2 Managing Windows connected experiences and essential services_
 
@@ -180,14 +180,14 @@ Users can delete their device-based data by opening the Windows settings app and
 
 ### 3.2 View
 
-The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows device. Administrators can also use the [Get-DiagnosticData](diagnostic-data-viewer-powershell.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
 
 >[!Note]
 >If the Windows diagnostic data processor configuration is enabled, IT administrators can view the diagnostic data that is associated with a user from the admin portal.
 
 ### 3.3 Export
 
-The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the **Export** data button in the top menu. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the **Export** data button in the top menu. Administrators can also use the [Get-DiagnosticData](diagnostic-data-viewer-powershell.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
 
 >[!Note]
 >If the Windows diagnostic data processor configuration is enabled, IT administrators can also export the diagnostic data that is associated with a user from the admin portal.
@@ -246,5 +246,4 @@ Microsoft Intune is a cloud-based endpoint management solution. It manages user
 * [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
 * [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 * [Privacy at Microsoft](https://privacy.microsoft.com/privacy-report)
-* [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md)
 * [Microsoft Service Trust Portal](https://servicetrust.microsoft.com/)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
index c2302c6e47..91cc8b46d0 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
@@ -100,8 +100,6 @@
           href: deployment/create-code-signing-cert-for-wdac.md
     - name: Disable WDAC policies
       href: deployment/disable-wdac-policies.md
-    - name: LOB Win32 Apps on S Mode
-      href: deployment/LOB-win32-apps-on-s.md
 - name: WDAC operational guide
   href: operations/wdac-operational-guide.md
   items:
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
deleted file mode 100644
index 965a20c625..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
+++ /dev/null
@@ -1,252 +0,0 @@
----
-title: Allow LOB Win32 apps on Intune-managed S Mode devices
-description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S Mode base policy on your Intune-managed devices.
-ms.localizationpriority: medium
-ms.date: 04/05/2023
-ms.topic: how-to
----
-
-# Allow line-of-business Win32 apps on Intune-managed S Mode devices
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
-
-You can use Microsoft Intune to deploy and run critical Win32 applications, and Windows components that are normally blocked in S mode, on your Intune-managed Windows 10 in S mode devices. For example, PowerShell.exe.
-
-With Intune, you can configure managed S mode devices using a Windows Defender Application Control (WDAC) supplemental policy that expands the S mode base policy to authorize the apps your organization uses. This feature changes the S mode security posture from "Microsoft has verified every app" to "Microsoft or your organization has verified every app".
-
-For an overview and brief demo of this feature, see this video:
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4mlcp]
-
-## Policy authorization process
-
-![Basic diagram of the policy authorization flow.](../images/wdac-intune-policy-authorization.png)
-
-The general steps for expanding the S mode base policy on your Intune-managed Windows 10 in S mode devices are to generate a supplemental policy, sign that policy, upload the signed policy to Intune, and assign it to user or device groups. Because you need access to PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, before deploying the policy more broadly, assign it to a single test Windows 10 in S mode device to verify expected functioning.
-
-1. Generate a supplemental policy with WDAC tooling.
-
-    This policy expands the S mode base policy to authorize more applications. Anything authorized by either the S mode base policy or your supplemental policy is allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more.
-
-    For more information on creating supplemental policies, see [Deploy multiple WDAC policies](../design/deploy-multiple-wdac-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md).
-
-    The following instructions are a basic set for creating an S mode supplemental policy:
-
-    - Create a new base policy using [New-CIPolicy](/powershell/module/configci/new-cipolicy?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        New-CIPolicy -MultiplePolicyFormat -ScanPath <path> -UserPEs -FilePath "<path>\SupplementalPolicy.xml" -Level FilePublisher -Fallback SignedVersion,Publisher,Hash
-        ```
-
-    - Change it to a supplemental policy using [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        Set-CIPolicyIdInfo -SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784 -FilePath "<path>\SupplementalPolicy.xml"
-        ```
-
-        For policies that supplement the S mode base policy, use `-SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784`. This ID is the S mode policy ID.
-
-    - Put the policy in enforce mode using [Set-RuleOption](/powershell/module/configci/set-ruleoption?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        Set-RuleOption -FilePath "<path>\SupplementalPolicy.xml>" -Option 3 -Delete
-        ```
-
-        This command deletes the 'audit mode' qualifier.
-
-    - Since you're signing your policy, you must authorize the signing certificate you use to sign the policy. Optionally, also authorize one or more extra signers that can be used to sign updates to the policy in the future. The next step in the overall process, **Sign the policy**, describes it in more detail.
-
-        To add the signing certificate to the WDAC policy, use [Add-SignerRule](/powershell/module/configci/add-signerrule?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        Add-SignerRule -FilePath <policypath> -CertificatePath <certpath> -User -Update
-        ```
-
-    - Convert to `.bin` using [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        ConvertFrom-CIPolicy -XmlFilePath "<path>\SupplementalPolicy.xml" -BinaryFilePath "<path>\SupplementalPolicy.bin>
-        ```
-
-2. Sign the policy.
-
-    Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-wdac.md).
-
-      > [!TIP]
-      > For more information, see [Azure Code Signing, democratizing trust for developers and consumers](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669).
-
-    After you've signed it, rename your policy to `{PolicyID}.p7b`. Get the **PolicyID** from the supplemental policy XML.
-
-3. Deploy the signed supplemental policy using Microsoft Intune.
-
-    Go to the Microsoft Intune portal, go to the Client apps page, and select **S mode supplemental policies**. Upload the signed policy to Intune and assign it to user or device groups. Intune generates authorization tokens for the tenant and specific devices. Intune then deploys the corresponding authorization token and supplemental policy to each device in the assigned group. Together, these tokens and policies expand the S mode base policy on the device.
-
-> [!NOTE]
-> When you update your supplemental policy, make sure that the new version number is strictly greater than the previous one. Intune doesn't allow using the same version number. For more information on setting the version number, see [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion?view=win10-ps&preserve-view=true).
-
-## Standard process for deploying apps through Intune
-
-![Basic diagram for deploying apps through Intune.](../images/wdac-intune-app-deployment.png)
-
-For more information on the existing procedure of packaging signed catalogs and app deployment, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
-
-## Optional: Process for deploying apps using catalogs
-
-![Basic diagram for deploying Apps using catalogs.](../images/wdac-intune-app-catalogs.png)
-
-Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that authorizes all apps signed by that certificate, which may include apps you don't want to allow as well.
-
-Instead of authorizing signers external to your organization, Intune has functionality to make it easier to authorize existing applications by using signed catalogs. This feature doesn't require repackaging or access to the source code. It works for apps that may be unsigned or even signed apps when you don't want to trust all apps that may share the same signing certificate.
-
-The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-wdac.md).
-
-> [!NOTE]
-> Every time an app updates, you need to deploy an updated catalog. Try to avoid using catalog files for applications that auto-update, and direct users not to update applications on their own.
-
-## Sample policy
-
-The following policy is a sample that allows kernel debuggers, PowerShell ISE, and Registry Editor. It also demonstrates how to specify your organization's code signing and policy signing certificates.
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Supplemental Policy">
-  <VersionEx>10.0.0.0</VersionEx>
-  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
-  <!--Standard S mode GUID-->
-  <BasePolicyID>{5951A96A-E0B5-4D3D-8FB8-3E5B61030784}</BasePolicyID>
-  <!--Unique policy GUID-->
-  <PolicyID>{52671094-ACC6-43CF-AAF1-096DC69C1345}</PolicyID>
-  <!--EKUS-->
-  <EKUs />
-  <!--File Rules-->
-  <FileRules>
-    <!--Allow kernel debuggers-->
-    <Allow ID="ID_ALLOW_CBD_0" FriendlyName="cdb.exe" FileName="CDB.Exe" />
-    <Allow ID="ID_ALLOW_KD_0" FriendlyName="kd.exe" FileName="kd.Exe" />
-    <Allow ID="ID_ALLOW_WINDBG_0" FriendlyName="windbg.exe" FileName="windbg.Exe" />
-    <Allow ID="ID_ALLOW_MSBUILD_0" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" />
-    <Allow ID="ID_ALLOW_NTSD_0" FriendlyName="ntsd.exe" FileName="ntsd.Exe" />
-    <!--Allow PowerShell ISE and Registry Editor-->
-    <Allow ID="ID_ALLOW_POWERSHELLISE_0" FriendlyName="powershell_ise.exe" FileName="powershell_ise.exe" />
-    <Allow ID="ID_ALLOW_REGEDIT_0" FriendlyName="regedit.exe" FileName="regedit.exe" />
-  </FileRules>
-  <!--Signers-->
-  <Signers>
-    <!--info of the certificate you will use to do any code/catalog signing-->
-    <Signer ID="EXAMPLE_ID_SIGNER_CODE" Name="Example Code Signing Certificate Friendly Name">
-      <CertRoot Type="TBS" Value="<value>" />
-    </Signer>
-    
-    <!--info of the certificate you will use to sign your policy-->
-    <Signer ID="EXAMPLE_ID_SIGNER_POLICY" Name="Example Policy Signing Certificate Friendly Name">
-      <CertRoot Type="TBS" Value="<value>" />
-    </Signer>
-  </Signers>
-  <!--Driver Signing Scenarios-->
-  <SigningScenarios>
-    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI" FriendlyName="Example Name">
-      <ProductSigners />
-    </SigningScenario>
-    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI" FriendlyName="Example Name">
-      <ProductSigners>
-        <AllowedSigners>
-          <AllowedSigner SignerId="EXAMPLE_ID_SIGNER_CODE" />
-        </AllowedSigners>
-        <FileRulesRef>
-          <FileRuleRef RuleID="ID_ALLOW_CBD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_KD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_WINDBG_0" />
-          <FileRuleRef RuleID="ID_ALLOW_MSBUILD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_NTSD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_POWERSHELLISE_0" />
-          <FileRuleRef RuleID="ID_ALLOW_REGEDIT_0" />
-        </FileRulesRef>
-      </ProductSigners>
-    </SigningScenario>
-  </SigningScenarios>
-  <!--Specify one or more certificates that can be used to sign updated policy-->
-  <UpdatePolicySigners>
-    <UpdatePolicySigner SignerId="EXAMPLE_ID_SIGNER_POLICY" />
-  </UpdatePolicySigners>
-  <!--Specify one or more codesigning certificates to trust-->
-  <CiSigners>
-    <CiSigner SignerId="EXAMPLE_ID_SIGNER_CODE" />
-  </CiSigners>
-  <!-- example remove core isolation a.k.a. Hypervisor Enforced Code Integrity (HVCI) options, consider enabling if your system supports it-->
-  <HvciOptions>0</HvciOptions>
-  <Settings>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
-      <Value>
-        <String>Example Policy Name</String>
-      </Value>
-    </Setting>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
-      <Value>
-        <String>Example-Policy-10.0.0.0</String>
-      </Value>
-    </Setting>
-  </Settings>
-</SiPolicy>
-```
-
-## Policy removal
-
-In order to revert users to an unmodified S mode policy, remove a user or users from the targeted Intune group that received the policy. This action triggers a removal of both the policy and the authorization token from the device.
-
-You can also delete a supplemental policy through Intune.
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Supplemental Policy">
-  <VersionEx>10.0.0.1</VersionEx>
-  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
-  <BasePolicyID>{5951A96A-E0B5-4D3D-8FB8-3E5B61030784}</BasePolicyID>
-  <PolicyID>{52671094-ACC6-43CF-AAF1-096DC69C1345}</PolicyID>
-  <Rules>
-  </Rules>
-  <!--EKUS-->
-  <EKUs />
-  <!--File Rules-->
-
-  <!--Signers-->
-  <Signers>
-    <!--info of the certificate you will use to sign your policy-->
-    <Signer ID="EXAMPLE_ID_SIGNER_POLICY" Name="Example Policy Signing Certificate Friendly Name">
-      <CertRoot Type="TBS" Value="<value>" />
-    </Signer>
-  </Signers>
-  <!--Driver Signing Scenarios-->
-  <SigningScenarios>
-    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI" FriendlyName="KMCI">
-      <ProductSigners>
-      </ProductSigners>
-    </SigningScenario>
-    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI" FriendlyName="UMCI">
-      <ProductSigners>
-      </ProductSigners>
-    </SigningScenario>
-  </SigningScenarios>
-  <UpdatePolicySigners>
-    <UpdatePolicySigner SignerId="EXAMPLE_ID_SIGNER_POLICY" />
-  </UpdatePolicySigners>
-  <!-- example remove core isolation a.k.a. Hypervisor Enforced Code Integrity (HVCI) options, consider enabling if your system is supported-->
-  <HvciOptions>0</HvciOptions>
-  <Settings>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
-      <Value>
-        <String>Example Policy Name - Empty</String>
-      </Value>
-    </Setting>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
-      <Value>
-        <String>Example-Policy-Empty-10.0.0.1</String>
-      </Value>
-    </Setting>
-  </Settings>
-</SiPolicy>
-```
-
-## Errata
-
-If a Windows 10 in S mode device with a policy authorization token and supplemental policy is rolled back from the 1909 update to the 1903 build, it will not revert to locked-down S mode until the next policy refresh. To achieve an immediate change to a locked-down S mode state, IT Pros should delete any tokens in %SystemRoot%\System32\CI\Tokens\Active.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
index 21442ea394..46d07c19a7 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
@@ -4,7 +4,6 @@ description: Learn how to plan and implement a WDAC deployment.
 ms.localizationpriority: medium
 ms.date: 01/23/2023
 ms.topic: overview
-ms.collection: essentials-get-started
 ---
 
 # Deploying Windows Defender Application Control (WDAC) policies
@@ -31,7 +30,7 @@ Before you deploy your WDAC policies, you must first convert the XML to its bina
     {
         $PolicyBinary = "SiPolicy.p7b"
     }
-    
+
     ## Binary file will be written to your desktop
     ConvertFrom-CIPolicy -XmlFilePath $WDACPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary
    ```
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
index 008ae3d8ea..13ff7f41f2 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
@@ -169,7 +169,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and
     <Deny ID="ID_DENY_MS_BUILD" FriendlyName="Microsoft.Build.dll" FileName="Microsoft.Build.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_MS_BUILD_FMWK" FriendlyName="Microsoft.Build.Framework.dll" FileName="Microsoft.Build.Framework.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
-    <Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_MSBUILD_DLL" FriendlyName="MSBuild.dll" FileName="MSBuild.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_MSHTA" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_NTKD" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
index c99e4f6e9e..040d3f9949 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
@@ -82,7 +82,7 @@ The following recommended blocklist xml policy file can also be downloaded from
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.26025.0</VersionEx>
+  <VersionEx>10.0.27685.0</VersionEx>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
     <Rule>
@@ -165,6 +165,12 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_ASRDRV104_65" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Sha256" Hash="E6A2AC52A35D470DC336BAE5C48A2EBF2D80519BFD57B703DA6CE00DDD12163A" />
     <Deny ID="ID_DENY_ASRDRV104_66" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Page Sha1" Hash="4A7D66874A0472A47087FABAA033A85D47413379" />
     <Deny ID="ID_DENY_ASRDRV104_67" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Page Sha256" Hash="C1FE339D15E5D59F9613688B85F9B627E72ED8ED3EFC53F9DD0CD7A7F0C55133" />
+    <Deny ID="ID_DENY_ASRDRV105_1" FriendlyName="AsrDrv105.sys\bc3f73f643b8d3108661fe1ff6a816cbc4482a056ef90c29042b448a45077bd3" Hash="492f6020cc33ca2c295bfaa8c0a167c3cb0a0a64" />
+    <Deny ID="ID_DENY_ASRDRV105_2" FriendlyName="AsrDrv105n.sys\e7477a7594b976d8662aab9d4f4b110d8db135bbcd712bea391b81336dc856eb" Hash="ef2169c33ee233ad0f7498a9358953d449c6ede5" />
+    <Deny ID="ID_DENY_ASRDRV106_1" FriendlyName="AsrDrv106.sys\3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838" Hash="ac7b3c3b74e6e282c7f50c17a6213b81b181f779cd7c0c78e3cb426c427a98db" />
+    <Deny ID="ID_DENY_ASRDRV106_2" FriendlyName="AsrDrv106n.sys\14c5576eda5a28d476a93c9cdb91236f18573dbd0578ac2bb183dfd115f4a166" Hash="8d6e7e7bbc5635af4a7cdcddcbc7da49420e9887b4f3a9baa95b49721226a8fc" />
+    <Deny ID="ID_DENY_ASRDRV107_1" FriendlyName="AsrDrv107.sys\be131e30464c7be03bd2d16f99ea2b04c106b482cc5c52be659e4c0301206348" Hash="d7b082adddeefc2cc8c48871ca50522121ec4add2796b4e3bdf225fde77e8625" />
+    <Deny ID="ID_DENY_ASRDRV107_2" FriendlyName="AsrDrv107n.sys\12177d777345f60a579e7bd8f0df95296af6e293e5560ee544fcced99a5db0df" Hash="31e708f95a0fd64a29333b05185ef3dfbd6b053d766e73ffc4b7ce08286bad24" />
     <Deny ID="ID_DENY_ASRSETUPDRV103_39" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Sha1" Hash="0B6EC2AEDC518849A1C61A70B1F9FB068EDE2BC3" />
     <Deny ID="ID_DENY_ASRSETUPDRV103_3A" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Sha256" Hash="399EFFE75D32BDAB6FA0A6BFFE02DBF0A59219D940B654837C3BE1C0BD02E9AA" />
     <Deny ID="ID_DENY_ASRSETUPDRV103_3B" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Page Sha1" Hash="461882BD59887617CADC1C7B2B22D0A45458C070" />
@@ -359,6 +365,14 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_AMIFLDRV_36" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Sha256" Hash="2EE914C20B3E4A321BCD2EA2F0F437CDA6DA09DC0819CD6F06960C0567F4CB19" />
     <Deny ID="ID_DENY_AMIFLDRV_37" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha1" Hash="ABD4616FF35256B5D52813FB80596326047D3768" />
     <Deny ID="ID_DENY_AMIFLDRV_38" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha256" Hash="BB52155AD4262C8995115147847BC740873F8AA036D0118E263FD8C84AF9C649" />
+    <Deny ID="ID_DENY_AODDRIVER_1" FriendlyName="AMD AODDriver\478bcb750017cb6541f3dd0d08a47370f3c92eec998bc3825b5d8e08ee831b70 Hash Sha1" Hash="9A329362E340FC8363E67FB5F23A8391CB83BF00"/>
+    <Deny ID="ID_DENY_AODDRIVER_2" FriendlyName="AMD AODDriver\478bcb750017cb6541f3dd0d08a47370f3c92eec998bc3825b5d8e08ee831b70 Hash Sha256" Hash="FFD548833A96C2C5F8410B22FC110D10B36A47EB0B16B3D2E7EDB82C3CABF97B"/>
+    <Deny ID="ID_DENY_AODDRIVER_3" FriendlyName="AMD AODDriver\478bcb750017cb6541f3dd0d08a47370f3c92eec998bc3825b5d8e08ee831b70 Hash Page Sha1" Hash="0BC84A62ABD3CA20305FB834592928C2317439D6"/>
+    <Deny ID="ID_DENY_AODDRIVER_4" FriendlyName="AMD AODDriver\478bcb750017cb6541f3dd0d08a47370f3c92eec998bc3825b5d8e08ee831b70 Hash Page Sha256" Hash="76C7A12CDE2FDC80A6AF0A58E7698FC1F5EC8746EFB461FB07155B7065480715"/>
+    <Deny ID="ID_DENY_AODDRIVER_5" FriendlyName="AMD AODDriver\5daa8fa3b5db2e6225a2effea41af95fe7ffc579550c4081c8028ed33bc023b8 Hash Sha1" Hash="3099E0D37FD0EE97738CF271BAE3793A91B88382"/>
+    <Deny ID="ID_DENY_AODDRIVER_6" FriendlyName="AMD AODDriver\5daa8fa3b5db2e6225a2effea41af95fe7ffc579550c4081c8028ed33bc023b8 Hash Sha256" Hash="5640179B9CFFC3517D322AC2C0BC1258B563F65EBB1B67EB22ECF7F3A0500C7D"/>
+    <Deny ID="ID_DENY_AODDRIVER_7" FriendlyName="AMD AODDriver\5daa8fa3b5db2e6225a2effea41af95fe7ffc579550c4081c8028ed33bc023b8 Hash Page Sha1" Hash="5F19A1888DAE00109AAB45FD279425E171394628"/>
+    <Deny ID="ID_DENY_AODDRIVER_8" FriendlyName="AMD AODDriver\5daa8fa3b5db2e6225a2effea41af95fe7ffc579550c4081c8028ed33bc023b8 Hash Page Sha256" Hash="721DB128B4B335136AE5D3038DCBC12FAEF793D2CBAC7AC960B499CCF4163335"/>
     <Deny ID="ID_DENY_ASIO_1" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Sha1" Hash="B25550309C902A21B03367AE27694C5A29B891B5" />
     <Deny ID="ID_DENY_ASIO_2" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Sha256" Hash="C3E3719CA592BA65A67F594EC1A08D0D7AD724B088BE77D48CB33627C56F4614" />
     <Deny ID="ID_DENY_ASIO_3" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Page Sha1" Hash="EA7DBFB3ECFFAA134D4C3A76024F9B65126DFDC1" />
@@ -738,6 +752,28 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_INPOUTX_21" FriendlyName="inpoutx\d5cc046c2ae9ba6fe54def699f1c4fa92d3226304321bbf45cc33883ce131138 Hash Sha256" Hash="D5CC046C2AE9BA6FE54DEF699F1C4FA92D3226304321BBF45CC33883CE131138" />
     <Deny ID="ID_DENY_INPOUTX_22" FriendlyName="inpoutx\e2c531a771b0df1585518a22427798e86611e6be3d357024797871a1b3876e9c Hash Sha1" Hash="CCE8ED3969E52080B32BCC59E2EC174CA9C578EC" />
     <Deny ID="ID_DENY_INPOUTX_23" FriendlyName="inpoutx\e2c531a771b0df1585518a22427798e86611e6be3d357024797871a1b3876e9c Hash Sha256" Hash="E2C531A771B0DF1585518A22427798E86611E6BE3D357024797871A1B3876E9C" />
+    <Deny ID="ID_DENY_IOACCESS_1" FriendlyName="IoAccess.sys\0b98023ef571fb162133e79c776b0840a3bdbd55b56752a791ed05a769caa495" Hash="0B98023EF571FB162133E79C776B0840A3BDBD55B56752A791ED05A769CAA495" />
+    <Deny ID="ID_DENY_IOACCESS_2" FriendlyName="IoAccess.sys\0191f9a1d0f7b3a063ee538074181aee92399472562623b49b75070614cd535e" Hash="0ECC8E8C2FD4751CE4F919449A5BE0D22BD460BC" />
+    <Deny ID="ID_DENY_IOACCESS_3" FriendlyName="IoAccess.sys\208b4361be8e5011423f210b415b4d9b397f1893"                         Hash="208B4361BE8E5011423F210B415B4D9B397F1893" />
+    <Deny ID="ID_DENY_IOACCESS_4" FriendlyName="IoAccess.sys\bd724ef0c3bf9f160df2c5b15f25048f36be869218f40e642f326e0ef4097394" Hash="214B15683D2D625D83AA558AC5252B8E263D305166A0A0EDC0FC5EABC84F7709" />
+    <Deny ID="ID_DENY_IOACCESS_5" FriendlyName="IoAccess.sys\2f04f0f73e766446ea8f7b8d9d3fb78affea7fb4f16e18747aeed65c6e9958e8" Hash="2F04F0F73E766446EA8F7B8D9D3FB78AFFEA7FB4F16E18747AEED65C6E9958E8" />
+    <Deny ID="ID_DENY_IOACCESS_6" FriendlyName="IOAccess.sys\4044d50fbd7c25313b74f4b3a29e8db153c2974ba2a13b7282b20074a40021f0" Hash="4044D50FBD7C25313B74F4B3A29E8DB153C2974BA2A13B7282B20074A40021F0" />
+    <Deny ID="ID_DENY_IOACCESS_7" FriendlyName="IoAccess.sys\73a7cb8a00b70e4b289a147490f0a5ed4805081f88ffd8cf6ce8fc3b96c004d4" Hash="73A7CB8A00B70E4B289A147490F0A5ED4805081F88FFD8CF6CE8FC3B96C004D4" />
+    <Deny ID="ID_DENY_IOACCESS_8" FriendlyName="IoAccess.sys\78a7f5d1868a216de6451218c1c7d6f8cc6b870ca683f89a7d08d51615a84c4f" Hash="78A7F5D1868A216DE6451218C1C7D6F8CC6B870CA683F89A7D08D51615A84C4F" />
+    <Deny ID="ID_DENY_IOACCESS_9" FriendlyName="IoAccess.sys\d616c0cbce2576e29192d6bf8b37694fc8014b134a884b55afd8793990569d0f" Hash="7FBFE4DB0AE254EC7A60AE615A6A9C17B61391E4" />
+    <Deny ID="ID_DENY_IOACCESS_10" FriendlyName="IoAccess.sys\be227767ed87b594f581eafdf7a938eb3607c5f389ad73f8924635b825e9681e" Hash="8DD363AFF8CFF0AD16B84613871895BFCE893A32" />
+    <Deny ID="ID_DENY_IOACCESS_11" FriendlyName="IoAccess.sys\6a92170c71bf052922aebd1136842ccbf5942e6b53740d9cfd9de6c58bc13b58" Hash="8E76D29121848E182A5627B7C3217639BBB5CBAF" />
+    <Deny ID="ID_DENY_IOACCESS_12" FriendlyName="IoAccess.sys\5b2ea11f9404726ffc750f4a175d69c41a3253da9d9217caece2477288c05ad6" Hash="94BE31D8A066BA65052164826C45A61DBC6D07EA" />
+    <Deny ID="ID_DENY_IOACCESS_13" FriendlyName="IoAccess.sys\b03759640798b7c3b8079d0cb662fce9ad8a2e25f9acf3fda29d5ec53b5cd2bc" Hash="B03759640798B7C3B8079D0CB662FCE9AD8A2E25F9ACF3FDA29D5EC53B5CD2BC"/>
+    <Deny ID="ID_DENY_IOACCESS_14" FriendlyName="IoAccess.sys\fb99295b97a4906d5df8fef3d42305d5765cd37c88722f3b1dc84b2af285f38d" Hash="BC9BDF10D3277BDCF3C48D96308D8F6379331A72A97CF3097E54CA23D54576A6"/>
+    <Deny ID="ID_DENY_IOACCESS_15" FriendlyName="IoAccess.sys\c3222b982909d25f699a0a204c3b045694eb6b811b9c1f4a70b2d856fb11a0a9" Hash="C0FB781B9F0BEE8D6C38F85591D0ABDFED5981164E563D465B003AE1C8C5BA86"/>
+    <Deny ID="ID_DENY_IOACCESS_16" FriendlyName="IoAccess.sys\1d1f21f81c479c8ce333801e39e8064fff40d466d42ebd56bb1f4861fc86190a" Hash="C12029FCCF6EE61681BC07937D37932D2FBB1BC3" />
+    <Deny ID="ID_DENY_IOACCESS_17" FriendlyName="IoAccess.sys\1215acbdd8720fdcf5bafd36c94fc41e25cd367617c5b7bcaca0a30eeb328981" Hash="C9E682C58A0D0667FD4872B4B0787E4A38C741BF75D7765B1BD5637F90FCCD1F"/>
+    <Deny ID="ID_DENY_IOACCESS_18" FriendlyName="IoAccess.sys\5e31f40073017beffbc53bdc887c2f99b168bb64ba432b9b5ba821b971d2734f" Hash="E17093D6DD297B47826FA597C5CD58FFE9426FC5151A581D7F1618224A1C06DE"/>
+    <Deny ID="ID_DENY_IOACCESS_19" FriendlyName="IoAccess.sys\ee7e65fa2491e0033fa13030eb0213fbebc1e834c18fa2cff0fa33d198f9e797" Hash="EE7E65FA2491E0033FA13030EB0213FBEBC1E834C18FA2CFF0FA33D198F9E797"/>
+    <Deny ID="ID_DENY_IOACCESS_20" FriendlyName="IoAccess.sys\b9e0c2a569ab02742fa3a37846310a1d4e46ba2bfd4f80e16f00865fc62690cb" Hash="F82CDE6DC693A4AC8B485AC9225F2641141213F8333B0BE8D7134D0139F17C26"/>
+    <Deny ID="ID_DENY_IOACCESS_21" FriendlyName="IoAccess.sys\6a92170c71bf052922aebd1136842ccbf5942e6b53740d9cfd9de6c58bc13b58" Hash="F927819A32EA1CB1D83E15B5D6A4F693C954CF0AC523BA19C4F958C2EA74F72A"/>
+    <Deny ID="ID_DENY_IOACCESS_22" FriendlyName="IoAccess.sys\0b135632111316facbbf06fe8ecf1522cb415745875a329abe070881bfe2a555" Hash="FAF290EDD14AE923A52A23A84532D6A26C5CAEF73B2FC647B5CE7F418AC1FAC5"/>
     <Deny ID="ID_DENY_IREC_1" FriendlyName="IREC.sys\irec32--1.sys Hash Sha1" Hash="B715B8030FC28346C97B5F5FB901C390ED5C97B6" />
     <Deny ID="ID_DENY_IREC_2" FriendlyName="IREC.sys\irec32--1.sys Hash Sha256" Hash="2E8E61DAA45061AE04AABEE086371A6D56F0D517AA584E1B70C8423C8E469310" />
     <Deny ID="ID_DENY_IREC_3" FriendlyName="IREC.sys\irec32--1.sys Hash Page Sha1" Hash="9DF591D3672885C5BAA454413C75D974386B9F14" />
@@ -822,6 +858,90 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_IREC_52" FriendlyName="IREC.sys\irecARM64--45.sys Hash Sha256" Hash="7883DDEBE413E3D18E93FE73CA293322235A6EF6AEF5AD7030B743A4ECED83A3" />
     <Deny ID="ID_DENY_IREC_53" FriendlyName="IREC.sys\irecARM64--45.sys Hash Page Sha1" Hash="2C8F603F5420AC349DAD3051C6DD820DC1D34C8E" />
     <Deny ID="ID_DENY_IREC_54" FriendlyName="IREC.sys\irecARM64--45.sys Hash Page Sha256" Hash="8154EA793FC5DA34AAA7B14D24F462D1E6838AA7DE44CF3E5F332A8C66191DF2" />
+    <Deny ID="ID_DENY_KERNELD_0" FriendlyName="Firewire kerneld\02ed48cce245a294623123613053e3722b4af1c058524adfcad829ecb1253c45 Hash Sha1" Hash="CDEE9DA43ADACE5B037446B9C69C3B39CA98E10C"/>
+    <Deny ID="ID_DENY_KERNELD_1" FriendlyName="Firewire kerneld\02ed48cce245a294623123613053e3722b4af1c058524adfcad829ecb1253c45 Hash Sha256" Hash="8648F3ED52937B5215F8D0BB090D030DE486DDE7319865C077786000AAFE6762"/>
+    <Deny ID="ID_DENY_KERNELD_2" FriendlyName="Firewire kerneld\065a34b786b0ccf6f88c136408943c3d2bd3da14357ee1e55e81e05d67a4c9bc Hash Sha1" Hash="AC56DD7722A47E33BA0924AAA6062F74BFC1C08F"/>
+    <Deny ID="ID_DENY_KERNELD_3" FriendlyName="Firewire kerneld\065a34b786b0ccf6f88c136408943c3d2bd3da14357ee1e55e81e05d67a4c9bc Hash Sha256" Hash="88188EBB2DD61397D816274645CCE6044489675A52D835FAF518B2D137E0604C"/>
+    <Deny ID="ID_DENY_KERNELD_4" FriendlyName="Firewire kerneld\0e99950bd89fdf47258fd40cfd6f47889491566f45f6820125a4d422ace726b7 Hash Sha1" Hash="90CF37D2110FBF96FBD602D18E958BDF506969C4"/>
+    <Deny ID="ID_DENY_KERNELD_5" FriendlyName="Firewire kerneld\0e99950bd89fdf47258fd40cfd6f47889491566f45f6820125a4d422ace726b7 Hash Sha256" Hash="E4792622727EBABDDCEB97DBEC9C6713A5257EC04534EFF8309D57A18F2C41B2"/>
+    <Deny ID="ID_DENY_KERNELD_6" FriendlyName="Firewire kerneld\125e4475a5437634cab529da9ea2ef0f4f65f89fb25a06349d731f283c27d9fe Hash Sha1" Hash="A7E50663BE8F7E859B63D1D266E8263A96F7520B"/>
+    <Deny ID="ID_DENY_KERNELD_7" FriendlyName="Firewire kerneld\125e4475a5437634cab529da9ea2ef0f4f65f89fb25a06349d731f283c27d9fe Hash Sha256" Hash="F6E714528AD1B9EAE72699078499735468140C1627E45F015762206BA7A77B47"/>
+    <Deny ID="ID_DENY_KERNELD_8" FriendlyName="Firewire kerneld\1336469ec0711736e742b730d356af23f8139da6038979cfe4de282de1365d3b Hash Sha1" Hash="17B3417429A0D5E10492A243A4B7C3232C2A303C"/>
+    <Deny ID="ID_DENY_KERNELD_9" FriendlyName="Firewire kerneld\1336469ec0711736e742b730d356af23f8139da6038979cfe4de282de1365d3b Hash Sha256" Hash="2418301336CD89B7E3BDA2F68BC1AA63B8EA9A75DA7A3B40A9EE0A9058789F63"/>
+    <Deny ID="ID_DENY_KERNELD_10" FriendlyName="Firewire kerneld\18047c2d45758a43d6b7e56bcd4aa90354c899795baf944f037850c48d8e892a Hash Sha1" Hash="65369C73CFE6D634FAE882A8A8A1DADEDD8D6D5F"/>
+    <Deny ID="ID_DENY_KERNELD_11" FriendlyName="Firewire kerneld\18047c2d45758a43d6b7e56bcd4aa90354c899795baf944f037850c48d8e892a Hash Sha256" Hash="7690EF2838BDA2327116243C1792090125B36A5840464E010ACDD103F7369807"/>
+    <Deny ID="ID_DENY_KERNELD_12" FriendlyName="Firewire kerneld\1891d48fb8829e199552d7e022c2a4607e03b29101ef969ef508db5223898a78 Hash Sha1" Hash="E5FC9CC1099BCBBADB631DEC2C36C9EFCF496364"/>
+    <Deny ID="ID_DENY_KERNELD_13" FriendlyName="Firewire kerneld\1891d48fb8829e199552d7e022c2a4607e03b29101ef969ef508db5223898a78 Hash Sha256" Hash="8CCCF5345DE634C5D0ED91997661832B5DC2D76E908BECB9BD1225D1CDEBF9DE"/>
+    <Deny ID="ID_DENY_KERNELD_14" FriendlyName="Firewire kerneld\212c05b487cd4e64de2a1077b789e47e9ac3361efa24d9aab3cc6ad4bd3bd76a Hash Sha1" Hash="BBA9BF70E503A3F7F67F3F29CCAA7844818651B0"/>
+    <Deny ID="ID_DENY_KERNELD_15" FriendlyName="Firewire kerneld\212c05b487cd4e64de2a1077b789e47e9ac3361efa24d9aab3cc6ad4bd3bd76a Hash Sha256" Hash="533B8138AB8F776008FF8918C8CFA52604E43EFCA4E39DA5096404C8424084B7"/>
+    <Deny ID="ID_DENY_KERNELD_16" FriendlyName="Firewire kerneld\230b55436d02580adc14e8eb5602b6d4c033d18df21dece11dd22acf8f64c432 Hash Sha1" Hash="8B5747C247ADA57F55A1571B2C3AB2CA5BF6DFE7"/>
+    <Deny ID="ID_DENY_KERNELD_17" FriendlyName="Firewire kerneld\230b55436d02580adc14e8eb5602b6d4c033d18df21dece11dd22acf8f64c432 Hash Sha256" Hash="B998FFCBC6F15F18368707E980A3A5EA83D13E3EEFA1C07DF6800219929E7DFD"/>
+    <Deny ID="ID_DENY_KERNELD_18" FriendlyName="Firewire kerneld\263e2adc9b96de26d8d5c482659dc3927a2ccb90e7e71f4c726c2527d64979d6 Hash Sha1" Hash="CF143372123F466A9D0081A5451B1E5E6BFEB158"/>
+    <Deny ID="ID_DENY_KERNELD_19" FriendlyName="Firewire kerneld\263e2adc9b96de26d8d5c482659dc3927a2ccb90e7e71f4c726c2527d64979d6 Hash Sha256" Hash="C66A1743C63099584C603D20E5C83E18AB3BF5AC5A4942C9376DBD1054961422"/>
+    <Deny ID="ID_DENY_KERNELD_20" FriendlyName="Firewire kerneld\26c5e61293fb9ac935862bb38e3368aa5db3a5a5287d344d16e942c03e0726a0 Hash Sha1" Hash="EFE2B7257B768967CA22209E445A6F6D5D5F9D15"/>
+    <Deny ID="ID_DENY_KERNELD_21" FriendlyName="Firewire kerneld\26c5e61293fb9ac935862bb38e3368aa5db3a5a5287d344d16e942c03e0726a0 Hash Sha256" Hash="7DE8329FB0FD1329338C320BF2C95F0E0FCBE00E6DF84C8EA9D8CDF52B6B3876"/>
+    <Deny ID="ID_DENY_KERNELD_22" FriendlyName="Firewire kerneld\26ff8947acdb9dbfd1dbbf008b2963c6adcbe475333f673d760aa34fba8fe324 Hash Sha1" Hash="487415A5B11E4192197BA7C050BFD640A1CC3A96"/>
+    <Deny ID="ID_DENY_KERNELD_23" FriendlyName="Firewire kerneld\26ff8947acdb9dbfd1dbbf008b2963c6adcbe475333f673d760aa34fba8fe324 Hash Sha256" Hash="4DCEEAEE26DA51EC8C141518724F6999E81675B2BD48A6E59778E213718179AA"/>
+    <Deny ID="ID_DENY_KERNELD_24" FriendlyName="Firewire kerneld\27375351b4a723465f937866f0ffc86e8e612b093673ee25ccf0b7ea803f888f Hash Sha1" Hash="9D1B63802C57E117664F6ED2DD62EF669D15B80F"/>
+    <Deny ID="ID_DENY_KERNELD_25" FriendlyName="Firewire kerneld\27375351b4a723465f937866f0ffc86e8e612b093673ee25ccf0b7ea803f888f Hash Sha256" Hash="55083F54159FA4A451D9BE386D46515E38AB7A76BB4BAD37CC69060503F8522F"/>
+    <Deny ID="ID_DENY_KERNELD_26" FriendlyName="Firewire kerneld\2f4c2f50e8e742751e1373550f782866cb4698392e4fb7b25c20cef3a6385ea8 Hash Sha1" Hash="C1A554BBD08D3A815CEBD976890D581CA036CBF5"/>
+    <Deny ID="ID_DENY_KERNELD_27" FriendlyName="Firewire kerneld\2f4c2f50e8e742751e1373550f782866cb4698392e4fb7b25c20cef3a6385ea8 Hash Sha256" Hash="C407DBA11ADDD11595EDFEF0EEEBAFF2E06085106BD80ABBAE598886D4C7CD8F"/>
+    <Deny ID="ID_DENY_KERNELD_28" FriendlyName="Firewire kerneld\3277e4bfee77544ee2484b1eb5d9513227da5fe0bbd03491be589f9a5ac9781e Hash Sha1" Hash="42AC91C1D3A4C5CF76658DC7A2D6794DFD7ACA91"/>
+    <Deny ID="ID_DENY_KERNELD_29" FriendlyName="Firewire kerneld\3277e4bfee77544ee2484b1eb5d9513227da5fe0bbd03491be589f9a5ac9781e Hash Sha256" Hash="37F5947C8A24E643D69B7F3E0B34BCA523D6CA0326B974AA8F1E8F6134E96B32"/>
+    <Deny ID="ID_DENY_KERNELD_30" FriendlyName="Firewire kerneld\33bc9a17a0909e32a3ae7e6f089b7f050591dd6f3f7a8172575606bec01889ef Hash Sha1" Hash="8C0999041D3212BE1510A766DCC8B7F4B2401FCF"/>
+    <Deny ID="ID_DENY_KERNELD_31" FriendlyName="Firewire kerneld\33bc9a17a0909e32a3ae7e6f089b7f050591dd6f3f7a8172575606bec01889ef Hash Sha256" Hash="1126C9B043872383E5E0B1AC893DDF2238A2C130401627B259C81D98A3CEFEAE"/>
+    <Deny ID="ID_DENY_KERNELD_32" FriendlyName="Firewire kerneld\442f12adebf7cb166b19e8aead2b0440450fd1f33f5db384a39776bb2656474a Hash Sha1" Hash="69B0510AFA2625734AEAD94672F8DAF851685AC4"/>
+    <Deny ID="ID_DENY_KERNELD_33" FriendlyName="Firewire kerneld\442f12adebf7cb166b19e8aead2b0440450fd1f33f5db384a39776bb2656474a Hash Sha256" Hash="53E15B21CC69A554D4D61FFE531BE90364ED7B1BB64FC302D65EAA642C9FA60A"/>
+    <Deny ID="ID_DENY_KERNELD_34" FriendlyName="Firewire kerneld\486321368b19931fc96517e59626763dee321fc539a416917030cf481a715c13 Hash Sha1" Hash="09CCA5568854BF64EFCF5D9C3277779A51D57AC4"/>
+    <Deny ID="ID_DENY_KERNELD_35" FriendlyName="Firewire kerneld\486321368b19931fc96517e59626763dee321fc539a416917030cf481a715c13 Hash Sha256" Hash="473AE6A9E7128630B4335C9C082F3F55BE1528FBE75C3358933A70BC6285F462"/>
+    <Deny ID="ID_DENY_KERNELD_36" FriendlyName="Firewire kerneld\51f002ee44e46889cf5b99a724dd10cc2bd3e22545e2a2cb3bd6b1dd3af5ba11 Hash Sha1" Hash="ED0398CEA11D29382F23F3F2E2B7EDBD1DB4A30E"/>
+    <Deny ID="ID_DENY_KERNELD_37" FriendlyName="Firewire kerneld\51f002ee44e46889cf5b99a724dd10cc2bd3e22545e2a2cb3bd6b1dd3af5ba11 Hash Sha256" Hash="B7036CD12DC9E3550239310FD8FF4F14E4266BBD0DE3ABA7B087068A253B506B"/>
+    <Deny ID="ID_DENY_KERNELD_38" FriendlyName="Firewire kerneld\53b9e423baf946983d03ce309ec5e006ba18c9956dcd97c68a8b714d18c8ffcf Hash Sha1" Hash="072C44A91E17E74C0256446B893E856658565EA7"/>
+    <Deny ID="ID_DENY_KERNELD_39" FriendlyName="Firewire kerneld\53b9e423baf946983d03ce309ec5e006ba18c9956dcd97c68a8b714d18c8ffcf Hash Sha256" Hash="713C7A6532CBC952546C3B844ED529B5B285DC29E16036731CEEBC6F6431AE77"/>
+    <Deny ID="ID_DENY_KERNELD_40" FriendlyName="Firewire kerneld\582b62ffbcbcdd62c0fc624cdf106545af71078f1edfe1129401d64f3eefaa3a Hash Sha1" Hash="80A7975E89FF4211B26502D77A52539B2E9D2296"/>
+    <Deny ID="ID_DENY_KERNELD_41" FriendlyName="Firewire kerneld\582b62ffbcbcdd62c0fc624cdf106545af71078f1edfe1129401d64f3eefaa3a Hash Sha256" Hash="058AFE9E93DCC52E64FC0942B80A159B8617608C15462A7A17984DE3CC0B8D04"/>
+    <Deny ID="ID_DENY_KERNELD_42" FriendlyName="Firewire kerneld\6297556f66cd6619057f3a5b216b314f8a27eebb5fa575ee07a1944aca71ae80 Hash Sha1" Hash="3E8DAFE5DC14E00469F89272FF04A04070DBD472"/>
+    <Deny ID="ID_DENY_KERNELD_43" FriendlyName="Firewire kerneld\6297556f66cd6619057f3a5b216b314f8a27eebb5fa575ee07a1944aca71ae80 Hash Sha256" Hash="C3577EEB107DE6A0CDF6AC3EE75339F09FD0EB00B4D368BF841B6126AF7629A1"/>
+    <Deny ID="ID_DENY_KERNELD_44" FriendlyName="Firewire kerneld\680ddece32fe99f056e770cb08641f5b585550798dfdf723441a11364637c7e6 Hash Sha1" Hash="D26854AA9937DBD80394010B9AAC4EE38669F05F"/>
+    <Deny ID="ID_DENY_KERNELD_45" FriendlyName="Firewire kerneld\680ddece32fe99f056e770cb08641f5b585550798dfdf723441a11364637c7e6 Hash Sha256" Hash="5B63080BEAD00CAE92EFB917B7A707C6A2D6628A1E90301795617B45273F45E4"/>
+    <Deny ID="ID_DENY_KERNELD_46" FriendlyName="Firewire kerneld\6ef0b34649186fb98a7431b606e77ee35e755894b038755ba98e577bd51b2c72 Hash Sha1" Hash="CB6B9F4A6107F9CB4BADC05FD7C5F6B1E1D59CF6"/>
+    <Deny ID="ID_DENY_KERNELD_47" FriendlyName="Firewire kerneld\6ef0b34649186fb98a7431b606e77ee35e755894b038755ba98e577bd51b2c72 Hash Sha256" Hash="5FC66378FE68A380CCFAB3521657B38912CA1FE5A8D7C857F591E928AB0B4208"/>
+    <Deny ID="ID_DENY_KERNELD_48" FriendlyName="Firewire kerneld\748ccadb6bf6cdf4c5a5a1bb9950ee167d8b27c5817da71d38e2bc922ffce73d Hash Sha1" Hash="7299C5B3630E455E851E015DB5381768F3735EB6"/>
+    <Deny ID="ID_DENY_KERNELD_49" FriendlyName="Firewire kerneld\748ccadb6bf6cdf4c5a5a1bb9950ee167d8b27c5817da71d38e2bc922ffce73d Hash Sha256" Hash="43DC82FD548218F0E916687C997291C8056DFDCC5B5F5616833437F96D806A64"/>
+    <Deny ID="ID_DENY_KERNELD_50" FriendlyName="Firewire kerneld\7635cab17e17cc1004c9c4ad7cbaddbf94e8aaca3f820c837fb2af54254b3874 Hash Sha1" Hash="3E9FD7E337495C203B0380911B8227F89234EE31"/>
+    <Deny ID="ID_DENY_KERNELD_51" FriendlyName="Firewire kerneld\7635cab17e17cc1004c9c4ad7cbaddbf94e8aaca3f820c837fb2af54254b3874 Hash Sha256" Hash="E09F0271A56399E007E196D5A4996F18CDB6E1FC3D31522A3D75202762C323EC"/>
+    <Deny ID="ID_DENY_KERNELD_52" FriendlyName="Firewire kerneld\76940e313c27c7ff692051fbf1fbdec19c8c31a6723a9de7e15c3c1bec8186f6 Hash Sha1" Hash="EAFD6BE8F12AE5CE8AA3CD76F9F68EE69F4EB53C"/>
+    <Deny ID="ID_DENY_KERNELD_53" FriendlyName="Firewire kerneld\76940e313c27c7ff692051fbf1fbdec19c8c31a6723a9de7e15c3c1bec8186f6 Hash Sha256" Hash="4C80A2D3A0EF4CE0A3AEC62E9D15B50679DEC4CCCB69A5C0B72529641EBFA5F4"/>
+    <Deny ID="ID_DENY_KERNELD_54" FriendlyName="Firewire kerneld\789a18f7a16616c8bee092e271b70f9a8f5c2c62fe547f62044fc33a2c934074 Hash Sha1" Hash="DE75160CC5A56B7D6B793257550F9B89A70211FF"/>
+    <Deny ID="ID_DENY_KERNELD_55" FriendlyName="Firewire kerneld\789a18f7a16616c8bee092e271b70f9a8f5c2c62fe547f62044fc33a2c934074 Hash Sha256" Hash="ED994C4DA26E4679B7452AB46F49FECBA6FC1DBCD872C7670435380491A9E1AE"/>
+    <Deny ID="ID_DENY_KERNELD_56" FriendlyName="Firewire kerneld\895aeabfb01d068a2ff648d6d0eb608dcfda654c5bc2e83aa83293bc9ee84680 Hash Sha1" Hash="535DB8BBBC7B2E27A8B8182D22BE92CE1F9032BE"/>
+    <Deny ID="ID_DENY_KERNELD_57" FriendlyName="Firewire kerneld\895aeabfb01d068a2ff648d6d0eb608dcfda654c5bc2e83aa83293bc9ee84680 Hash Sha256" Hash="FEDB2ED607F70A42CA20690BEF9A109FF965F709AA185472CB5F67CE1B2E661B"/>
+    <Deny ID="ID_DENY_KERNELD_58" FriendlyName="Firewire kerneld\8edab185e765f9806fa57153db1ede00e68270d2351443ee1de30674eca8d9b6 Hash Sha1" Hash="E54E9D578562719CA86461FEC23BC9013CF8BAA1"/>
+    <Deny ID="ID_DENY_KERNELD_59" FriendlyName="Firewire kerneld\8edab185e765f9806fa57153db1ede00e68270d2351443ee1de30674eca8d9b6 Hash Sha256" Hash="FA4BE68F1EA1E36ACA95FD62B6727CF9D22886C2612391FAEB9C56A1C62C2EC9"/>
+    <Deny ID="ID_DENY_KERNELD_60" FriendlyName="Firewire kerneld\8f995a9fab401dbb5e474c4feffb00b8ae147d69de387d5b0daf5e3927e48be5 Hash Sha1" Hash="98480B175E7E895D88A8D80CB1CC97DD1D9A577C"/>
+    <Deny ID="ID_DENY_KERNELD_61" FriendlyName="Firewire kerneld\8f995a9fab401dbb5e474c4feffb00b8ae147d69de387d5b0daf5e3927e48be5 Hash Sha256" Hash="C07B22101A0AC44E43A279BC4A3BE8AFA742830A601A7A80F3176C2C7FACC432"/>
+    <Deny ID="ID_DENY_KERNELD_62" FriendlyName="Firewire kerneld\9aad1d3403ebe140a4eda10f70b63973114a14e9c329e79b79b574628150f1b7 Hash Sha1" Hash="2AFC4A063F25A55DE4E629003AA2D1227C393162"/>
+    <Deny ID="ID_DENY_KERNELD_63" FriendlyName="Firewire kerneld\9aad1d3403ebe140a4eda10f70b63973114a14e9c329e79b79b574628150f1b7 Hash Sha256" Hash="DDD6B3BFD46EB0B74726FD135196A6BE27D064FDBF0C2C410BB926C210A60AD6"/>
+    <Deny ID="ID_DENY_KERNELD_64" FriendlyName="Firewire kerneld\a188760f1bf36584a2720014ca982252c6bcd824e7619a98580e28be6090dccc Hash Sha1" Hash="413266463B3800A35C8FB3BDA1DABE38E5CCD452"/>
+    <Deny ID="ID_DENY_KERNELD_65" FriendlyName="Firewire kerneld\a188760f1bf36584a2720014ca982252c6bcd824e7619a98580e28be6090dccc Hash Sha256" Hash="36D8D27D2EE91C45502D3A6688AFC5C09B2B9776232074E65BD813A230EB37D1"/>
+    <Deny ID="ID_DENY_KERNELD_66" FriendlyName="Firewire kerneld\b1e4455499c6a90ba9a861120a015a6b6f17e64479462b869ad0f05edf6552de Hash Sha1" Hash="50C8857024E4BF57613D951932BBC3D890C839F6"/>
+    <Deny ID="ID_DENY_KERNELD_67" FriendlyName="Firewire kerneld\b1e4455499c6a90ba9a861120a015a6b6f17e64479462b869ad0f05edf6552de Hash Sha256" Hash="9FA699246D83356D7B4BD99ADF3C74F8E0682A650DE2687075E70418EE9D5E38"/>
+    <Deny ID="ID_DENY_KERNELD_68" FriendlyName="Firewire kerneld\bac7e75745d0cb8819de738b73edded02a07111587c4531383dccd4562922b65 Hash Sha1" Hash="C59BCD90CF7BF8999629BDF6F87DFE714D81BA2B"/>
+    <Deny ID="ID_DENY_KERNELD_69" FriendlyName="Firewire kerneld\bac7e75745d0cb8819de738b73edded02a07111587c4531383dccd4562922b65 Hash Sha256" Hash="9E855F9D5F5F4DC9420F34045DF5D2C70498468F076D873571FC62E4015E38D3"/>
+    <Deny ID="ID_DENY_KERNELD_70" FriendlyName="Firewire kerneld\bd3cf8b9af255b5d4735782d3653be38578ff5be18846b13d05867a6159aaa53 Hash Sha1" Hash="615360E669ACDF516E8164B41D92F0D17FF1B1D7"/>
+    <Deny ID="ID_DENY_KERNELD_71" FriendlyName="Firewire kerneld\bd3cf8b9af255b5d4735782d3653be38578ff5be18846b13d05867a6159aaa53 Hash Sha256" Hash="56135FB8D5D3ED93B38679CB0DEA9CC16ED7FDB0DB9659E40A5C2D82655ADA67"/>
+    <Deny ID="ID_DENY_KERNELD_72" FriendlyName="Firewire kerneld\cb59a641adb623a65a9b5af1db2ffd921fd1ca1bc046a6df85d5f2e00fd0b5a5 Hash Sha1" Hash="9B4812DC3FC74F1DC144B916003E4341DEF44446"/>
+    <Deny ID="ID_DENY_KERNELD_73" FriendlyName="Firewire kerneld\cb59a641adb623a65a9b5af1db2ffd921fd1ca1bc046a6df85d5f2e00fd0b5a5 Hash Sha256" Hash="2E190B58266D9F7CE9681B834B0C7E6AB06E1305AB9258D714212A0BAD58C0B4"/>
+    <Deny ID="ID_DENY_KERNELD_74" FriendlyName="Firewire kerneld\d330ab003206ce5e9828607562790aa8dd0453f6b7452f5c6053e3c6b6761d25 Hash Sha1" Hash="36AE0624E64979290CF6C643980AAE899BB10311"/>
+    <Deny ID="ID_DENY_KERNELD_75" FriendlyName="Firewire kerneld\d330ab003206ce5e9828607562790aa8dd0453f6b7452f5c6053e3c6b6761d25 Hash Sha256" Hash="8F69FA6128ACBAA8217454FF22EB7FB9BE1E841ED47116E7616749600B4BFC4D"/>
+    <Deny ID="ID_DENY_KERNELD_76" FriendlyName="Firewire kerneld\d3b5fd13a53eee5c468c8bfde4bfa7b968c761f9b781bb80ccd5637ee052ee7d Hash Sha1" Hash="D4933BD439B26DE02E70E2001913B0BCED6B5754"/>
+    <Deny ID="ID_DENY_KERNELD_77" FriendlyName="Firewire kerneld\d3b5fd13a53eee5c468c8bfde4bfa7b968c761f9b781bb80ccd5637ee052ee7d Hash Sha256" Hash="93CDC6E885459D95D5E9D6B2EE979E5CAD44AF1F57BCA3947D594847CFBD5829"/>
+    <Deny ID="ID_DENY_KERNELD_78" FriendlyName="Firewire kerneld\db0d425708ba908aedf5f8762d6fdca7636ae3a537372889446176c0237a2836 Hash Sha1" Hash="BD280953877C65EEA79DE5A3EDC1961B650E7C76"/>
+    <Deny ID="ID_DENY_KERNELD_79" FriendlyName="Firewire kerneld\db0d425708ba908aedf5f8762d6fdca7636ae3a537372889446176c0237a2836 Hash Sha256" Hash="D9674A1364FDE6B5E7FB1770BDEBB8DB7DE8E15F3C976E5C5102775C95452967"/>
+    <Deny ID="ID_DENY_KERNELD_80" FriendlyName="Firewire kerneld\dfe57c6a4ef4d2491be325d67428698a61d9c5d2a24dbada10043d313be2c8cc Hash Sha1" Hash="0D67D6C7EB3DC1555FAAD8B09B60D03E3EC10D6D"/>
+    <Deny ID="ID_DENY_KERNELD_81" FriendlyName="Firewire kerneld\dfe57c6a4ef4d2491be325d67428698a61d9c5d2a24dbada10043d313be2c8cc Hash Sha256" Hash="FE9C104A3BB9184A8F792F3F8A3E90D83B9F19CF83CD93D116B02E17F54D727D"/>
+    <Deny ID="ID_DENY_KERNELD_82" FriendlyName="Firewire kerneld\e9919d1546c7dfef62ff01b87f739812de0a57463611c12012013ae689023ce1 Hash Sha1" Hash="EB54C8926BDB26A17E195D13839B7D250451C66E"/>
+    <Deny ID="ID_DENY_KERNELD_83" FriendlyName="Firewire kerneld\e9919d1546c7dfef62ff01b87f739812de0a57463611c12012013ae689023ce1 Hash Sha256" Hash="6F3A182BBEBA28DD15E1AD52041B8B32670651686697224CAD821A334A8600DA"/>
     <Deny ID="ID_DENY_LGCORETEMP_1" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Sha1" Hash="BF20C99129A768B3D2D5C621AB50375984AB9351" />
     <Deny ID="ID_DENY_LGCORETEMP_2" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Sha256" Hash="9C4DB6EE983FD4FA74F8212031ADE343A1B9ABDB258D05BEF1AABD7AB49FBC16" />
     <Deny ID="ID_DENY_LGCORETEMP_3" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Page Sha1" Hash="4DD5A5D9B4AF0708902DF52C6C42921DE296CC21" />
@@ -1080,6 +1200,11 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_PCHUNTER_4" FriendlyName="PCHunter.sys\3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc Hash Sha256" Hash="81B772E718E40E8D1D815CB3B16690C1EBD4E0BC555933DB306037CC3341537F" />
     <Deny ID="ID_DENY_PCHUNTER_5" FriendlyName="PCHunter.sys\3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc Hash Page Sha1" Hash="522BAC5667E523039DED356D81655594824F7516" />
     <Deny ID="ID_DENY_PCHUNTER_6" FriendlyName="PCHunter.sys\3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc Hash Page Sha256" Hash="845685B9E1AAA3BEF9512BC8E13842D0F05D3958B43EC74C84DE412FC1CB6A80" />
+    <Deny ID="ID_DENY_PDFWKKRNL_1" FriendlyName="AMD PDFWKRNL.sys\f501dd79e0b49ab76bd8d43a79da292c5224fa2b" Hash="531AE2D8F7AA301B74A37B82B5F3CADBF91962E0"/>
+    <Deny ID="ID_DENY_PDFWKKRNL_2" FriendlyName="AMD PDFWKRNL.sys\2b29b91f9f63b65e8f0ec30442a89c9304b9eefa" Hash="57612842EFBCA98673E68CDBE0461D341379BFC8"/>
+    <Deny ID="ID_DENY_PDFWKKRNL_3" FriendlyName="AMD PDFWKRNL.sys\57612842efbca98673e68cdbe0461d341379bfc8" Hash="2B29B91F9F63B65E8F0EC30442A89C9304B9EEFA"/>
+    <Deny ID="ID_DENY_PDFWKKRNL_4" FriendlyName="AMD PDFWKRNL.sys\531ae2d8f7aa301b74a37b82b5f3cadbf91962e0" Hash="F501DD79E0B49AB76BD8D43A79DA292C5224FA2B"/>
+    <Deny ID="ID_DENY_PDFWKKRNL_5" FriendlyName="AMD PDFWKRNL.sys\0cf84400c09582ee2911a5b1582332c992d1cd29fcf811cb1dc00fcd61757db0" Hash="6370C82C2DBDF93608CCCB88D78468EDEB27F5D08F9ED0BAF161842C0751F6A4"/>
     <Deny ID="ID_DENY_PIDDRV_SHA1" FriendlyName="piddrv.sys Hash Sha1" Hash="877C6C36A155109888FE1F9797B93CB30B4957EF" />
     <Deny ID="ID_DENY_PIDDRV_SHA256" FriendlyName="piddrv.sys Hash Sha256" Hash="4E19D4CE649C28DD947424483796BEACE3656284FB0379D97DDDD320AA602BBC" />
     <Deny ID="ID_DENY_PIDDRV_SHA1_PAGE" FriendlyName="piddrv.sys Hash Page Sha1" Hash="A7D827A41B2C4B7638495CD1D77926F1BA902978" />
@@ -1098,6 +1223,22 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_PHYMEMX64_SHA256" FriendlyName="phymemx64 Hash Sha256" Hash="A6AE7364FD188C10D6B5A729A7FF58A3EB11E7FEB0D107D18F9133655C11FB66" />
     <Deny ID="ID_DENY_PHYMEMX64_SHA1_PAGE" FriendlyName="phymemx64 Hash Page Sha1" Hash="6E7D8ABF7F81A2433F27B052B3952EFC4B9CC0B1" />
     <Deny ID="ID_DENY_PHYMEMX64_SHA256_PAGE" FriendlyName="phymemx64 Hash Page Sha256" Hash="B7113B9A68E17428E2107B19BA099571AAFFC854B8FB9CBCEB79EF9E3FD1CC62" />
+    <Deny ID="ID_DENY_PHYMEM_1" FriendlyName="Shenzhen Moyea Phymem.sys\0b9a7449bade14983a7520f2d57448823b85a22074ddb48f0e47b9c5442da68b Hash Sha1" Hash="FE33614CBED9E4E1E983EC1B623A49E96A7450E9"/>
+    <Deny ID="ID_DENY_PHYMEM_2" FriendlyName="Shenzhen Moyea Phymem.sys\0b9a7449bade14983a7520f2d57448823b85a22074ddb48f0e47b9c5442da68b Hash Sha256" Hash="C54EAAF808BBB641768CF4ADA4E541C38ABF1D0DBF0908E2AB9EA5222D1D2765"/>
+    <Deny ID="ID_DENY_PHYMEM_3" FriendlyName="Shenzhen Moyea Phymem.sys\0b9a7449bade14983a7520f2d57448823b85a22074ddb48f0e47b9c5442da68b Hash Page Sha1" Hash="27D744CBED18650A4AF79A7F8BAD6976EFE9A334"/>
+    <Deny ID="ID_DENY_PHYMEM_4" FriendlyName="Shenzhen Moyea Phymem.sys\0b9a7449bade14983a7520f2d57448823b85a22074ddb48f0e47b9c5442da68b Hash Page Sha256" Hash="FFD275C952825F10C68EC2DD224B63B4AAE99BFBFB62193B5AA2E9FFA466F8C7"/>
+    <Deny ID="ID_DENY_PHYMEM_5" FriendlyName="Shenzhen Moyea Phymem.sys\0f6801af54ff8bf9a2e1f61bf5cbaeed199af5ec868bfb25859f99aa45d885f0 Hash Sha1" Hash="16409678C2ABAE1C96BE43CF110B5AC3B4745148"/>
+    <Deny ID="ID_DENY_PHYMEM_6" FriendlyName="Shenzhen Moyea Phymem.sys\0f6801af54ff8bf9a2e1f61bf5cbaeed199af5ec868bfb25859f99aa45d885f0 Hash Sha256" Hash="364F2408044875A5C13CDB2DD84837F86068FF38EA64A09C676D14591AF8DFC4"/>
+    <Deny ID="ID_DENY_PHYMEM_7" FriendlyName="Shenzhen Moyea Phymem.sys\0f6801af54ff8bf9a2e1f61bf5cbaeed199af5ec868bfb25859f99aa45d885f0 Hash Page Sha1" Hash="C2915601F22F12FE8446BCE3BEA44A68D5D55AB5"/>
+    <Deny ID="ID_DENY_PHYMEM_8" FriendlyName="Shenzhen Moyea Phymem.sys\0f6801af54ff8bf9a2e1f61bf5cbaeed199af5ec868bfb25859f99aa45d885f0 Hash Page Sha256" Hash="019842073B17EB11F0A48269D330F0D8608343AE5A30F2A414394ECF85F542F0"/>
+    <Deny ID="ID_DENY_PHYMEM_9" FriendlyName="Shenzhen Moyea Phymem.sys\4ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28 Hash Sha1" Hash="85F0AC83889DF6D3FEB439FE2026CE3A7968E263"/>
+    <Deny ID="ID_DENY_PHYMEM_10" FriendlyName="Shenzhen Moyea Phymem.sys\4ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28 Hash Sha256" Hash="D6CB3418C1A512AEF6B15586BF5234689D4E471E854103A72D80A8597D263403"/>
+    <Deny ID="ID_DENY_PHYMEM_11" FriendlyName="Shenzhen Moyea Phymem.sys\4ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28 Hash Page Sha1" Hash="242E750DCD7C0516F7562F4B24289D88920E686A"/>
+    <Deny ID="ID_DENY_PHYMEM_12" FriendlyName="Shenzhen Moyea Phymem.sys\4ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28 Hash Page Sha256" Hash="5D14654B4DD2B5D90D5314AC43A1458FE119D75DE4201C7407A4EC2A90FB2131"/>
+    <Deny ID="ID_DENY_PHYMEM_13" FriendlyName="Shenzhen Moyea Phymem.sys\d64478376497107c15d948c2d3c86c48bc45833001c6b5c51de05862de57bb02 Hash Sha1" Hash="7654321C759EAD1DB0D0D1378D9457F7006AE38F"/>
+    <Deny ID="ID_DENY_PHYMEM_14" FriendlyName="Shenzhen Moyea Phymem.sys\d64478376497107c15d948c2d3c86c48bc45833001c6b5c51de05862de57bb02 Hash Sha256" Hash="0E8BF78808E3A25C4E45FEB4B6A2EF98DB1E485A623DCF32DBA3D31CE19E73A6"/>
+    <Deny ID="ID_DENY_PHYMEM_15" FriendlyName="Shenzhen Moyea Phymem.sys\d64478376497107c15d948c2d3c86c48bc45833001c6b5c51de05862de57bb02 Hash Page Sha1" Hash="BD2DBD536F80AE318ABD51AF0892ED1AABAF96CB"/>
+    <Deny ID="ID_DENY_PHYMEM_16" FriendlyName="Shenzhen Moyea Phymem.sys\d64478376497107c15d948c2d3c86c48bc45833001c6b5c51de05862de57bb02 Hash Page Sha256" Hash="0414AEF58A86751CE8E53C80F65A8337B27CAE720E1FCFB50E1D8736CDF7530B"/>
     <Deny ID="ID_DENY_QMBSEC_0" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Sha1" Hash="129ABA97A7EB768AE0ED28D0C9A496F3C60DB314" />
     <Deny ID="ID_DENY_QMBSEC_1" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Sha256" Hash="AF55DE92D14CF69D19B2FCB6DB4FBE272C2E04E5F62F7519BD368C173A05CE1F" />
     <Deny ID="ID_DENY_QMBSEC_2" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Page Sha1" Hash="416895E001A9C3721999048941CD9B79BB9BF9BB" />
@@ -1362,6 +1503,25 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_SEPDRV3_38" FriendlyName="sepdrv3.sys\f7cb042aaddd24d867c2ac3a5386d736be91f65c47752fef7e93ce4c0e2b8e1e Hash Sha256" Hash="5C421BB2DC2B155FB8DEFF8A5E7E09D903341C729A27B509A8CDBBB54D8352C9"/>
     <Deny ID="ID_DENY_SEPDRV3_39" FriendlyName="sepdrv3.sys\f7cb042aaddd24d867c2ac3a5386d736be91f65c47752fef7e93ce4c0e2b8e1e Hash Page Sha1" Hash="A79BB06F44FA71D9D08E9A94C9B2E1ED522A5F78"/>
     <Deny ID="ID_DENY_SEPDRV3_40" FriendlyName="sepdrv3.sys\f7cb042aaddd24d867c2ac3a5386d736be91f65c47752fef7e93ce4c0e2b8e1e Hash Page Sha256" Hash="F1C7B0C250297DD5BC5D5B75E3DB77FCE5E2F2AF93B7C3CC78BAE4608BD505CE"/>
+    <Deny ID="ID_DENY_SKILLER_1"  FriendlyName="ITM s4killer\1ae892a9d98d5bbe1cacc1b5aaf224c333db985ddb621d75421df647a0765a4f Hash Sha1" Hash="E644BFF3D34CE9C35EFAECD9E3EBF1F91BD775D8"/>
+    <Deny ID="ID_DENY_SKILLER_2"  FriendlyName="ITM s4killer\1ae892a9d98d5bbe1cacc1b5aaf224c333db985ddb621d75421df647a0765a4f Hash Sha256" Hash="A722C5A31926B689A9A23B5013B3120251080185F901CAB92E6B949F0FF11D0A"/>
+    <Deny ID="ID_DENY_SKILLER_3"  FriendlyName="ITM s4killer\8ed196199d309818f5eec25b083661c539b62cd4dc0f86b44561ea30acc65914 Hash Sha1" Hash="AE2213CA1A49FD10EAFA2E2A8B6B1246EA297D66"/>
+    <Deny ID="ID_DENY_SKILLER_4"  FriendlyName="ITM s4killer\8ed196199d309818f5eec25b083661c539b62cd4dc0f86b44561ea30acc65914 Hash Sha256" Hash="76D08CBB74FBA3F10A3F016BABFA1F55BDB2EDA6ECE65E42A537F727FCEAF57E"/>
+    <Deny ID="ID_DENY_SKILLER_5"  FriendlyName="ITM s4killer\91daa81e50b365589629afa1ac05117db111f659ccc344d3314844048ce6060b Hash Sha1" Hash="FE581D46E44DE02058F8EEFE64D02DD6CB11B831"/>
+    <Deny ID="ID_DENY_SKILLER_6"  FriendlyName="ITM s4killer\91daa81e50b365589629afa1ac05117db111f659ccc344d3314844048ce6060b Hash Sha256" Hash="3100135C9ED830967C4E27571FD1932E9406A18FFE7583E4AA2BA6CBD983DC36"/>
+    <Deny ID="ID_DENY_SKILLER_7"  FriendlyName="ITM s4killer\cf1a78df830218f8e675ffd1467b53534a0b514cda9aef0f227ce210c93e1651 Hash Sha1" Hash="8F4807176AAD4D49343D59D796DF7658845C8E0A"/>
+    <Deny ID="ID_DENY_SKILLER_8"  FriendlyName="ITM s4killer\cf1a78df830218f8e675ffd1467b53534a0b514cda9aef0f227ce210c93e1651 Hash Sha256" Hash="858A7F4669C52E517EF4E42A33ED930584FF1784D82C2F1584FE539B881E3EAE"/>
+    <Deny ID="ID_DENY_SKILLER_9"  FriendlyName="ITM s4killer\cf1a78df830218f8e675ffd1467b53534a0b514cda9aef0f227ce210c93e1651 Hash Page Sha1" Hash="B53A726F0EBA9A99D738BB82BC68366360C74886"/>
+    <Deny ID="ID_DENY_SKILLER_10" FriendlyName="ITM s4killer\cf1a78df830218f8e675ffd1467b53534a0b514cda9aef0f227ce210c93e1651 Hash Page Sha256" Hash="AB56A57357B6E7B332E6EAC9C4C4FB1CBB2047C8C7407FF06B9765256C01A729"/>
+    <Deny ID="ID_DENY_SKILLER_11" FriendlyName="ITM s4killer\deeedd90afd35fe4bd5ff919ab860b60f8c5d6145a8fbd1c20ee0df1c8cf4543 Hash Sha1" Hash="74E8E4DCED7420FD6E86EF881945FB4B740B82E7"/>
+    <Deny ID="ID_DENY_SKILLER_12" FriendlyName="ITM s4killer\deeedd90afd35fe4bd5ff919ab860b60f8c5d6145a8fbd1c20ee0df1c8cf4543 Hash Sha256" Hash="D18579387A58FA5EBB8857D36607F693F5E1BE89FF46077FBF60134F7C8EF46B"/>
+    <Deny ID="ID_DENY_SSPORT_1" FriendlyName="HP SSPORT.sys\725d4445c65e1bf94c9fc8f07961512a8ad22628515bfa789b321a3169e0b65a" Hash="FA73C9D8168115BD47BFD986E033990FF9013CBCC1108029A91F8A51C389CA4F" />
+    <Deny ID="ID_DENY_SSPORT_2" FriendlyName="HP SSPORT.sys\b753e00cffcca9127f40a837cacda8cee4085d33548380fc73a9c5cddc20489a" Hash="3F41061B68B38C8875745A060CF8BCF23ACBF516" />
+    <Deny ID="ID_DENY_SSPORT_3" FriendlyName="HP SSPORT.sys\b7ddfe870f76851a7dee6687d1ef48fb70e52b400ffe950021d58c2ad9e51959" Hash="4699358C07254323C07157C70E4B14806227A395" />
+    <Deny ID="ID_DENY_SSPORT_4" FriendlyName="HP SSPORT.sys\09e863170e546b5889ad02f1effecf6ec8ea0a99d02878548c0415e460618c88" Hash="710639FD1EB76520E8733840AD78A81E09CE03930E4D3C47998E3162AE95F90E" />
+    <Deny ID="ID_DENY_SSPORT_5" FriendlyName="HP SSPORT.sys\b3ea41eabb11e18413e48fe1f7fef37635a464848385f90f7a28498d144bee46" Hash="1F4697312573A56E326E53A48CC8CE3F947A2008" />
+    <Deny ID="ID_DENY_SSPORT_6" FriendlyName="HP SSPORT.sys\83a3159aded44712ae5413743631abe387192edf84f33cdae623c5d94f2ffb01" Hash="29D1618F3FCAC4CB7C4E320B6930753ACFC6DA097C52F834C74AA82E13BC678A" />
+    <Deny ID="ID_DENY_SSPORT_7" FriendlyName="HP SSPORT.sys" Hash="C5CF67ADD571B2BB339C3B42A7512BA801D64E27" />
     <Deny ID="ID_DENY_SUPERBMC_2" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Sha1" Hash="989BDDC6B7076947277AB6EB7F002AB6731AAEAE" />
     <Deny ID="ID_DENY_SUPERBMC_3" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Sha256" Hash="5147B0F2CA9D0BDE1F9FCEB382C05F7FA9C333709D7BF081D6C00A4132D914AF" />
     <Deny ID="ID_DENY_SUPERBMC_4" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Page Sha1" Hash="4378B656A1C94CD885323B6D6E36038E8522E6CC" />
@@ -1424,6 +1584,10 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_WFSHBR_2" FriendlyName="HyperTech wfshbr64\89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3 Hash Sha256" Hash="D16A59CD7C52D1D32BB43670CDCA739AADB19BA15996BAC62071845E1BFBDB95"/>
     <Deny ID="ID_DENY_WFSHBR_3" FriendlyName="HyperTech wfshbr64\89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3 Hash Page Sha1" Hash="59621ADDE6C6353397F1D7E5C1F8A887AC9931E6"/>
     <Deny ID="ID_DENY_WFSHBR_4" FriendlyName="HyperTech wfshbr64\89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3 Hash Page Sha256" Hash="C374004CD00D779F028638E03F611C270FCA020AA413BE9BB6852E875B848E42"/>
+    <Deny ID="ID_DENY_WFSHBR_5" FriendlyName="HyperTech wfshbr64\b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c Hash Sha1" Hash="47063AA084976104D928E2B0F4F4B800ADB22C89"/>
+    <Deny ID="ID_DENY_WFSHBR_6" FriendlyName="HyperTech wfshbr64\b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c Hash Sha256" Hash="B0399DD3C395F84CBD6AC2E3E8CA8EE344A0F699B17DB0624F936AE4BB4B7953"/>
+    <Deny ID="ID_DENY_WFSHBR_7" FriendlyName="HyperTech wfshbr64\b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c Hash Page Sha1" Hash="96AAD2F7A8DCDCB251DA5B3919F1D52CB62A33F6"/>
+    <Deny ID="ID_DENY_WFSHBR_8" FriendlyName="HyperTech wfshbr64\b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c Hash Page Sha256" Hash="9FF73C44B544611E2C0D75DD344A83A50DBA913E0502ABCC5FED493E0423C03D"/>
     <Deny ID="ID_DENY_WINIO_1" FriendlyName="PartnerTech WinIo64A.sys\0c74d09da7baf7c05360346e4c3512d0cd433d59 Hash Sha1" Hash="0C74D09DA7BAF7C05360346E4C3512D0CD433D59" />
     <Deny ID="ID_DENY_WINIO_2" FriendlyName="PartnerTech WinIo64B.sys\f18e669127c041431cde8f2d03b15cfc20696056 Hash Sha1" Hash="F18E669127C041431CDE8F2D03B15CFC20696056" />
     <Deny ID="ID_DENY_WINIO_3" FriendlyName="PartnerTech WinIO32B.sys\f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f Hash Sha1" Hash="F1C8C3926D0370459A1B7F0CF3D17B22FF9D0C7F" />
@@ -1508,10 +1672,39 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Deny ID="ID_DENY_WINIO_82" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Sha256" Hash="2EBB1FE5DCEF9EC8629D56D30DDBA27D112C2CBFCED936D235FCDF078846DDC6" />
     <Deny ID="ID_DENY_WINIO_83" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Page Sha1" Hash="929749666A53B35CC75A21B19C65E54671CC751E" />
     <Deny ID="ID_DENY_WINIO_84" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Page Sha256" Hash="C39AB8DC5E4DA02FA2309B83FF4FDF63AEF20F33018DFDEFB7B0B12B92CFE86E" />
+    <Deny ID="ID_DENY_WINKERNEXP_1" FriendlyName="WindowsKernelExplorer.sys\455ff5274fbdd19ce1da6fc6725a00752761998759c6bacb9713081f613c1752 Hash Sha1" Hash="15FCE83F9801C003C6C44CEE42738BCCB971D320"/>
+    <Deny ID="ID_DENY_WINKERNEXP_2" FriendlyName="WindowsKernelExplorer.sys\455ff5274fbdd19ce1da6fc6725a00752761998759c6bacb9713081f613c1752 Hash Sha256" Hash="455FF5274FBDD19CE1DA6FC6725A00752761998759C6BACB9713081F613C1752"/>
+    <Deny ID="ID_DENY_WINKERNEXP_3" FriendlyName="WindowsKernelExplorer.sys\cee56287a33602d453b6760d1e19081ada0ba9c70becb430512b6e1669dcfff9 Hash Sha1" Hash="7C67D25F68B04CF10CF609858E0D254752BD96B6"/>
+    <Deny ID="ID_DENY_WINKERNEXP_4" FriendlyName="WindowsKernelExplorer.sys\cee56287a33602d453b6760d1e19081ada0ba9c70becb430512b6e1669dcfff9 Hash Sha256" Hash="CEE56287A33602D453B6760D1E19081ADA0BA9C70BECB430512B6E1669DCFFF9"/>
     <Deny ID="ID_DENY_WINRING0_SHA1" FriendlyName="WinRing0.sys Hash Sha1" Hash="12EB825418A932B1E4C6697DC7647E89AE52CF3F" />
     <Deny ID="ID_DENY_WINRING0_SHA256" FriendlyName="WinRing0.sys Hash Sha256" Hash="4582ADB2E67EEBAFF755AE740C1F24BC3AF78E0F28E8E8DECB99F86BF155AB23" />
     <Deny ID="ID_DENY_WINRING0_SHA1_PAGE" FriendlyName="WinRing0.sys Hash Page Sha1" Hash="497AFEB0D5B97D4B863704A2F77FFEF31220402D" />
     <Deny ID="ID_DENY_WINRING0_SHA256_PAGE" FriendlyName="WinRing0.sys Hash Page Sha256" Hash="8D8A5696BDF11D2427016F91F9726AFF4F0C80FADBC3E6033662FA11C8B282BD" />
+    <Deny ID="ID_DENY_WINRING_1" FriendlyName="WinRing0x64.sys\94bccd8dcad88b96d3b2c36b72bd818ec05ed518bf3b73a0a3e9b4f8bf2d31b8" Hash="D37F01A47B9FABD64DABFD5C9C33BC057B0BDA38" />
+    <Deny ID="ID_DENY_WINRING_2" FriendlyName="WinRing0_1_2_2.sys\82b30461dbf40ac15fce6a83b9bad2ebd05b27dea1b784eaa096422fe8927b7b" Hash="7812103DCD0CFAE434003D17B1B3579BDC4C6F4D" />
+    <Deny ID="ID_DENY_WINRING_3" FriendlyName="WinRing0x64.sys\14d00976162a5d3238d183704fd84b50c3c5dcc762cab3c8adb5faf0a3caab99" Hash="ECF58FD2AD36E4D1462F7F9C697EA73E94F5160953CA0B5C34076786C8EFC745" />
+    <Deny ID="ID_DENY_WINRING_4" FriendlyName="WinRing0x64.sys\53d025d0405d740b9de824b76d963f662b81ec1ae2f83a21d1b1697cede7ba5f" Hash="50A6984729650CD8019484E6F19BC63CD4615199031E873C2093CDD6FB86EE14" />
+    <Deny ID="ID_DENY_WINRING_5" FriendlyName="WinRing0.sys\489c0e3a8d70037eba46810c0d1c93a10e2796d809eb35023e5977d6902cb744" Hash="46A02C4A9E9FD3700544FF7053EF6B599F7145CBBED25380269AF35A1DC35A05" />
+    <Deny ID="ID_DENY_WINRING_6" FriendlyName="WinRing0x64.sys\47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84" Hash="DFE2533A4398D67DFC722EB8D9F8FFA3A823A721" />
+    <Deny ID="ID_DENY_WINRING_7" FriendlyName="iFlyWinRing0x64.sys\e1d11927370965dbd769f9270876a3b6839631d9b523c7a26d9de7761279f008" Hash="EE3978956EE43C94275380B87A5D2D19D30B6E610046CFA1713E4B1AB584C494" />
+    <Deny ID="ID_DENY_WINRING_8" FriendlyName="WinRing0.sys\a3e3cdbd8c781960a77efb5655a6b7c3bac8d5926aaf687108a57d99b78538fc" Hash="0FFFCEE9A0270A8160B48885799D2AC099F2E4EE915D3FC3302786E7B83A9429" />
+    <Deny ID="ID_DENY_WINRING_9" FriendlyName="WinRing0x64.sys\2292fd8d30074e5214f408a98f868a1b97d4dd8959778f20f63820d919a33904" Hash="CCAA219D9202DFCF9DEE84B84965BFBF30FCBB08" />
+    <Deny ID="ID_DENY_WINRING_10" FriendlyName="WinRing0.sys\9093340be0ab932fa49edd81e9da50914af3e095059908137c49dee991283b81" Hash="9BDEB996A1E1AF86E57876BA285EB9B1DA9A0727310B600BA40285B0D46F653C" />
+    <Deny ID="ID_DENY_WINRING_11" FriendlyName="WinRing0.Sys\4448beff8366e42e3393e8c7f8261aee0b0340356c31aa3b97de07452ae01888" Hash="F34E7C9531FB388DDE79FDEC38C086EE9D247B98D6C5D391292CD528B59DF304" />
+    <Deny ID="ID_DENY_WINRING_12" FriendlyName="WinRing0.sys\b88fbe1ca78c07ef2be388e0db4255aa9b7d5661eaa7f3ff2651710133b08fb3" Hash="F67EC92B55FFF3A5F163D125E232ADCF4796DE88CD0C66D69EE2D1765EA24CD3" />
+    <Deny ID="ID_DENY_WINRING_13" FriendlyName="iFlyWinRing0x64.sys\09d8bc4e499e895fe55648381ce1c46879b45c1f1e3db3f4ed5937475372bc58" Hash="4B811F476C57151A7D19392267E89A412BFF7F1B" />
+    <Deny ID="ID_DENY_WINRING_14" FriendlyName="WinRing0x64.sys\ebd797feaf27210fc4edc042f33fe01bbfa7a8ffaafe0a62116e8205d8bc0c48" Hash="1B845E5E43CE9E9B645AC198549E81F45C08197AAD69708D96CDB9A719EB0E29" />
+    <Deny ID="ID_DENY_WINRING_15" FriendlyName="WinRing0a64.sys\de288e320bc3d20b4782678678a95ce93d0244b8be87a2797b0a7419b99ab62c" Hash="6E981BD0B57C0CE10F8CBB5ABA07AA355F8934D80E1CED56050A39CE2577BA27" />
+    <Deny ID="ID_DENY_WINRING_16" FriendlyName="WinRing0x64.sys\7a54ddc926565478ce14d813cedbbbcadcb469c5" Hash="7A54DDC926565478CE14D813CEDBBBCADCB469C5" />
+    <Deny ID="ID_DENY_WINRING_17" FriendlyName="WinRing0x64.sys\76290da6a4b67494054a967231d8593bcc8db3f68b96f599680bbdc4aa2fcee0" Hash="4E97FA90EB31873322BE3F7BB054E847B00644B3" />
+    <Deny ID="ID_DENY_WINRING_18" FriendlyName="WinRing0a64.sys\de288e320bc3d20b4782678678a95ce93d0244b8be87a2797b0a7419b99ab62c" Hash="00D6B2D6CBA664BFA87C3BA1AA2FFE0A2A7A2D0A6937D100CE616527A24A9941" />
+    <Deny ID="ID_DENY_WINRING_19" FriendlyName="WinRing0x64.sys\ec844953cca50e1d2c86b46a93f295165a9e745145ceb0ebb21f54f2093bb21f" Hash="EC844953CCA50E1D2C86B46A93F295165A9E745145CEB0EBB21F54F2093BB21F" />
+    <Deny ID="ID_DENY_WINRING_20" FriendlyName="WinRing0a64.sys\3135ec80fcfb32d2482b1d93d131b611b71765cd3657de615a5bcf73e3bb46b0" Hash="3135EC80FCFB32D2482B1D93D131B611B71765CD3657DE615A5BCF73E3BB46B0" />
+    <Deny ID="ID_DENY_WINRING_21" FriendlyName="WinRing0.Sys\4448beff8366e42e3393e8c7f8261aee0b0340356c31aa3b97de07452ae01888" Hash="F4C9AC5097061FB71B009B46ABC6E91F608286F9" />
+    <Deny ID="ID_DENY_WINRING_22" FriendlyName="WinRing0.sys\fe9f25312476056f7c7b731eedc468581cb3224c0b9a4e23e0723a906977f874" Hash="85308B41E41B9C57F2DC2AF718DCAD1EAA77A1BA" />
+    <Deny ID="ID_DENY_WINRING_23" FriendlyName="WinRing0.sys\32df55a6f917c549b1bf7b73a94c7386012265e87992ee065161a0a51e35ae57" Hash="CD19C1C9629F9E8AC8B64B52242A925171522894" />
+    <Deny ID="ID_DENY_WINRING_24" FriendlyName="WinRing0.sys\32df55a6f917c549b1bf7b73a94c7386012265e87992ee065161a0a51e35ae57 " Hash="49A1FD9D7B7EB4713210EC04C216A4153EF8E34D74DF11DA42426F2422F04EC3" />
+    <Deny ID="ID_DENY_WINRING_25" FriendlyName="WinRing0x64.sys\394a34adfb3dcc2ab37fead7592a25531d625582cebe6fa687913d8900e79b76" Hash="394A34ADFB3DCC2AB37FEAD7592A25531D625582CEBE6FA687913D8900E79B76" />
     <!-- Deny and FileAttrib rules specifying FileName should always specify MinimumFileVersion and MaximumFileVersion. SiPolicy checks matches minVer <= ver && maxVer >= ver-->
     <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.65535.65535" />
     <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
@@ -1527,6 +1720,17 @@ The following recommended blocklist xml policy file can also be downloaded from
     <FileAttrib ID="ID_FILEATTRIB_ALSYSIO" FriendlyName="ALSysIO\01af9b2e49907308312be623a125a4cd71da9e626a54dfa746336e5d69c0a70a FileAttribute" FileName="ALSysIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.10.65535" />
     <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_AMDPP" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_AODDRIVER_1" FriendlyName="AMD AODDriver\070ff602cccaaef9e2b094e03983fd7f1bf0c0326612eb76593eabbf1bda9103 FileAttribute" FileName="AODDriver2.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_AODDRIVER_2" FriendlyName="AMD AODDriver\3c11dec1571253594d64619d8efc8c0212897be84a75a8646c578e665f58bf5d FileAttribute" FileName="AODDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_APPID_1" FriendlyName="MS Windows appid.sys WS23H2 FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.22632.0" MaximumFileVersion="10.0.25398.708"  />
+    <FileAttrib ID="ID_FILEATTRIB_APPID_2" FriendlyName="MS Windows appid.sys 23H2   FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.22622.0" MaximumFileVersion="10.0.22631.3154" />
+    <FileAttrib ID="ID_FILEATTRIB_APPID_3" FriendlyName="MS Windows appid.sys 22H2   FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.22001.0" MaximumFileVersion="10.0.22621.3154" />
+    <FileAttrib ID="ID_FILEATTRIB_APPID_4" FriendlyName="MS Windows appid.sys 21H2   FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.20349.0" MaximumFileVersion="10.0.22000.2776" />
+    <FileAttrib ID="ID_FILEATTRIB_APPID_5" FriendlyName="MS Windows appid.sys WS2022 FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.19046.0" MaximumFileVersion="10.0.20348.2321" />
+    <FileAttrib ID="ID_FILEATTRIB_APPID_6" FriendlyName="MS Windows appid.sys 21H2   FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.19045.0" MaximumFileVersion="10.0.19045.4045" />
+    <FileAttrib ID="ID_FILEATTRIB_APPID_7" FriendlyName="MS Windows appid.sys 21H1   FileAttribute" FileName="appid.sys" MinimumFileVersion="10.0.19044.0" MaximumFileVersion="10.0.19044.4045" />
+    <!-- Safe to exclude all versions < RS5/WS2019 as the blocklist was only introduced in RS5 -->
+    <FileAttrib ID="ID_FILEATTRIB_APPID_8" FriendlyName="MS Windows appid.sys WS2019 FileAttribute" FileName="appid.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.17763.5457" />
     <FileAttrib ID="ID_FILEATTRIB_ASHITIO" FriendlyName="Asus AsHitIo_Drv FileAttribute" FileName="AsHitIo_Drv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="27.0.0.0"/>
     <FileAttrib ID="ID_FILEATTRIB_ASR_AUTOCHECK_1" FriendlyName="ASRAutoCheck\2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4 FileAttribute" FileName="AsrAutoChkUpdDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ASR_AUTOCHECK_2" FriendlyName="ASRAutoCheck\4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe FileAttribute" FileName="AsrAutoChkUpdDrv_1_0_32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@@ -1535,17 +1739,18 @@ The following recommended blocklist xml policy file can also be downloaded from
     <FileAttrib ID="ID_FILEATTRIB_ASWSNX" FriendlyName="Aswsnx FileAttribute" FileName="aswSnx.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="17.1.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ATILLK" FriendlyName="atillk64 FileAttribute" FileName="atillk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ATLACCESS" FriendlyName="atlAccess\0b57569aaa0f4789d9642dd2189b0a82466b80ad32ff35f88127210ed105fe57 FileAttribute" FileName="atlAccess.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_ATOOLS" FriendlyName="Antiy Labs AToolsKrnl\24342de3b93a06b4e4534140b13cd0726e8e8f4665866a9dcbcceb5685b83cf3 FileAttribute" FileName="Atools2.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.23.713"/>
     <FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_AVALUEIO" FriendlyName="Avalue Avalueio.sys\a5a4a3c3d3d5a79f3ed703fc56d45011c21f9913001fcbcc43a3f7572cff44ec FileAttribute" FileName="AVALUEIO.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_AVGELAM" FriendlyName="Avast aswElam/avgElam Overpermissive ELAM FileAttribute" FileName="aswElam.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.6.400.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_BS_DEF" FriendlyName="Bs_Def64 FileAttribute" FileName="Bs_Def64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_BS_DEF_64" FriendlyName="Bs_Def FileAttribute" FileName="Bs_Def.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
     <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
     <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_DEF" FriendlyName="Bs_Def64 FileAttribute" FileName="Bs_Def64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_DEF_64" FriendlyName="Bs_Def FileAttribute" FileName="Bs_Def.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_BS_MEM" FriendlyName="BSMEM64_W10 FileAttribute" FileName="BSMEM64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2201" />
     <FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO\d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_BS_RCIO_W10" FriendlyName="BS_RCIO\7c6f16af074c3f1c74fc69734f1c8b8a03b0594ac2085d5a0c582fc8cc378858 FileAttribute" FileName="BS_RCIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
     <FileAttrib ID="ID_FILEATTRIB_CGWIN" FriendlyName="Sangoma cg6kwin2k.sys\223f61c3f443c5047d1aeb905b0551005a426f084b7a50384905e7e4ecb761a1 FileAttribute" FileName="cg6kwin2k.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_COMPUTERZ" FriendlyName="Chengdu Qiying ComputerZ.sys\07d0090c76155318e78a676e2f8af1500c20aaa1e84f047c674d5f990f5a09c8 FileAttribute" FileName="ComputerZ.Sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_CORSAIRLLACCESS" FriendlyName="CorsairLLAccess\000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b FileAttribute" FileName="Corsair LL Access" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.23.65535" />
@@ -1561,6 +1766,7 @@ The following recommended blocklist xml policy file can also be downloaded from
     <FileAttrib ID="ID_FILEATTRIB_ETDSUPPORT" FriendlyName="HP EtdSupport\0d383e469d0e27ebb713770f01f7f1a57068a7d30478221e6f2276125048d1c9 FileAttribute" FileName="etdsupp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="20.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_FAIRPLAY" FriendlyName="Deny FairplayKD.sys MTA San Andreas Versions 367.*" ProductName="MTA San Andreas" MinimumFileVersion="367.0.0.0" MaximumFileVersion="367.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_FPCIE" FriendlyName="Feature Integration FPCIE2COM.sys\17942865680bd3d6e6633c90cc4bd692ae0951a8589dbe103c1e293b3067344d FileAttribute" FileName="FPCIE2COM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_GDRV" FriendlyName="Gigabyte gdrv2.sys\17927b93b2d6ab4271c158f039cae2d60591d6a14458f5a5690aec86f5d54229 FileAttribute" FileName="gdrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_GMER" FriendlyName="GMEREK gmer64 FileAttribute" FileName="gmer64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_HAXM" FriendlyName="haXM.sys FileAttribute" FileName="HaXM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_HPPORTIOX64" FriendlyName="HpPortIox64.sys" FileName="HpPortIox64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.2.0.9" />
@@ -1571,14 +1777,19 @@ The following recommended blocklist xml policy file can also be downloaded from
     <FileAttrib ID="ID_FILEATTRIB_HWINFO_3" FriendlyName="REALiX_HWiNFO64I FileAttribute" FileName="HWiNFO64I.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.98.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_HWRWDRV" FriendlyName="HwRwDrv FileAttribute" FileName="HwRwDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_IOBITUNLOCKER" FriendlyName="IObitUnlocker FileAttribute" FileName="IObitUnlocker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.3.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_IOMAP" FriendlyName="Asus IOMap.sys\04e9a85d89a5119ff2dd2342719f6129d42627e3083559c88d4f3be607dd1f06 FileAttribute" FileName="IOMap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_IOMEM" FriendlyName="DT Research iomem\2b507e0ad4515d9d47fb7f0bfa1f1eb11de25db4fca49fc1417ea991dc33b6bf FileAttribute" FileName="iomem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.21" />
+    <FileAttrib ID="ID_FILEATTRIB_ITLSFFN" FriendlyName="ITM s4killer ItlsFFN\01714295a16acc253e50be2c068974ac621b9635a9c328b4dc578cecb03b06f9 FileAttribute" FileName="ItlsFFN.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LDIAGO_1" FriendlyName="Lenovo ldiagio.sys\68ca1b5151181a98cd6da55d6dfd6ef0c94f0cf9379be37a8f86dd996d677946 FileAttribute" FileName="LDiagIO_legacy.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_LDIAGO_2" FriendlyName="Lenovo ldiagio.sys\ef55a5a3be73d5bfc5aa2a2b3f0cc574b824d96a129a67931a1667e770d5d938 FileAttribute" FileName="LDiagIO_uefi.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_LDIAGO_3" FriendlyName="Lenovo ldiagio.sys\05f7419335418b1eb5c983860a8a68e73147508b31e7cb1341a9dbeeb81f96b4 FileAttribute" FileName="LDiagIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_LGCORETEMP" FriendlyName="LogiTech LgCoreTemp\93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131 FileAttribute" FileName="LgCoreTemp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
-    <FileAttrib ID="ID_FILEATTRIB_LV_DIAG" FriendlyName="LenovoDiagnosticsDriver FileAttribute" FileName="LenovoDiagnosticsDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_LV561V64" FriendlyName="LV561V64 LogiTech FileAttribute" FileName="Lv561av.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LV_DIAG" FriendlyName="LenovoDiagnosticsDriver FileAttribute" FileName="LenovoDiagnosticsDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_MONITOR" FriendlyName="IOBit Monitor.sys FileAttribute" FileName="Monitor.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="15.0.0.2" />
     <FileAttrib ID="ID_FILEATTRIB_MSIO" FriendlyName="MicSys MSIO\0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff FileAttribute" FileName="MsIo64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_MSRHOOK" FriendlyName="IDTech MSRHook\87ece1b3b8446517dd9696a1b2c62f82a80220956618485efbdf5671f2676616 FileAttribute" FileName="Keyboard Filter Driver" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.1.0.0"/>
@@ -1619,9 +1830,15 @@ The following recommended blocklist xml policy file can also be downloaded from
     <FileAttrib ID="ID_FILEATTRIB_SFDRVX32" FriendlyName="sfdrvx32\0bd1523a68900b80ed1bccb967643525cca55d4ff4622d0128913690e6bb619e FileAttribute" FileName="sfdrvx32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.43.4.0"/>
     <FileAttrib ID="ID_FILEATTRIB_SMARTEIO" FriendlyName="EVGA smarteio.sys\3c95ebf3f1a87f67d2861dbd1c85dc26c118610af0c9fbf4180428e653ac3e50 FileAttribute" FileName="SMARTEIO64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_STDCDRV" FriendlyName="Intel Stdcdrv.sys\37022838c4327e2a5805e8479330d8ff6f8cd3495079905e867811906c98ea20 FileAttribute" FileName="stdcdrv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_STDCDRVWS" FriendlyName="Intel Stdcdrvws.sys\70afdc0e11db840d5367afe53c35d9642c1cf616c7832ab283781d085988e505 FileAttribute" FileName="stdcdrvws64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_SUPERBMC" FriendlyName="Superbmc FileAttribute" FileName="superbmc.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.2.1.0" />
     <FileAttrib ID="ID_FILEATTRIB_SYMELAM" FriendlyName="SymELAM\021badff5a3c84ee422d9fa40a842f89b1c60e0164eabd58da7374327ea99d3c FileAttribute" FileName="SymELAM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.4.0.83" />
-    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR" FriendlyName="SysInfoDetector.sys\083ff41609e2c0402f20cc00da1110a0cb80c515ca1c2f551606ecc94986cff9 FileAttribute" FileName="SysInfoDetector.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR_1" FriendlyName="SysInfoDetector.sys\083ff41609e2c0402f20cc00da1110a0cb80c515ca1c2f551606ecc94986cff9 FileAttribute" FileName="SysInfoDetector.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR_2" FriendlyName="C:\drivers\SysInfoDetector\33a73e36499d4a33f9321c5ac40a4e34c029a2d7ea26205a245592df78195776.sys FileAttribute" FileName="SysInfoDetectorAEx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR_3" FriendlyName="C:\drivers\SysInfoDetector\45e5977b8d5baec776eb2e62a84981a8e46f6ce17947c9a76fa1f955dc547271.sys FileAttribute" FileName="SysInfoDetectorX64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR_4" FriendlyName="C:\drivers\SysInfoDetector\5b0ebf255769224b95d23ff0511014ae80ad8778737d6aaa071aeb794012b058 FileAttribute" FileName="SysInfoDetectorProX64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR_5" FriendlyName="C:\drivers\SysInfoDetector\770ab79212b08cd13864d6cfd9b97180d7b3f084d1d44aec09c8314d9466039e FileAttribute" FileName="SysInfoDetectorAE.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_SYSDETECTOR_6" FriendlyName="C:\drivers\SysInfoDetector\8ec9a4c4ec2b73440c591bc91543d0f685ffa1c3658926b25b06d929c5b6feed FileAttribute" FileName="SysInfoDetectorPro.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_SYSDRV3S" FriendlyName="SysDrv3s\0dd9daf0852a5b1b436199e9f2bf318f641f43173ab0dc22ad8c7e9cbaee9ad3 FileAttribute" FileName="SysDrv3S.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.6.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_TMEL" FriendlyName="TrendMicro TMEL Overpermissive ELAM FileAttribute" FileName="Tmel.sys" MinimumFileVersion="1.6.0.1002" MaximumFileVersion="1.6.0.1004" />
     <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
@@ -1632,13 +1849,16 @@ The following recommended blocklist xml policy file can also be downloaded from
     <FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
     <FileAttrib ID="ID_FILEATTRIB_VMDRV" FriendlyName="vmdrv.sys FileAttribute" FileName="vmdrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.10011.16384" />
     <FileAttrib ID="ID_FILEATTRIB_WCPU" FriendlyName="WCPU\159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980 FileAttribute" FileName="CPU Driver" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_WINKERNEXP" FriendlyName="WindowsKernelExplorer.sys\455ff5274fbdd19ce1da6fc6725a00752761998759c6bacb9713081f613c1752 FileAttribute" FileName="WindowsKernelExplorer.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_WINRING0" FriendlyName="WinRing0.sys" FileName="WinRing0.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_WIRWADRV" FriendlyName="Winstron wirwadrv\d8fc8e3a1348393c5d7c3a84bcbae383d85a4721a751ad7afac5428e5e579b4e FileAttribute" FileName="WiRwaDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_WISEUNLO" FriendlyName="WiseUnlo FileAttribute" FileName="WiseUnlo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_ZEMANA_1" FriendlyName="Zemana Antilog\05ece4f6bda72e7fd61fa950e80b811d3dbe0b4b1d53b0532d8df051d1ff074c FileAttribute" FileName="AntiLog32.sys" MinimumFileVersion="1.9.5.600" />
-    <FileAttrib ID="ID_FILEATTRIB_ZEMANA_2" FriendlyName="Zemana Zam\40b62ba97ba2edd3e01ed62d26ae8c09f36144ab33db18b42e5f1ccf82db1754 FileAttribute" FileName="ZAM.exe" MinimumFileVersion="2.74.0.259" />
-    <FileAttrib ID="ID_FILEATTRIB_ZEMANA_3" FriendlyName="Zemana PerfectGuard\fe48f38bc05a6f3d6590e0be572f1b5dd67fe0b7c97b891a586e3e67f5a5513e FileAttribute" FileName="PerfectGuard.sys" MinimumFileVersion="1.9.5.104" />
-
+    <FileAttrib ID="ID_FILEATTRIB_ZAM_1" FriendlyName="Zemana ZAM\a3908b3fa59c0fc7600ff8887a87861a4f8566ca0a3bdcf2371bb9f36745db91 FileAttribute" FileName="ZAM.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_ZAM_2" FriendlyName="Zemana Zam\036c1151a30a9c25afc961d7305c58cbf8f68e5e5c1e726565c9a8168c2f3cdb FileAttribute" ProductName="AntiLogger Free" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_ZAM_3" FriendlyName="Zemana Zam\0aa79d4c5c3baca0aee095bdbdfddfe70fad495c791066c416bd732eaec2d965 FileAttribute" ProductName="ZAM" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_ZAM_4" FriendlyName="Zemana Zam\2b34ca35bd4f61d8e1d62b6129bef0a64c4655e80d6d39da06cb27c08e6996a3 FileAttribute" ProductName="AntiLogger SDK" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_ZAM_5" FriendlyName="Zemana Zam\c02eabc2e096f00e6e46fb3b5cf0062db5e1b9d92877b701d2ea0bf27cd82cbe FileAttribute" ProductName="AntiMalware" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_ZAM_6" FriendlyName="Zemana Zam\c3a2dade7d95085d5af4bf9dc218c97f802440b6c1bd2fdac520cb1a376b7e84 FileAttribute" ProductName="Audit" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
   </FileRules>
   <!--Signers-->
   <Signers>
@@ -1656,6 +1876,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_DRIVER7" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ETDSUPPORT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IOMAP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IOMEM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64" />
@@ -1671,11 +1892,13 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SBIOS" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SFDRVX32" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR_2" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR_3" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR_4" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR_5" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDETECTOR_6" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VDBSV" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
@@ -1711,6 +1934,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1" />
     </Signer>
     <Signer ID="ID_SIGNER_ELBY" Name="GlobalSign Primary Object Publishing CA">
       <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
@@ -1719,8 +1943,12 @@ The following recommended blocklist xml policy file can also be downloaded from
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
       <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AODDRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AODDRIVER_2" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_DRIVER7" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_GDRV" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IOMAP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
@@ -1731,9 +1959,6 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_RTIF" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SFDRVX32" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
     </Signer>
     <Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
       <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
@@ -1814,6 +2039,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_ALSYSIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ASHITIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATOOLS" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_MEM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO" />
@@ -1827,6 +2053,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_HWINFO_1" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HWINFO_2" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IOBITUNLOCKER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ITLSFFN" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MSIO" />
@@ -1845,6 +2072,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
       <FileAttribRef RuleID="ID_FILEATTRIB_WISEUNLO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1" />
     </Signer>
    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2010" Name="Microsoft Third Party Component Windows PCA 2010">
       <CertRoot Type="TBS" Value="90C9669670E75989159E6EEF69625EB6AD17CBA6209ED56F5665D55450A05212" />
@@ -1855,9 +2083,12 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ALSYSIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AODDRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AODDRIVER_2" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CP2X72C_1" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CP2X72C_2" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_GDRV" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NVOCLOCK" />
@@ -1865,9 +2096,6 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_RTPORT" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SMARTEIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VDBSV" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
@@ -1931,6 +2159,8 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ASWSP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ATLACCESS" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATOOLS" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_GDRV" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LGCORETEMP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTIF" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
@@ -2227,6 +2457,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_EELAM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SYMELAM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1" />
     </Signer>
     <Signer ID="ID_SIGNER_MS_ELAM_1" Name="Microsoft Code Signing PCA 2010">
       <CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
@@ -2234,7 +2465,7 @@ The following recommended blocklist xml policy file can also be downloaded from
       <FileAttribRef RuleID="ID_FILEATTRIB_EELAM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SYMELAM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
-
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1" />
     </Signer>
     <Signer ID="ID_SIGNER_AVGELAM_1" Name="DigiCert High Assurance Code Signing CA-1">
       <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
@@ -2467,6 +2698,118 @@ The following recommended blocklist xml policy file can also be downloaded from
       <CertPublisher Value="ELITEGROUP COMPUTER SYSTEMS CO"/>
       <FileAttribRef RuleID="ID_FILEATTRIB_ECSIODRV"/>
     </Signer>
+    <Signer ID="ID_SIGNER_IOMAP" Name="DigiCert High Assurance Code Signing CA-1">
+      <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C"/>
+      <CertPublisher Value="ASUSTeK Computer Inc."/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_IOMAP"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_STDCDRV" Name="Sectigo RSA Code Signing CA">
+      <CertRoot Type="TBS" Value="20ADC5B59CB532E215F01BA09A9C745898C206555613512FEA7C295CCFD17CED4FE2C5BC3274CA8A270FC68799B8343C"/>
+      <CertPublisher Value="Intel Corporation"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_STDCDRV"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_STDCDRVWS" Name="Intel External Basic Policy CA">
+      <CertRoot Type="TBS" Value="F56832BC9412C372F9A8744591258F8BB11AF2D8"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_STDCDRV"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_STDCDRVWS"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ZAM_1" Name="DigiCert High Assurance Code Signing CA-1">
+      <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C"/>
+      <CertPublisher Value="Zemana Ltd."/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_2"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_3"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_4"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_5"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_6"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ZAM_2" Name="GlobalSign">
+      <CertRoot Type="TBS" Value="DE1DA11668F0A8D5E13346ED3AB2755F5D25BEBFFCFD1D0BDE5B9F87BC292C91"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ZAM_3" Name="WATCHDOG ZAM">
+      <CertRoot Type="TBS" Value="8DE6EAE4E1479F02DC58281AD5C035E629345FF74A177E559192D03BD23E0F9F"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZAM_1"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_APPID" Name="Microsoft Windows Applocker Appid">
+      <CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146"/>
+      <CertPublisher Value="Microsoft Windows"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_1"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_2"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_3"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_4"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_5"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_6"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_7"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_APPID_8"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_WINKERNEXP" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D"/>
+      <CertPublisher Value="Synhe Technology Co., Ltd"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINKERNEXP"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ARTIFICIAL_1" Name="Microsoft Windows Third Party Component CA 2014 - Artificial Software">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE"/>
+      <CertOemID Value="Artificial Software"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ARTIFICIAL_2" Name="Microsoft Windows Third Party Component CA 2012 - Artificial Software">
+      <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46"/>
+      <CertOemID Value="Artificial Software"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_LDIAGIO_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D"/>
+      <CertPublisher Value="Lenovo Information Products (Shenzhen) Co.,Ltd"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_1"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_2"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_3"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_LDIAGIO_2" Name="Symantec Class 3 SHA256 Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="7F25CBD37DCDC0E0D93E0D477C4BC0C54231379E6CAF1023841E1F0D96467A6C"/>
+      <CertPublisher Value="Lenovo"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_3"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_LDIAGIO_3" Name="Microsoft Windows Third Party Component CA 2012">
+      <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46"/>
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_3"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_LDIAGIO_4" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D"/>
+      <CertPublisher Value="LENOVO"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_1"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_2"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_LDIAGIO_5" Name="Symantec Class 3 SHA256 Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="7F25CBD37DCDC0E0D93E0D477C4BC0C54231379E6CAF1023841E1F0D96467A6C"/>
+      <CertPublisher Value="LENOVO (UNITED STATES) INC."/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_LDIAGO_3"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ATOOLS_1" Name="DigiCert Assured ID Code Signing CA-1">
+      <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E"/>
+      <CertPublisher Value="Antiy Labs"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATOOLS"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ATOOLS_2" Name="DigiCert Trusted Root G4">
+      <CertRoot Type="TBS" Value="11533EFD6B326A4E065A936DE300FE0586A479F93D569D2403BD62C7AD35F1B2199DAEE3ADB510F429C4FC97B4B024E3"/>
+      <CertPublisher Value="Antiy Labs"/>
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATOOLS"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ITM_1" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="79F0A648BD7F1184F86BFF43AE47C9ECC3ED3CEC"/>
+      <CertPublisher Value="ITM System Co.,LTD"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ITM_2" Name="GlobalSign CodeSigning CA - G3">
+      <CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837"/>
+      <CertPublisher Value="ITM System Co.,Ltd"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ITM_3" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385"/>
+      <CertPublisher Value="ITM System Co.,Ltd"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ITM_4" Name="GlobalSign">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7"/>
+      <CertPublisher Value="INZENT Co., Ltd."/>
+    </Signer>
     <Signer ID="ID_SIGNER_BAOJI" Name="VeriSign Class 3 Code Signing 2010 CA - Baoji zhihengtaiye co.,ltd">
       <CertRoot Type="TBS" Value="ED37AD43BC52426943019F77F35ED1A6B063B5B7" />
     </Signer>
@@ -2512,6 +2855,21 @@ The following recommended blocklist xml policy file can also be downloaded from
     <Signer ID="ID_SIGNER_JCOS_2" Name="JCOS Media pshedmp">
       <CertRoot Type="TBS" Value="8A3994CC7AA70F5480166A96A32EB10BAB0A7A36" />
     </Signer>
+    <Signer ID="ID_SIGNER_VOIDTOOLS" Name="voidtools (Thumbprint: 4DA2AD938358643571084F75F21AFDDD15D4BAE9)">
+      <CertRoot Type="TBS" Value="2AAA2A578BDEB2F1DBAAE27B6358B87D14143B7FA98518A6AC576172677225AC"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_PCTOOLS_1" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF"/>
+      <CertPublisher Value="PC Tools"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_PCTOOLS_2" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D"/>
+      <CertPublisher Value="PC Tools"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_PCTOOLS_3" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5"/>
+      <CertPublisher Value="PC Tools"/>
+    </Signer>
     <Signer ID="ID_SIGNER_HERMETICWIPER_1" Name="DigiCert Assured ID Code Signing CA-1">
       <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
       <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
@@ -2572,7 +2930,10 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_ALSYSIO_1" />
           <DeniedSigner SignerId="ID_SIGNER_ALSYSIO_2" />
           <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
+          <DeniedSigner SignerId="ID_SIGNER_APPID" />
           <DeniedSigner SignerId="ID_SIGNER_ATILLK" />
+          <DeniedSigner SignerId="ID_SIGNER_ARTIFICIAL_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ARTIFICIAL_2" />
           <DeniedSigner SignerId="ID_SIGNER_ASROCK_RWDRV" />
           <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_1" />
           <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_2" />
@@ -2584,6 +2945,8 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_ASWSNX_2" />
           <DeniedSigner SignerId="ID_SIGNER_ASWSNX_3" />
           <DeniedSigner SignerId="ID_SIGNER_ASWSNX_4" />
+          <DeniedSigner SignerId="ID_SIGNER_ATOOLS_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ATOOLS_2" />
           <DeniedSigner SignerId="ID_SIGNER_AVGELAM_1" />
           <DeniedSigner SignerId="ID_SIGNER_AVGELAM_2" />
           <DeniedSigner SignerId="ID_SIGNER_BAOJI" />
@@ -2641,9 +3004,19 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_2" />
           <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_3" />
           <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_4" />
+          <DeniedSigner SignerId="ID_SIGNER_IOMAP" />
+          <DeniedSigner SignerId="ID_SIGNER_ITM_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ITM_2" />
+          <DeniedSigner SignerId="ID_SIGNER_ITM_3" />
+          <DeniedSigner SignerId="ID_SIGNER_ITM_4" />
           <DeniedSigner SignerId="ID_SIGNER_JCOS_1" />
           <DeniedSigner SignerId="ID_SIGNER_JCOS_2" />
           <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
+          <DeniedSigner SignerId="ID_SIGNER_LDIAGIO_1" />
+          <DeniedSigner SignerId="ID_SIGNER_LDIAGIO_2" />
+          <DeniedSigner SignerId="ID_SIGNER_LDIAGIO_3" />
+          <DeniedSigner SignerId="ID_SIGNER_LDIAGIO_4" />
+          <DeniedSigner SignerId="ID_SIGNER_LDIAGIO_5" />
           <DeniedSigner SignerId="ID_SIGNER_LV_DIAG" />
           <DeniedSigner SignerId="ID_SIGNER_LV_DIAG_2" />
           <DeniedSigner SignerId="ID_SIGNER_LV_LOGITECH" />
@@ -2672,6 +3045,9 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_PAVEL_Y_2" />
           <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
           <DeniedSigner SignerId="ID_SIGNER_PCDOC"/>
+          <DeniedSigner SignerId="ID_SIGNER_PCTOOLS_1"/>
+          <DeniedSigner SignerId="ID_SIGNER_PCTOOLS_2"/>
+          <DeniedSigner SignerId="ID_SIGNER_PCTOOLS_3"/>
           <DeniedSigner SignerId="ID_SIGNER_PROCEXP_1" />
           <DeniedSigner SignerId="ID_SIGNER_PROCEXP_2" />
           <DeniedSigner SignerId="ID_SIGNER_PROCEXP_3" />
@@ -2683,8 +3059,10 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_SAASAME" />
           <DeniedSigner SignerId="ID_SIGNER_SANDRA" />
           <DeniedSigner SignerId="ID_SIGNER_SANDRA_THAWTE" />
-          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
           <DeniedSigner SignerId="ID_SIGNER_SFDRVX32" />
+          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
+          <DeniedSigner SignerId="ID_SIGNER_STDCDRV" />
+          <DeniedSigner SignerId="ID_SIGNER_STDCDRVWS" />
           <DeniedSigner SignerId="ID_SIGNER_SYSDRV3S" />
           <DeniedSigner SignerId="ID_SIGNER_PHYMEM" />
           <DeniedSigner SignerId="ID_SIGNER_PHYMEM_1" />
@@ -2710,9 +3088,11 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
           <DeniedSigner SignerId="ID_SIGNER_VMDRV" />
+          <DeniedSigner SignerId="ID_SIGNER_VOIDTOOLS" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2010" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
+          <DeniedSigner SignerId="ID_SIGNER_WINKERNEXP" />
           <DeniedSigner SignerId="ID_SIGNER_WISEUNLO" />
           <DeniedSigner SignerId="ID_SIGNER_WISEUNLO_1" />
           <DeniedSigner SignerId="ID_SIGNER_WISEUNLO_2" />
@@ -2725,9 +3105,9 @@ The following recommended blocklist xml policy file can also be downloaded from
           <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
           <DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE" />
           <DeniedSigner SignerId="ID_SIGNER_VBOX_SUN" />
-          <DeniedSigner SignerId="ID_SIGNER_ZEMANA_1" />
-          <DeniedSigner SignerId="ID_SIGNER_ZEMANA_2" />
-          <DeniedSigner SignerId="ID_SIGNER_ZEMANA_3" />
+          <DeniedSigner SignerId="ID_SIGNER_ZAM_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ZAM_2" />
+          <DeniedSigner SignerId="ID_SIGNER_ZAM_3" />
         </DeniedSigners>
         <FileRulesRef>
           <FileRuleRef RuleID="ID_ALLOW_ALL_1" />
@@ -2789,6 +3169,12 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_ASRDRV104_65" />
           <FileRuleRef RuleID="ID_DENY_ASRDRV104_66" />
           <FileRuleRef RuleID="ID_DENY_ASRDRV104_67" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV105_1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV105_2" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV106_1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV106_2" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV107_1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV107_2" />
           <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_39" />
           <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3A" />
           <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3B" />
@@ -2983,6 +3369,14 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_AMIFLDRV_36" />
           <FileRuleRef RuleID="ID_DENY_AMIFLDRV_37" />
           <FileRuleRef RuleID="ID_DENY_AMIFLDRV_38" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_1" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_2" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_3" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_4" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_5" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_6" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_7" />
+          <FileRuleRef RuleID="ID_DENY_AODDRIVER_8" />
           <FileRuleRef RuleID="ID_DENY_ASIO_1"/>
           <FileRuleRef RuleID="ID_DENY_ASIO_2"/>
           <FileRuleRef RuleID="ID_DENY_ASIO_3"/>
@@ -3163,18 +3557,6 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_BS_RCIO_21" />
           <FileRuleRef RuleID="ID_DENY_BS_RCIO_22" />
           <FileRuleRef RuleID="ID_DENY_BS_RCIO_23" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_1" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_2" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_3" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_4" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_5" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_6" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_8" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_9" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_10"/>
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_11" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_12" />
-          <FileRuleRef RuleID="ID_DENY_DHKERNEL_13" />
           <FileRuleRef RuleID="ID_DENY_DELLBIOS_1" />
           <FileRuleRef RuleID="ID_DENY_DELLBIOS_2" />
           <FileRuleRef RuleID="ID_DENY_DELLBIOS_3" />
@@ -3195,6 +3577,18 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_DELLBIOS_18"/>
           <FileRuleRef RuleID="ID_DENY_DELLBIOS_19"/>
           <FileRuleRef RuleID="ID_DENY_DELLBIOS_20"/>
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_1" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_2" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_3" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_4" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_5" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_6" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_8" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_9" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_10"/>
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_11" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_12" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_13" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_12" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_13" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_14" />
@@ -3362,6 +3756,28 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_INPOUTX_21" />
           <FileRuleRef RuleID="ID_DENY_INPOUTX_22" />
           <FileRuleRef RuleID="ID_DENY_INPOUTX_23" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_1" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_2" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_3" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_4" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_5" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_6" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_7" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_8" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_9" />
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_10"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_11"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_12"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_13"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_14"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_15"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_16"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_17"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_18"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_19"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_20"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_21"/>
+          <FileRuleRef RuleID="ID_DENY_IOACCESS_22"/>
           <FileRuleRef RuleID="ID_DENY_IREC_1" />
           <FileRuleRef RuleID="ID_DENY_IREC_2" />
           <FileRuleRef RuleID="ID_DENY_IREC_3" />
@@ -3446,6 +3862,90 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_IREC_52" />
           <FileRuleRef RuleID="ID_DENY_IREC_53" />
           <FileRuleRef RuleID="ID_DENY_IREC_54" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_0" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_1" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_2" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_3" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_4" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_5" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_6" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_7" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_8" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_9" />
+          <FileRuleRef RuleID="ID_DENY_KERNELD_10"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_11"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_12"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_13"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_14"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_15"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_16"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_17"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_18"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_19"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_20"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_21"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_22"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_23"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_24"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_25"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_26"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_27"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_28"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_29"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_30"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_31"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_32"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_33"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_34"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_35"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_36"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_37"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_38"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_39"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_40"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_41"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_42"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_43"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_44"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_45"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_46"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_47"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_48"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_49"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_50"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_51"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_52"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_53"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_54"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_55"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_56"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_57"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_58"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_59"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_60"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_61"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_62"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_63"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_64"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_65"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_66"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_67"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_68"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_69"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_70"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_71"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_72"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_73"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_74"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_75"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_76"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_77"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_78"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_79"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_80"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_81"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_82"/>
+          <FileRuleRef RuleID="ID_DENY_KERNELD_83"/>
           <FileRuleRef RuleID="ID_DENY_KLMD" />
           <FileRuleRef RuleID="ID_DENY_LGCORETEMP_1" />
           <FileRuleRef RuleID="ID_DENY_LGCORETEMP_2" />
@@ -3705,6 +4205,11 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_PCHUNTER_4" />
           <FileRuleRef RuleID="ID_DENY_PCHUNTER_5" />
           <FileRuleRef RuleID="ID_DENY_PCHUNTER_6" />
+          <FileRuleRef RuleID="ID_DENY_PDFWKKRNL_1" />
+          <FileRuleRef RuleID="ID_DENY_PDFWKKRNL_2" />
+          <FileRuleRef RuleID="ID_DENY_PDFWKKRNL_3" />
+          <FileRuleRef RuleID="ID_DENY_PDFWKKRNL_4" />
+          <FileRuleRef RuleID="ID_DENY_PDFWKKRNL_5" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
@@ -3719,6 +4224,22 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_PHYDMACC_4" />
           <FileRuleRef RuleID="ID_DENY_PHYDMACC_5" />
           <FileRuleRef RuleID="ID_DENY_PHYDMACC_6" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_1" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_2" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_3" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_4" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_5" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_6" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_7" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_8" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_9" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_10"/>
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_11"/>
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_12"/>
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_13"/>
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_14"/>
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_15"/>
+          <FileRuleRef RuleID="ID_DENY_PHYMEM_16"/>
           <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1" />
           <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1_PAGE" />
@@ -3991,6 +4512,25 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_SEPDRV3_38"/>
           <FileRuleRef RuleID="ID_DENY_SEPDRV3_39"/>
           <FileRuleRef RuleID="ID_DENY_SEPDRV3_40"/>
+          <FileRuleRef RuleID="ID_DENY_SKILLER_1" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_2" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_3" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_4" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_5" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_6" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_7" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_8" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_9" />
+          <FileRuleRef RuleID="ID_DENY_SKILLER_10"/>
+          <FileRuleRef RuleID="ID_DENY_SKILLER_11"/>
+          <FileRuleRef RuleID="ID_DENY_SKILLER_12"/>
+          <FileRuleRef RuleID="ID_DENY_SSPORT_1" />
+          <FileRuleRef RuleID="ID_DENY_SSPORT_2" />
+          <FileRuleRef RuleID="ID_DENY_SSPORT_3" />
+          <FileRuleRef RuleID="ID_DENY_SSPORT_4" />
+          <FileRuleRef RuleID="ID_DENY_SSPORT_5" />
+          <FileRuleRef RuleID="ID_DENY_SSPORT_6" />
+          <FileRuleRef RuleID="ID_DENY_SSPORT_7" />
           <FileRuleRef RuleID="ID_DENY_SUPERBMC_2" />
           <FileRuleRef RuleID="ID_DENY_SUPERBMC_3" />
           <FileRuleRef RuleID="ID_DENY_SUPERBMC_4" />
@@ -4053,6 +4593,10 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_WFSHBR_2" />
           <FileRuleRef RuleID="ID_DENY_WFSHBR_3" />
           <FileRuleRef RuleID="ID_DENY_WFSHBR_4" />
+          <FileRuleRef RuleID="ID_DENY_WFSHBR_5" />
+          <FileRuleRef RuleID="ID_DENY_WFSHBR_6" />
+          <FileRuleRef RuleID="ID_DENY_WFSHBR_7" />
+          <FileRuleRef RuleID="ID_DENY_WFSHBR_8" />
           <FileRuleRef RuleID="ID_DENY_WINIO_1" />
           <FileRuleRef RuleID="ID_DENY_WINIO_2" />
           <FileRuleRef RuleID="ID_DENY_WINIO_3" />
@@ -4137,10 +4681,39 @@ The following recommended blocklist xml policy file can also be downloaded from
           <FileRuleRef RuleID="ID_DENY_WINIO_82" />
           <FileRuleRef RuleID="ID_DENY_WINIO_83" />
           <FileRuleRef RuleID="ID_DENY_WINIO_84" />
+          <FileRuleRef RuleID="ID_DENY_WINKERNEXP_1"/>
+          <FileRuleRef RuleID="ID_DENY_WINKERNEXP_2"/>
+          <FileRuleRef RuleID="ID_DENY_WINKERNEXP_3"/>
+          <FileRuleRef RuleID="ID_DENY_WINKERNEXP_4"/>
           <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1" />
           <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256" />
           <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_1" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_2" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_3" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_4" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_5" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_6" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_7" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_8" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_9" />
+          <FileRuleRef RuleID="ID_DENY_WINRING_10"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_11"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_12"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_13"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_14"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_15"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_16"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_17"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_18"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_19"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_20"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_21"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_22"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_23"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_24"/>
+          <FileRuleRef RuleID="ID_DENY_WINRING_25"/>
           <FileRuleRef RuleID="ID_DENY_PROCESSHACKER" />
           <FileRuleRef RuleID="ID_DENY_AMP" />
           <FileRuleRef RuleID="ID_DENY_ASMMAP" />
@@ -4173,7 +4746,7 @@ The following recommended blocklist xml policy file can also be downloaded from
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.26025.0</String>
+        <String>10.0.27685.0</String>
       </Value>
     </Setting>
   </Settings>
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png
deleted file mode 100644
index 754cf041ba..0000000000
Binary files a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png and /dev/null differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png
deleted file mode 100644
index 91fc4f136b..0000000000
Binary files a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png and /dev/null differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png
deleted file mode 100644
index d011fc4408..0000000000
Binary files a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png and /dev/null differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
index 1b1d46e536..04252abe74 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
@@ -8,7 +8,7 @@ metadata:
   author: vinaypamnani-msft
   ms.author: vinpa
   manager: aaroncz
-  ms.date: 04/05/2023
+  ms.date: 08/14/2024
 # linkListType: overview | how-to-guide | tutorial | video
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
@@ -39,8 +39,6 @@ landingContent:
             url: design/microsoft-recommended-driver-block-rules.md
           - text: Example WDAC policies
             url: design/example-wdac-base-policies.md
-          - text: LOB Win32 apps on S Mode
-            url: deployment/LOB-win32-apps-on-s.md
           - text: Managing multiple policies
             url: design/deploy-multiple-wdac-policies.md
       - linkListType: how-to-guide
@@ -51,7 +49,7 @@ landingContent:
             url: design/create-wdac-policy-for-fully-managed-devices.md
           - text: Create a WDAC policy for a fixed-workload
             url: design/create-wdac-policy-using-reference-computer.md
-          - text: Create a WDAC deny list policy
+          - text: Create a WDAC blocklist policy
             url: design/create-wdac-deny-policy.md
           - text: Deploying catalog files for WDAC management
             url: deployment/deploy-catalog-files-to-support-wdac.md
@@ -82,7 +80,7 @@ landingContent:
             url: design/manage-packaged-apps-with-wdac.md
           - text: Allow com object registration
             url: design/allow-com-object-registration-in-wdac-policy.md
-          - text: Manage plug-ins, add-ins and modules
+          - text: Manage plug-ins, add-ins, and modules
             url: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
   # Card
   - title: Learn how to deploy WDAC Policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
index 81a98c78ca..71c48fb256 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
@@ -4,7 +4,6 @@ description: Gather information about how your deployed Windows Defender Applica
 ms.localizationpriority: medium
 ms.date: 03/30/2023
 ms.topic: how-to
-ms.collection: essentials-manage
 ---
 
 # Windows Defender Application Control operational guide
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
index f35be85ec0..2d0145d3bc 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
@@ -4,9 +4,6 @@ description: Application Control restricts which applications users are allowed
 ms.localizationpriority: medium
 ms.collection:
 - tier3
-- must-keep
-- essentials-navigation
-- essentials-overview
 ms.date: 08/30/2023
 ms.topic: overview
 ---
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/TOC.yml b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/TOC.yml
index e235cf65ec..74c7012d07 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/TOC.yml
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/TOC.yml
@@ -1,6 +1,6 @@
 - name: Microsoft Defender Application Guard
   href: md-app-guard-overview.md
-  items: 
+  items:
     - name: System requirements
       href: reqs-md-app-guard.md
     - name: Install Application Guard
@@ -9,10 +9,5 @@
       href: configure-md-app-guard.md
     - name: Test scenarios
       href: test-scenarios-md-app-guard.md
-    - name: Microsoft Defender Application Guard Extension
-      href: md-app-guard-browser-extension.md
     - name: Application Guard FAQ
-      href: faq-md-app-guard.yml
-- name: Windows security
-  href: /windows/security/
-
+      href: faq-md-app-guard.yml
\ No newline at end of file
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
index 2a40f36ead..e5279d14fa 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -2,7 +2,7 @@
 title: Configure the Group Policy settings for Microsoft Defender Application Guard
 description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
 ms.localizationpriority: medium
-ms.date: 12/12/2023
+ms.date: 07/11/2024
 ms.topic: how-to
 ---
 
@@ -17,11 +17,11 @@ Application Guard uses both network isolation and application-specific settings.
 
 [!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management](../../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md)]
 
-For more information about Microsoft Defender Application Guard (MDAG) for Edge in stand-alone mode, see [Microsoft Defender Application Guard overview](md-app-guard-overview.md).
+For more information about Microsoft Defender Application Guard (MDAG) for Microsoft Edge in stand-alone mode, see [Microsoft Defender Application Guard overview](md-app-guard-overview.md).
 
 ## Network isolation settings
 
-These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
+These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the noncorporate resources into the Application Guard container.
 
 > [!NOTE]
 > For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you don't need to configure network isolation policy to enable Application Guard for Microsoft Edge in managed mode.
@@ -33,7 +33,7 @@ These settings, located at `Computer Configuration\Administrative Templates\Netw
 |-----------|------------------|-----------|
 |Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT| A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
 |Enterprise resource domains hosted in the cloud| At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (`|`) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
-|Domains categorized as both work and personal| At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
+|Domains categorized as both work and personal| At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Microsoft Edge environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
 
 ## Network isolation settings wildcards
 
@@ -52,7 +52,7 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 |Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** This is effective only in managed mode. Turns on the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns off the clipboard functionality for Application Guard.|
 |Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether Application Guard can use the print functionality.|**Enabled.** This is effective only in managed mode. Turns on the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for other printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
 |Allow Persistence|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
-|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
+|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you're no longer required to configure network isolation policy to enable Application Guard for Microsoft Edge.|
 |Allow files to download to host operating system|Windows 10 Enterprise or Pro, 1803 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise or Pro or Education|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.|
 |Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won't load any third-party graphics drivers or interact with any connected graphics hardware.|
 |Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
index 43f2f31197..b539097c6d 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -4,7 +4,7 @@ metadata:
   description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard.
   ms.localizationpriority: medium
   ms.topic: faq
-  ms.date: 12/12/2023
+  ms.date: 07/11/2024
 title: Frequently asked questions - Microsoft Defender Application Guard
 summary: |
 
@@ -211,7 +211,7 @@ sections:
       - question: |
           What does the _Allow users to trust files that open in Microsoft Defender Application Guard_ option in the Group policy do?
         answer: |
-          This policy was present in Windows 10 prior to version 2004. It was removed from later versions of Windows as it doesn't enforce anything for either Edge or Office.
+          This policy was present in Windows 10 prior to version 2004. It was removed from later versions of Windows as it doesn't enforce anything for either Microsoft Edge or Office.
 
       - question: |
           How do I open a support ticket for Microsoft Defender Application Guard?
@@ -220,9 +220,9 @@ sections:
          - Under the Product Family, select Windows. Select the product and the product version you need help with. For the category that best describes the issue, select, **Windows Security Technologies**. In the final option, select **Windows Defender Application Guard**.
 
       - question: |
-          Is there a way to enable or disable the behavior where the host Edge tab auto-closes when navigating to an untrusted site?
+          Is there a way to enable or disable the behavior where the host Microsoft Edge tab auto-closes when navigating to an untrusted site?
         answer: |
-          Yes. Use this Edge flag to enable or disable this behavior: `--disable-features="msWdagAutoCloseNavigatedTabs"`
+          Yes. Use this Microsoft Edge flag to enable or disable this behavior: `--disable-features="msWdagAutoCloseNavigatedTabs"`
 
 additionalContent: |
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
index 33375dd2a1..beefaa14bb 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: Enable hardware-based isolation for Microsoft Edge
 description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
-ms.date: 12/12/2023
+ms.date: 07/11/2024
 ms.topic: how-to
 ---
 
@@ -31,7 +31,7 @@ Standalone mode is applicable for:
 
 ## Enterprise-managed mode
 
-You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container.
+You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add nonenterprise domain(s) in the container.
 
 Enterprise-managed mode is applicable for:
 
@@ -93,7 +93,7 @@ Application Guard functionality is turned off by default. However, you can quick
 
    To learn more about scope tags, see [Use role-based access control (RBAC) and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
 
-1. In the **Assignments** page, select the users or groups that will receive the policy. Select **Next**.
+1. In the **Assignments** page, select the users or groups that receive the policy. Select **Next**.
 
    To learn more about assigning policies, see [Assign policies in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md
deleted file mode 100644
index f841705678..0000000000
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md
+++ /dev/null
@@ -1,89 +0,0 @@
----
-title: Microsoft Defender Application Guard Extension
-description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers.
-ms.localizationpriority: medium
-ms.date: 12/12/2023
-ms.topic: conceptual
----
-
-# Microsoft Defender Application Guard Extension
-
-[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)]
-
-[Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/).
-
-[Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10 and Windows 11, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers.
-
-> [!TIP]
-> Application Guard, by default, offers [native support](/deployedge/microsoft-edge-security-windows-defender-application-guard) to both Microsoft Edge and Internet Explorer. These browsers do not need the extension described here for Application Guard to protect them.
-
-Microsoft Defender Application Guard Extension defends devices in your organization from advanced attacks, by redirecting untrusted websites to an isolated version of [Microsoft Edge](https://www.microsoft.com/edge). If an untrusted website turns out to be malicious, it remains within Application Guard's secure container, keeping the device protected.
-
-## Prerequisites
-
-Microsoft Defender Application Guard Extension works with the following editions of Windows 10, version 1809 or later:
-
-- Windows 10 Professional
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 11
-
-Application Guard itself is required for the extension to work. It has its own set of [requirements](reqs-md-app-guard.md). Check the Application Guard [installation guide](install-md-app-guard.md) for further steps, if you don't have it installed already.
-
-## Installing the extension
-
-Application Guard can be run under [managed mode](install-md-app-guard.md#enterprise-managed-mode) or [standalone mode](install-md-app-guard.md#standalone-mode). The main difference between the two modes is whether policies have been set to define the organization's boundaries.
-
-Enterprise administrators running Application Guard under managed mode should first define Application Guard's [network isolation settings](configure-md-app-guard.md#network-isolation-settings), so a set of enterprise sites is already in place.
-
-From there, the steps for installing the extension are similar whether Application Guard is running in managed or standalone mode.
-
-1. On the local device, download and install the Application Guard extension for Google [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and/or Mozilla [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/).
-1. Install the [Microsoft Defender Application Guard companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8#activetab=pivot:overviewtab) from the Microsoft Store. This companion app enables Application Guard to work with web browsers other than Microsoft Edge or Internet Explorer.
-1. Restart the device.
-
-### Recommended browser group policies
-
-Both Chrome and Firefox have their own browser-specific group policies. We recommend that admins use the following policy settings.
-
-#### Chrome policies
-
-These policies can be found along the filepath, `Software\Policies\Google\Chrome\`, with each policy name corresponding to the file name. For example, `IncognitoModeAvailability` is located at `Software\Policies\Google\Chrome\IncognitoModeAvailability`.
-
-Policy name  | Values | Recommended setting | Reason
--|-|-|-
-[IncognitoModeAvailability](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=IncognitoModeAvailability) | `0` = Enabled <br /> `1` = Disabled <br /> `2` = Forces pages to only open in Incognito mode | Disabled | This policy allows users to start Chrome in Incognito mode. In this mode, all extensions are turned off by default.
-[BrowserGuestModeEnabled](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserGuestModeEnabled) | `false` or `0` = Disabled <br /> `true`, `1`, or not configured = Enabled | Disabled | This policy allows users to sign in as *Guest*, which opens a session in Incognito mode. In this mode, all extensions are turned off by default.
-[BackgroundModeEnabled](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BackgroundModeEnabled) | `false` or `0` = Disabled <br /> `true` or `1` = Enabled <br /> <br /> **Note:** If this policy isn't set, the user can enable or disable background mode through local browser settings. | Enabled | This policy keeps Chrome running in the background, ensuring that navigation is always passed to the extension.
-[ExtensionSettings](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings) | This policy accepts a dictionary that configures multiple other management settings for Chrome. See the [Google Cloud documentation](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings) for complete schema. | Include an entry for `force_installed` | This policy prevents users from manually removing the extension.
-
-#### Firefox policies
-
-These policies can be found along the filepath, `Software\Policies\Mozilla\Firefox\`, with each policy name corresponding to the file name. Foe example, `DisableSafeMode` is located at `Software\Policies\Mozilla\Firefox\DisableSafeMode`.
-
-Policy name | Values | Recommended setting | Reason
--|-|-|-
-[DisableSafeMode](https://github.com/mozilla/policy-templates/blob/master/README.md#DisableSafeMode) | `false` or `0` = Safe mode is enabled <br /> `true` or `1` = Safe mode is disabled | The policy is enabled and Safe mode isn't allowed to run. | Safe mode can allow users to circumvent Application Guard
-[BlockAboutConfig](https://github.com/mozilla/policy-templates/blob/master/README.md#BlockAboutConfig) | `false` or `0` = User access to `about:config` is allowed <br /> `true` or `1` = User access to `about:config` isn't allowed | The policy is enabled and access to `about:config` isn't allowed. | `About:config` is a special page within Firefox that offers control over many settings that may compromise security
-[Extensions - Locked](https://github.com/mozilla/policy-templates/blob/master/README.md#Extensions) | This setting accepts a list of UUIDs for extensions. You can find these extensions by searching `extensions.webextensions.uuids` within the `about:config` page) | Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "`ApplicationGuardRel@microsoft.com`" | This setting allows you to lock the extension, so the user can't disable or uninstall it.
-
-## Troubleshooting guide
-
-<!-- The in-line HTML in the following table is less than ideal, but MarkDown tables break if \r or \n characters are used within table cells -->
-
-Error message | Cause | Actions
--|-|-
-Application Guard undetermined state | The extension was unable to communicate with the companion app during the last information request. | 1. Install the [companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) and reboot</br> 2. If the companion app is already installed, reboot and see if that resolves the error</br> 3. If you still see the error after rebooting, uninstall and reinstall the companion app</br> 4. Check for updates in both the Microsoft store and the respective web store for the affected browser
-ExceptionThrown | An unexpected exception was thrown. | 1. [File a bug](https://aka.ms/wdag-fb) </br> 2. Retry the operation
-Failed to determine if Application Guard is enabled | The extension was able to communicate with the companion app, but the information request failed in the app. | 1. Restart the browser </br> 2. Check for updates in both the Microsoft store and the respective web store for the affected browser
-Launch in WDAG failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This error can be caused by the companion app being uninstalled while Chrome was running. | 1. Make sure the companion app is installed </br> 2. If the companion app is installed, reboot and see if that resolves the error </br> 3. If you still see the error after rebooting, uninstall and reinstall the companion app </br> 4. Check for updates in both the Microsoft store and the respective web store for the affected browser
-Main page navigation caught an unexpected error | An unexpected exception was thrown during the main page navigation. | 1. [File a bug](https://aka.ms/wdag-fb) </br> 2. Retry the operation
-Process trust response failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This error can be caused by the companion app being uninstalled while Chrome was running.| 1. Make sure the companion app is installed. </br> 2. If the companion app is installed, reboot and see if that resolves the error </br> 3. If you still see the error after rebooting, uninstall and reinstall the companion app </br> 4. Check for updates in both the Microsoft store and the respective web store for the affected browser
-Protocol out of sync | The extension and native app can't communicate with each other. This error is likely caused by one being updated without supporting the protocol of the other. | Check for updates in both the Microsoft store, and the web store for the affected browser
-Security patch level doesn't match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store, and the web store for the affected browser
-Unexpected response while processing trusted state | The extension was able to communicate with the companion app, but the API failed and a failure response code was sent back to the extension. | 1. [File a bug](https://aka.ms/wdag-fb) </br> 2. Check if Microsoft Edge is working </br> 3. Retry the operation
-
-## Related articles
-
-- [Microsoft Defender Application Guard overview](md-app-guard-overview.md)
-- [Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
index 109331df35..cc5f471678 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Application Guard
 description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
-ms.date: 12/12/2023
+ms.date: 07/11/2024
 ms.topic: conceptual
 ---
 
@@ -15,7 +15,7 @@ Microsoft Defender Application Guard (MDAG) is designed to help prevent old and
 
 For Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container.
 
-For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials.
+For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint, and Excel files from accessing trusted resources. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials.
 
 ![Hardware isolation diagram.](images/appguard-hardware-isolation.png)
 
@@ -33,7 +33,7 @@ Application Guard has been created to target several types of devices:
 
 [!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-standalone-mode](../../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md)]
 
-For more information about Microsoft Defender Application Guard (MDAG) for Edge enterprise mode, [Configure Microsoft Defender Application Guard policy settings.](configure-md-app-guard.md)
+For more information about Microsoft Defender Application Guard (MDAG) for Microsoft Edge enterprise mode, [Configure Microsoft Defender Application Guard policy settings.](configure-md-app-guard.md)
 
 ## Related articles
 
@@ -43,7 +43,6 @@ For more information about Microsoft Defender Application Guard (MDAG) for Edge
 |[Prepare and install Microsoft Defender Application Guard](install-md-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
 |[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
 |[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.|
-| [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide |
 | [Microsoft Defender Application Guard for Microsoft Office](/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
 |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.yml)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
 |[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
index ff5414fd19..fcf8fe4d0b 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -3,7 +3,7 @@ title: System requirements for Microsoft Defender Application Guard
 description: Learn about the system requirements for installing and running Microsoft Defender Application Guard.
 ms.topic: overview
 ms.localizationpriority: medium
-ms.date: 12/12/2023
+ms.date: 07/11/2024
 ---
 
 # System requirements for Microsoft Defender Application Guard
@@ -24,8 +24,8 @@ Your environment must have the following hardware to run Microsoft Defender Appl
 
 | Hardware | Description |
 |--------|-----------|
-| 64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).|
-| CPU virtualization extensions|Extended page tables, also called _Second Level Address Translation (SLAT)_ <p> **AND** <p> One of the following virtualization extensions for VBS:<br/>VT-x (Intel)<br/>**OR**<br/>AMD-V |
+| 64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and Virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).|
+| CPU virtualization extensions|Extended page tables, also called _Second Level Address Translation (SLAT)_ <br><br> **AND** <br><br> One of the following virtualization extensions for VBS:<br/>VT-x (Intel)<br/>**OR**<br/>AMD-V |
 | Hardware memory | Microsoft requires a minimum of 8-GB RAM |
 | Hard disk | 5-GB free space, solid state disk (SSD) recommended |
 | Input/Output Memory Management Unit (IOMMU) support| Not required, but recommended |
@@ -38,4 +38,4 @@ Your environment must have the following hardware to run Microsoft Defender Appl
 |--------|-----------|
 | Operating system | Windows 10 Enterprise or Education editions, version 1809 or later <br/> Windows 10 Professional edition, version 1809 or later (only [standalone mode](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard#standalone-mode) is supported)  <br/> Windows 11 Education or Enterprise editions <br/> Windows 11 Professional edition (only [Standalone mode](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard#standalone-mode) is supported) |
 | Browser | Microsoft Edge |
-| Management system <br> (only for managed devices)| [Microsoft Intune](/intune/) <p> **OR** <p> [Microsoft Configuration Manager](/configmgr/) <p> **OR** <p> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <p> **OR** <p>Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Microsoft MDM solutions, see the documentation that came with your product. |
+| Management system <br> (only for managed devices)| [Microsoft Intune](/mem/intune/) <br><br> **OR** <br><br> [Microsoft Configuration Manager](/mem/configmgr/) <br><br> **OR** <br><br> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <br><br> **OR** <br><br>Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Microsoft MDM solutions, see the documentation that came with your product. |
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index f63bfb9f1f..275a28dd9e 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -2,7 +2,7 @@
 title: Testing scenarios with Microsoft Defender Application Guard
 description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
 ms.localizationpriority: medium
-ms.date: 12/12/2023
+ms.date: 07/11/2024
 ms.topic: conceptual
 ---
 
@@ -26,8 +26,8 @@ You can see how an employee would use standalone mode with Application Guard.
 
 3. Wait for Application Guard to set up the isolated environment.
 
-    >[!NOTE]
-    >Starting Application Guard too quickly after restarting the device might cause it to take a bit longer to load. However, subsequent starts should occur without any perceivable delays.
+    > [!NOTE]
+    > Starting Application Guard too quickly after restarting the device might cause it to take a bit longer to load. However, subsequent starts should occur without any perceivable delays.
 
 4. Go to an untrusted, but safe URL (for this example, we used msn.com) and view the new Microsoft Edge window, making sure you see the Application Guard visual cues.
 
@@ -39,7 +39,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
 
 ### Install, set up, and turn on Application Guard
 
-Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, and Windows 11 which includes the functionality. Then, you must use Group Policy to set up the required settings.
+Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, and Windows 11, which includes the functionality. Then, you must use Group Policy to set up the required settings.
 
 1. [Install Application Guard](install-md-app-guard.md#install-application-guard).
 
@@ -47,19 +47,19 @@ Before you can use Application Guard in managed mode, you must install Windows 1
 
 3. Set up the Network Isolation settings in Group Policy:
 
-   a.  Select the **Windows** icon, type `Group Policy`, and then select **Edit Group Policy**.
+   1.  Select the **Windows** icon, type `Group Policy`, and then select **Edit Group Policy**.
 
-   b.  Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting.
+   1.  Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting.
 
-   c.  For the purposes of this scenario, type `.microsoft.com` into the **Enterprise cloud resources** box.
+   1.  For the purposes of this scenario, type `.microsoft.com` into the **Enterprise cloud resources** box.
 
-   ![Group Policy editor with Enterprise cloud resources setting.](images/appguard-gp-network-isolation.png)
+       ![Group Policy editor with Enterprise cloud resources setting.](images/appguard-gp-network-isolation.png)
 
-   d. Go to the **Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal** setting.
+   1. Go to the **Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal** setting.
 
-   e. For the purposes of this scenario, type `bing.com` into the **Neutral resources** box.
+   1. For the purposes of this scenario, type `bing.com` into the **Neutral resources** box.
 
-   ![Group Policy editor with Neutral resources setting.](images/appguard-gp-network-isolation-neutral.png)
+      ![Group Policy editor with Neutral resources setting.](images/appguard-gp-network-isolation-neutral.png)
 
 4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Managed Mode** setting.
 
@@ -67,8 +67,8 @@ Before you can use Application Guard in managed mode, you must install Windows 1
 
    ![Group Policy editor with Turn On/Off setting.](images/appguard-gp-turn-on.png)
 
-   >[!NOTE]
-   >Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario.
+   > [!NOTE]
+   > Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario.
 
 6. Start Microsoft Edge and type `https://www.microsoft.com`.
 
@@ -207,7 +207,7 @@ You have the option to change each of these settings to work with your enterpris
 
 3. Sign out and back in to your device, opening Microsoft Edge in Application Guard again.
 
-4. Open an application with video or audio capability in Edge.
+4. Open an application with video or audio capability in Microsoft Edge.
 
 5. Check that the camera and microphone work as expected.
 
@@ -223,17 +223,20 @@ You have the option to change each of these settings to work with your enterpris
 
 ## Application Guard Extension for third-party web browsers
 
-The [Application Guard Extension](md-app-guard-browser-extension.md) available for Chrome and Firefox allows Application Guard to protect users even when they are running a web browser other than Microsoft Edge or Internet Explorer.
+The [Application Guard Extension](md-app-guard-browser-extension.md) available for Chrome and Firefox allows Application Guard to protect users even when they're running a web browser other than Microsoft Edge or Internet Explorer.
 
 Once a user has the extension and its companion app installed on their enterprise device, you can run through the following scenarios.
 
 1. Open either Firefox or Chrome, whichever browser you have the extension installed on.
 
 2. Navigate to an organizational website. In other words, an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded.
+
    ![The evaluation page displayed while the page is being loaded, explaining that the user must wait.](images/app-guard-chrome-extension-evaluation-page.png)
 
-3. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge.
+3. Navigate to a nonenterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge.
+
    ![A non-enterprise website being redirected to an Application Guard container -- the text displayed explains that the page is being opened in Application Guard for Microsoft Edge.](images/app-guard-chrome-extension-launchIng-edge.png)
 
-4. Open a new Application Guard window, by selecting the Microsoft Defender Application Guard icon, then **New Application Guard Window**
+4. Open a new Application Guard window, by selecting the Microsoft Defender Application Guard icon, then **New Application Guard Window**.
+
    ![The "New Application Guard Window" option is highlighted in red](images/app-guard-chrome-extension-new-app-guard-page.png)
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 6420d0019f..29d6d96ecb 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -60,7 +60,7 @@ Supported values:
 
 - *Enable*: Enables vGPU support in the sandbox.
 - *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox uses software rendering, which might be slower than virtualized GPU.
-- *Default* This value is the default value for vGPU support. Currently, this default value denotes that vGPU is disabled.
+- *Default* This value is the default value for vGPU support. Currently, this default value denotes that vGPU is enabled.
 
 > [!NOTE]
 > Enabling virtualized GPU can potentially increase the attack surface of the sandbox.
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md
index adf405569f..8d8f873a38 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md
@@ -35,8 +35,8 @@ Windows Sandbox has the following properties:
 - At least two CPU cores (four cores with hyper-threading recommended)
 
 > [!NOTE]
-> Windows Sandbox is currently not supported on Windows Home edition
-
+> Windows Sandbox is currently not supported on Windows Home edition.
+> Beginning in Windows 11, version 24H2, all inbox store apps like calculator, photos, notepad and terminal are not available inside Windows Sandbox. Ability to use these apps will be added soon.
 ## Installation
 
 1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or Windows 11.
diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md
index 789ac396b8..97aafdbec1 100644
--- a/windows/security/book/cloud-services-protect-your-work-information.md
+++ b/windows/security/book/cloud-services-protect-your-work-information.md
@@ -232,7 +232,7 @@ Universal Print has integrated with Administrative Units in Microsoft Entra ID t
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [Universal Print](https://www.microsoft.com/microsoft-365/windows/universal-print)
-- [Data storage in Universal Print](/universal-print/fundamentals/universal-print-encryption)
+- [Data handling in Universal Print](/universal-print/data-handling)
 - [Delegate Printer Administration with Administrative Units](/universal-print/portal/delegated-admin)
 
 For customers who want to stay on Print Servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM.
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 2e3135282a..1a7808e2b1 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -53,8 +53,8 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Windows Security",
       "contributors_to_exclude": [
+        "aditisrivastava07",
         "alekyaj",
         "alexbuckgit",
         "American-Dipper",
@@ -65,14 +65,13 @@
         "dstrome2",
         "garycentric",
         "jborsecnik",
+        "padmagit77",
         "rjagiewich",
         "rmca14",
         "shdyas",
         "Stacyrch140",
         "tiburd",
         "traya1",
-        "v-dihans",
-        "v-stchambers",
         "v-stsavell"
       ],
       "searchScope": [
@@ -98,7 +97,9 @@
         "operating-system-security/data-protection/**/*.md": "paolomatarazzo",
         "operating-system-security/data-protection/**/*.yml": "paolomatarazzo",
         "operating-system-security/network-security/**/*.md": "paolomatarazzo",
-        "operating-system-security/network-security/**/*.yml": "paolomatarazzo"
+        "operating-system-security/network-security/**/*.yml": "paolomatarazzo",
+        "security-foundations/certification/**/*.md": "mike-grimm",
+        "security-foundations/certification/**/*.yml": "mike-grimm"
       },
       "ms.author": {
         "application-security//**/*.md": "vinpa",
@@ -118,7 +119,9 @@
         "operating-system-security/data-protection/**/*.md": "paoloma",
         "operating-system-security/data-protection/**/*.yml": "paoloma",
         "operating-system-security/network-security/**/*.md": "paoloma",
-        "operating-system-security/network-security/**/*.yml": "paoloma"
+        "operating-system-security/network-security/**/*.yml": "paoloma",
+        "security-foundations/certification/**/*.md": "mgrimm",
+        "security-foundations/certification/**/*.yml": "mgrimm"
       },
       "appliesto": {
         "application-security//**/*.md": [
@@ -232,7 +235,8 @@
         "operating-system-security/data-protection/personal-data-encryption/*.md": "rhonnegowda",
         "operating-system-security/device-management/windows-security-configuration-framework/*.md": "jmunck",
         "operating-system-security/network-security/vpn/*.md": "pesmith",
-        "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
+        "operating-system-security/network-security/windows-firewall/*.md": "nganguly",
+        "security-foundations/certification/**/*.md": "paoloma"
       },
       "ms.collection": {
         "book/*.md": "tier3",
@@ -241,6 +245,7 @@
         "information-protection/tpm/*.md": "tier1",
         "operating-system-security/data-protection/bitlocker/*.md": "tier1",
         "operating-system-security/data-protection/personal-data-encryption/*.md": "tier1",
+        "security-foundations/certification/**/*.md": "tier3",
         "threat-protection/auditing/*.md": "tier3"
       },
       "ROBOTS": {
@@ -251,4 +256,4 @@
     "dest": "security",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
index 1ef34f786a..b686fb205c 100644
--- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
@@ -2,7 +2,7 @@
 title: Enable memory integrity
 description: This article explains the steps to opt in to using memory integrity on Windows devices.
 ms.topic: conceptual
-ms.date: 03/26/2024
+ms.date: 07/10/2024
 appliesto:
   - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
   - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
@@ -61,7 +61,7 @@ To apply the new policy on a domain-joined computer, either restart or run `gpup
 
 ### Use registry keys to enable memory integrity
 
-Set the following registry keys to enable memory integrity. These keys provide exactly the same set of configuration options provided by Group Policy.
+Set the following registry keys to enable memory integrity. These keys provide similar set of configuration options provided by Group Policy
 
 > [!IMPORTANT]
 >
@@ -95,7 +95,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualiza
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
 ```
 
-**To enable VBS with Secure Boot and DMA (value 3)**
+**To enable VBS with Secure Boot and DMA protection (value 3)**
 
 ```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f
@@ -131,6 +131,17 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorE
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f
 ```
 
+**To enable VBS (and memory integrity) in mandatory mode**
+
+```console
+reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Mandatory" /t REG_DWORD /d 1 /f
+```
+
+The **Mandatory** setting prevents the OS loader from continuing to boot in case the Hypervisor, Secure Kernel or one of their dependent modules fails to load.
+
+> [!IMPORTANT]
+> Special care should be used before enabling this mode, since, in case of any failure of the virtualization modules, the system will refuse to boot.
+
 **To gray out the memory integrity UI and display the message "This setting is managed by your administrator"**
 ```console
 reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /f
diff --git a/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
index e68ce7f0d5..54f9cc0237 100644
--- a/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -2,7 +2,7 @@
 title: How System Guard helps protect Windows
 description: Learn how System Guard reorganizes the existing Windows system integrity features under one roof.
 ms.localizationpriority: medium
-ms.date: 01/16/2024
+ms.date: 07/10/2024
 ms.topic: conceptual
 ---
 
@@ -33,7 +33,7 @@ Also, a bug fix for UEFI code can take a long time to design, build, retest, val
 
 ### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM)
 
-[System Guard Secure Launch](system-guard-secure-launch-and-smm-protection.md), first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM). DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state.
+[System Guard Secure Launch](system-guard-secure-launch-and-smm-protection.md), first introduced in Windows 10 version 1809, aims to alleviate these issues by using a technology known as the Dynamic Root of Trust for Measurement (DRTM). DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state.
 
 ![System Guard Secure Launch.](images/system-guard-secure-launch.png)
 
@@ -41,7 +41,7 @@ Secure Launch simplifies management of SRTM measurements because the launch code
 
 ### System Management Mode (SMM) protection
 
-System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS. SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor.
+System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. Whenever one of these system operations is requested, a nonmaskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS. SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor.
 
 To defend against this, two techniques are used:
 
@@ -88,7 +88,7 @@ This feature is available for the following processors:
 |AUX Policy|The required AUX policy must be as follows: <ul><li> A = TPM2_PolicyLocality (Locality 3 & Locality 4) </li><li>B = TPM2_PolicyCommandCode (TPM_CC_NV_UndefineSpecial)</li><li>authPolicy = \{A} OR {{A} AND \{B}}</li><li>authPolicy digest = 0xef, 0x9a, 0x26, 0xfc, 0x22, 0xd1, 0xae, 0x8c, 0xec, 0xff, 0x59, 0xe9, 0x48, 0x1a, 0xc1, 0xec, 0x53, 0x3d, 0xbe, 0x22, 0x8b, 0xec, 0x6d, 0x17, 0x93, 0x0f, 0x4c, 0xb2, 0xcc, 0x5b, 0x97, 0x24</li></ul>|
 |TPM NV Index|Platform firmware must set up a TPM NV index for use by the OS with: <ul><li>Handle: 0x01C101C0 </li><li>Attributes: <ul><li>TPMA_NV_POLICYWRITE</li><li>TPMA_NV_PPREAD </li><li>TPMA_NV_OWNERREAD</li><li>TPMA_NV_AUTHREAD</li><li>TPMA_NV_POLICYREAD</li><li>TPMA_NV_NO_DA</li><li>TPMA_NV_PLATFORMCREATE</li><li>TPMA_NV_POLICY_DELETE</li></ul> <li>A policy of: </li><ul><li>A = TPM2_PolicyAuthorize(MSFT_DRTM_AUTH_BLOB_SigningKey)</li><li>B = TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial) </li><li> authPolicy = \{A} OR {{A} AND \{B}} </li><li> Digest value of 0xcb, 0x45, 0xc8, 0x1f, 0xf3, 0x4b, 0xcf, 0x0a, 0xfb, 0x9e, 0x1a, 0x80, 0x29, 0xfa, 0x23, 0x1c, 0x87, 0x27, 0x30, 0x3c, 0x09, 0x22, 0xdc, 0xce, 0x68, 0x4b, 0xe3, 0xdb, 0x81, 0x7c, 0x20, 0xe1 </li></ul></ul> |
 |Platform firmware|Platform firmware must carry all code required to execute an Intel&reg; Trusted Execution Technology secure launch: <ul><li>Intel&reg; SINIT ACM must be carried in the OEM BIOS</li><li>Platforms must ship with a production ACM signed by the correct production Intel&reg; ACM signer for the platform</li></ul>|
-|Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. |
+|Platform firmware update|It's recommended to update System firmware via UpdateCapsule in Windows Update. |
 
 ### Requirements for AMD&reg; processors starting with Zen2 or later silicon
 
@@ -102,7 +102,7 @@ This feature is available for the following processors:
 |Modern/Connected Standby|Platforms must support Modern/Connected Standby.|
 |TPM NV Index|Platform firmware must set up a TPM NV index for use by the OS with: <ul><li>Handle: 0x01C101C0 </li><li>Attributes: <ul><li>TPMA_NV_POLICYWRITE</li><li>TPMA_NV_PPREAD </li><li>TPMA_NV_OWNERREAD</li><li>TPMA_NV_AUTHREAD</li><li>TPMA_NV_POLICYREAD</li><li>TPMA_NV_NO_DA</li><li>TPMA_NV_PLATFORMCREATE</li><li>TPMA_NV_POLICY_DELETE</li></ul> <li>A policy of: </li><ul><li>A = TPM2_PolicyAuthorize(MSFT_DRTM_AUTH_BLOB_SigningKey)</li><li>B = TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial) </li><li> authPolicy = \{A} OR {{A} AND \{B}} </li><li> Digest value of 0xcb, 0x45, 0xc8, 0x1f, 0xf3, 0x4b, 0xcf, 0x0a, 0xfb, 0x9e, 0x1a, 0x80, 0x29, 0xfa, 0x23, 0x1c, 0x87, 0x27, 0x30, 0x3c, 0x09, 0x22, 0xdc, 0xce, 0x68, 0x4b, 0xe3, 0xdb, 0x81, 0x7c, 0x20, 0xe1 </li></ul></ul> |
 |Platform firmware|Platform firmware must carry all code required to execute Secure Launch: <ul><li>AMD&reg; Secure Launch platforms must ship with AMD&reg; DRTM driver devnode exposed and the AMD&reg; DRTM driver installed</li></ul><br/>Platform must have AMD&reg; Secure Processor Firmware Anti-Rollback protection enabled <br/> Platform must have AMD&reg; Memory Guard enabled.|
-|Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. |
+|Platform firmware update|It's recommended to update System firmware via UpdateCapsule in Windows Update. |
 
 ### Requirements for Qualcomm&reg; processors with SD850 or later chipsets
 
@@ -112,4 +112,4 @@ This feature is available for the following processors:
 |Monitor Mode Page Tables|All Monitor Mode page tables must: <ul><li>NOT contain any mappings to EfiConventionalMemory (for example no OS/VMM owned memory) </li><li>They must NOT have execute and write permissions for the same page </li><li>Platforms must only allow Monitor Mode pages marked as executable </li><li>The memory map must report Monitor Mode as EfiReservedMemoryType</li><li>Platforms must provide mechanism to protect the Monitor Mode page tables from modification</li></ul> |
 |Modern/Connected Standby|Platforms must support Modern/Connected Standby.|
 |Platform firmware|Platform firmware must carry all code required to launch.|
-|Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. |
+|Platform firmware update|It's recommended to update System firmware via UpdateCapsule in Windows Update. |
diff --git a/windows/security/hardware-security/index.md b/windows/security/hardware-security/index.md
index dbe8b6153f..e8cfb27d50 100644
--- a/windows/security/hardware-security/index.md
+++ b/windows/security/hardware-security/index.md
@@ -1,7 +1,7 @@
 ---
 title: Windows hardware security
 description: Learn more about hardware security features support in Windows.
-ms.date: 07/28/2023
+ms.date: 07/10/2024
 ms.topic: overview
 appliesto:
 ---
diff --git a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
index 6b5201c81c..d010c70d1c 100644
--- a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
@@ -4,7 +4,7 @@ description: Learn how Kernel DMA Protection protects Windows devices against dr
 ms.collection:
   - tier1
 ms.topic: conceptual
-ms.date: 01/09/2024
+ms.date: 07/10/2024
 ---
 
 # Kernel DMA Protection
@@ -20,16 +20,16 @@ Drive-by DMA attacks are attacks that occur while the owner of the system isn't
 
 ## How Windows protects against DMA drive-by attacks
 
-Windows uses the system *Input/Output Memory Management Unit (IOMMU)* to block external peripherals from starting and performing DMA, unless the drivers for these peripherals support memory isolation (such as DMA-remapping). Peripherals with [DMA Remapping compatible drivers][LINK-1] will be automatically enumerated, started, and allowed to perform DMA to their assigned memory regions.
+Windows uses the system *Input/Output Memory Management Unit (IOMMU)* to block external peripherals from starting and performing DMA, unless the drivers for these peripherals support memory isolation (such as DMA-remapping). Peripherals with [DMA Remapping compatible drivers][LINK-1] are automatically enumerated, started, and allowed to perform DMA to their assigned memory regions.
 
-By default, peripherals with DMA Remapping incompatible drivers will be blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen. IT administrators can modify the default behavior applied to devices with DMA Remapping incompatible drivers using MDM or group policies.
+By default, peripherals with DMA Remapping incompatible drivers are blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen. IT administrators can modify the default behavior applied to devices with DMA Remapping incompatible drivers using MDM or group policies.
 
 ## User experience
 
 When Kernel DMA Protection is enabled:
 
-- Peripherals with DMA Remapping-compatible device drivers will be automatically enumerated and started
-- Peripherals with DMA Remapping-incompatible drivers will be blocked from starting if the peripheral was plugged in before an authorized user logs in, or while the screen is locked. Once the system is unlocked, the peripheral driver will be started by the OS, and the peripheral will continue to function normally until the system is rebooted, or the peripheral is unplugged. The peripheral will continue to function normally if the user locks the screen or signs out of the system.
+- Peripherals with DMA Remapping-compatible device drivers are automatically enumerated and started
+- Peripherals with DMA Remapping-incompatible drivers are blocked from starting if the peripheral was plugged in before an authorized user logs in, or while the screen is locked. Once the system is unlocked, the peripheral driver is started by the OS, and the peripheral continues to function normally until the system is rebooted, or the peripheral is unplugged. The peripheral will continue to function normally if the user locks the screen or signs out of the system.
 
 [!INCLUDE [kernel-direct-memory-access-dma-protection](../../../includes/licensing/kernel-direct-memory-access-dma-protection.md)]
 
@@ -44,7 +44,7 @@ Kernel DMA Protection isn't compatible with other BitLocker DMA attacks counterm
 
 ## Check if Kernel DMA Protection is enabled
 
-Systems that support Kernel DMA Protection will enable the feature automatically, with no user or IT admin configuration required.
+Systems that support Kernel DMA Protection enable the feature automatically, with no user or IT admin configuration required.
 
 You can use the Windows Security settings to check if Kernel DMA Protection is enabled:
 
@@ -53,7 +53,7 @@ You can use the Windows Security settings to check if Kernel DMA Protection is e
 
    :::image type="content" source="images/kernel-dma-protection-security-center.png" alt-text="Screenshot of Kernel DMA protection in Windows Security." lightbox="images/kernel-dma-protection-security-center.png" border="true":::
 
-   Alternatively, you can use the System Information desktop app (`msinfo32.exe`). If the system supports Kernel DMA Protection, the **Kernel DMA Protection** value will be set to **ON**.
+   Alternatively, you can use the System Information desktop app (`msinfo32.exe`). If the system supports Kernel DMA Protection, the **Kernel DMA Protection** value is set to **ON**.
 
    :::image type="content" source="images/kernel-dma-protection.png" alt-text="Screenshot of Kernel DMA protection in System Information." lightbox="images/kernel-dma-protection.png" border="true":::
 
@@ -91,7 +91,7 @@ Use the Windows-provided drivers for the peripherals, when available. If there a
 
 ### My system's Kernel DMA Protection is off. Can DMA-remapping for a specific device be turned on?
 
-Yes. DMA remapping for a specific device can be turned on independent from Kernel DMA Protection. For example, if the driver opts in and VT-d (Virtualization Technology for Directed I/O) is turned on, then DMA remapping will be enabled for the devices driver even if Kernel DMA Protection is turned off.
+Yes. DMA remapping for a specific device can be turned on independent from Kernel DMA Protection. For example, if the driver opts in and VT-d (Virtualization Technology for Directed I/O) is turned on, then DMA remapping is enabled for the devices driver even if Kernel DMA Protection is turned off.
 
 Kernel DMA Protection is a policy that allows or blocks devices to perform DMA, based on their remapping state and capabilities.
 
@@ -117,5 +117,4 @@ The policy can be enabled by using:
 [LINK-1]: /windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers
 [LINK-2]: /windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies
 [LINK-3]: /windows-hardware/design/device-experiences/oem-kernel-dma-protection
-
 [EXT-1]: https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf
diff --git a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
index eb190c2bac..dfdb572272 100644
--- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
@@ -2,23 +2,42 @@
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
 ms.topic: conceptual
-ms.date: 02/19/2024
+ms.date: 07/10/2024
 ---
 
 # Microsoft Pluton security processor
 
 Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem, which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.
 
-Microsoft Pluton is currently available on devices with Ryzen 6000 and Qualcomm Snapdragon&reg; 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
+Microsoft Pluton is currently available on devices with AMD Ryzen&reg; 6000, 7000, 8000, Ryzen AI and Qualcomm Snapdragon&reg; 8cx Gen 3 and Snapdragon X series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2 and later.
 
 ## What is Microsoft Pluton?
 
-Designed by Microsoft and built by silicon partners, Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data and encryption keys. Information is significantly harder to be removed even if an attacker installs malware or has complete physical possession of the PC.
+Designed by Microsoft and built by silicon partners, Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data, and encryption keys. Information is significantly harder to be removed even if an attacker installs malware or has complete physical possession of the PC.
 
 Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) and deliver other security functionality beyond what is possible with the TPM 2.0 specification, and allows for other Pluton firmware and OS features to be delivered over time via Windows Update. For more information, see [Microsoft Pluton as TPM](pluton-as-tpm.md).
 
 Pluton is built on proven technology used in Xbox and Azure Sphere, and provides hardened integrated security capabilities to Windows 11 devices in collaboration with leading silicon partners. For more information, see [Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs](https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/).
 
+## How can Pluton help customers?
+
+Pluton is built with the goal of providing customers with better end-to-end security experiences. It does so by doing three things:
+
+1. **Zero-trust security and reliability**: Customer security scenarios often span devices and cloud services. Windows PCs and services like Microsoft Entra and Intune need to work harmoniously together to provide frictionless security. Pluton is designed, built and maintained in close collaboration with teams across Microsoft to ensure that customers get both high security and reliability.
+1. **Innovation**: Pluton platform and the functionality it provides is informed by customer feedback and Microsoft’s threat intelligence. As an example, Pluton platforms in 2024 AMD and Intel systems will start to use a Rust-based firmware foundation given the importance of memory safety.
+1. **Continuous improvement**: Pluton platform supports loading new firmware delivered through operating system updates. This functionality is supported alongside the typical mechanism of UEFI capsule updates that update the Pluton firmware that is resident on the system’s SPI flash and loaded during early system boot. The additional support for dynamically loading valid new Pluton firmware through operating system updates facilitates continuous improvements both for bug fixes and new features.
+   
+### A practical example: zero-trust security with device-based conditional access policies
+
+An increasingly important zero-trust workflow is conditional access – gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune, for example, supports different workflows for conditional access including [device-based conditional access](/mem/intune/protect/create-conditional-access-intune) which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organization’s apps and services. 
+
+To ensure that Intune gets an accurate picture about the device’s health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM. 
+
+For the end-to-end scenario to be truly successful at scale, the hardware-based security is not enough. Since access to enterprise assets is being gated based on security settings that are being reported by the TPM logs, it is critical that these logs are available reliably. Zero-trust security essentially requires high reliability. 
+
+With Pluton, when it is configured as the TPM for the system, customers using conditional access get the benefits of Pluton’s security architecture and implementation with the reliability that comes from the tight integration and collaboration between Pluton and other Microsoft components and services.
+
+
 ## Microsoft Pluton security architecture overview
 
 ![Diagram showing the Microsoft Pluton security processor architecture](../images/pluton/pluton-security-architecture.png)
diff --git a/windows/security/hardware-security/pluton/pluton-as-tpm.md b/windows/security/hardware-security/pluton/pluton-as-tpm.md
index ccde7ec921..2946f43e11 100644
--- a/windows/security/hardware-security/pluton/pluton-as-tpm.md
+++ b/windows/security/hardware-security/pluton/pluton-as-tpm.md
@@ -2,12 +2,12 @@
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
 ms.topic: conceptual
-ms.date: 02/19/2024
+ms.date: 07/10/2024
 ---
 
 # Microsoft Pluton as Trusted Platform Module
 
-Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) thereby establishing the silicon root of trust. Microsoft Pluton supports the TPM 2.0 industry standard allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPM including BitLocker, Windows Hello, and Windows Defender System Guard.
+Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) thereby establishing the silicon root of trust. Microsoft Pluton supports the TPM 2.0 industry standard allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPM including BitLocker, Windows Hello, and System Guard.
 
 As with other TPMs, credentials, encryption keys, and other sensitive information can't be easily extracted from Pluton even if an attacker installs malware or has complete physical possession of the device. Storing sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helps ensure that emerging attack techniques such as speculative execution can't access key material.
 
@@ -17,7 +17,7 @@ To learn more about the TPM related scenarios that benefit from Pluton, see [TPM
 
 ## Microsoft Pluton as a security processor alongside discrete TPM
 
-Microsoft Pluton can be used as a TPM, or in conjunction with a TPM. Although Pluton builds security directly into the CPU, device manufacturers may choose to use discrete TPM as the default TPM, while having Pluton available to the system as a security processor for use cases beyond the TPM.
+Microsoft Pluton can be used as a TPM, or with a TPM. Although Pluton builds security directly into the CPU, device manufacturers might choose to use discrete TPM as the default TPM, while having Pluton available to the system as a security processor for use cases beyond the TPM.
 
 Pluton is integrated within the SoC subsystem, and provides a flexible, updatable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft.
 
diff --git a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
index 35ef8a1826..153871eba2 100644
--- a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
@@ -1,14 +1,13 @@
 ---
 title: System Guard Secure Launch and SMM protection
-description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows 10 devices.
-ms.localizationpriority: medium
-ms.date: 07/31/2023
+description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows devices.
+ms.date: 07/10/2024
 ms.topic: conceptual
 ---
 
 # System Guard Secure Launch and SMM protection
 
-This topic explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](how-hardware-based-root-of-trust-helps-protect-windows.md) to improve the startup security of Windows 10 and Windows 11 devices. The information below is presented from a client perspective.
+This article explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](how-hardware-based-root-of-trust-helps-protect-windows.md) to improve the startup security of Windows 10 and Windows 11 devices. The information below is presented from a client perspective.
 
 > [!NOTE]
 > System Guard Secure Launch feature requires a supported processor. For more information, see [System requirements for System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md#system-requirements-for-system-guard).
@@ -28,35 +27,30 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM)
 
 ### Group Policy
 
-1. Click **Start** > type and then click **Edit group policy**.
-
-2. Click **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn On Virtualization Based Security** > **Secure Launch Configuration**.
+1. Select **Start** > type and then select **Edit group policy**.
+1. Select **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn On Virtualization Based Security** > **Secure Launch Configuration**.
 
     ![Secure Launch Configuration.](images/secure-launch-group-policy.png)
 
 ### Windows Security
 
-Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation** > **Firmware protection**.
+Select **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation** > **Firmware protection**.
 
   ![Windows Security settings.](images/secure-launch-security-app.png)
 
 ### Registry
 
 1. Open Registry editor.
-
-2. Click **HKEY_LOCAL_MACHINE** > **SYSTEM** > **CurrentControlSet** > **Control** > **DeviceGuard** > **Scenarios**.
-
-3. Right-click **Scenarios** > **New** > **Key** and name the new key **SystemGuard**.
-
-4. Right-click **SystemGuard** > **New** > **DWORD (32-bit) Value** and name the new DWORD **Enabled**.
-
-5. Double-click **Enabled**, change the value to **1**, and click **OK**.
+1. Select **HKEY_LOCAL_MACHINE** > **SYSTEM** > **CurrentControlSet** > **Control** > **DeviceGuard** > **Scenarios**.
+1. Right-click **Scenarios** > **New** > **Key** and name the new key **SystemGuard**.
+1. Right-click **SystemGuard** > **New** > **DWORD (32-bit) Value** and name the new DWORD **Enabled**.
+1. Double-click **Enabled**, change the value to **1**, and click **OK**.
 
     ![Secure Launch Registry.](images/secure-launch-registry.png)
 
 ## How to verify System Guard Secure Launch is configured and running
 
-To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**.
+To verify that Secure Launch is running, use System Information (MSInfo32). Select **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**.
 
 ![Verifying Secure Launch is running in the Windows Security settings.](images/secure-launch-msinfo.png)
 
diff --git a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 9be58182e9..7a1c590a9a 100644
--- a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -2,7 +2,7 @@
 title: Back up TPM recovery information to Active Directory
 description: Learn how to back up the Trusted Platform Module (TPM) recovery information to Active Directory.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # Back up the TPM recovery information to AD DS
diff --git a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
index 29abbe115b..37025f1eca 100644
--- a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
@@ -1,8 +1,8 @@
 ---
 title: Change the TPM owner password
-description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
+description: This article for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # Change the TPM owner password
@@ -32,7 +32,6 @@ Without the owner password, you can still perform all the preceding actions with
 Instead of changing your owner password, you can also use the following options to manage your TPM:
 
 - **Clear the TPM** - If you want to invalidate all of the existing keys that have been created since you took ownership of the TPM, you can clear it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm).
-
 - **Turn off the TPM** - With TPM 1.2 and Windows 10, versions 1507 and 1511, you can turn off the TPM. Turn off the TPM if you want to keep all existing keys and data intact and disable the services that are provided by the TPM. For more info, see [Turn off the TPM](initialize-and-configure-ownership-of-the-tpm.md#turn-off-the-tpm).
 
 ## Changing the TPM owner password
@@ -44,7 +43,3 @@ To change to a new TPM owner password, in `TPM.msc`, select **Change Owner Passw
 ## Use the TPM cmdlets
 
 You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule).
-
-## Related articles
-
-- [Trusted Platform Module](trusted-platform-module-overview.md)
diff --git a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
index fc6a8fad0f..a4d314ad3f 100644
--- a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
@@ -2,12 +2,12 @@
 title: How Windows uses the TPM
 description: Learn how Windows uses the Trusted Platform Module (TPM) to enhance security.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # How Windows uses the Trusted Platform Module
 
-The Windows operating system places hardware-based security deeper inside many features, maximizing platform security while increasing usability. To achieve many of these security enhancements, Windows makes extensive use of the Trusted Platform Module (TPM). This article offers an overview of the TPM, describes how it works, and discusses the benefits that TPM brings to Windows and the cumulative security impact of running Windows on a device with a TPM.
+The Windows operating system places hardware-based security deeper inside many features, maximizing platform security while increasing usability. To achieve many of these security enhancements, Windows makes extensive use of the Trusted Platform Module (TPM). This article offers an overview of the TPM, describes how it works, and discusses the benefits that TPM brings to Windows and the cumulative security effect of running Windows on a device with a TPM.
 
 ## TPM Overview
 
@@ -21,7 +21,7 @@ The Trusted Computing Group (TCG) is the nonprofit organization that publishes a
 
 OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone can't achieve. For example, software alone can't reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust-that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key *truly can't leave the TPM*.
 
-The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs, whereas others don't.
+The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments clearly define security requirements for TPMs, whereas others don't.
 
 Certification programs for TPMs-and technology in general-continue to evolve as the speed of innovation increases. Although having a TPM is clearly better than not having a TPM, Microsoft's best advice is to determine your organization's security needs and research any regulatory requirements associated with procurement for your industry. The result is a balance between scenarios used, assurance level, cost, convenience, and availability.
 
@@ -51,11 +51,11 @@ Smart cards are physical devices that typically store a single certificate and t
 
 In Windows, the Virtual Smart Card feature allows the TPM to mimic a permanently inserted smart card. The TPM becomes *something the user has* but still requires a PIN. While physical smart cards limit the number of PIN attempts before locking the card and requiring a reset, a virtual smart card relies on the TPM's dictionary attack protection to prevent too many PIN guesses.
 
-For TPM-based virtual smart cards, the TPM protects the use and storage of the certificate private key, so that it can't be copied when it is in use or stored and used elsewhere. Using a component that is part of the system rather than a separate physical smart card, can reduce total cost of ownership. The *lost card* or *card left at home* scenarios are not applicable, and the benefits of smart card-based multifactor authentication is preserved. For users, virtual smart cards are simple to use, requiring only a PIN to unlock. Virtual smart cards support the same scenarios that physical smart cards support, including signing in to Windows or authenticating for resource access.
+For TPM-based virtual smart cards, the TPM protects the use and storage of the certificate private key, so that it can't be copied when it is in use or stored and used elsewhere. Using a component that is part of the system rather than a separate physical smart card, can reduce total cost of ownership. The *lost card* or *card left at home* scenarios aren't applicable, and the benefits of smart card-based multifactor authentication is preserved. For users, virtual smart cards are simple to use, requiring only a PIN to unlock. Virtual smart cards support the same scenarios that physical smart cards support, including signing in to Windows or authenticating for resource access.
 
 ## Windows Hello for Business
 
-Windows Hello for Business provides authentication methods intended to replace passwords, which can be difficult to remember and easily compromised. In addition, username/password solutions for authentication often reuse the same credential combinations on multiple devices and services. If those credentials are compromised, they are compromised in multiple places. Windows Hello for Business combines the information provisioned on each device (i.e., the cryptographic key) with additional information to authenticate users. On a system that has a TPM, the TPM can protect the key. If a system does not have a TPM, software-based techniques protect the key. The additional information the user supplies can be a PIN value or, if the system has the necessary hardware, biometric information, such as fingerprint or facial recognition. To protect privacy, the biometric information is used only on the provisioned device to access the provisioned key: it is not shared across devices.
+Windows Hello for Business provides authentication methods intended to replace passwords, which can be difficult to remember and easily compromised. In addition, username/password solutions for authentication often reuse the same credential combinations on multiple devices and services. If those credentials are compromised, they're compromised in multiple places. Windows Hello for Business combines the information provisioned on each device (that is, the cryptographic key) with additional information to authenticate users. On a system that has a TPM, the TPM can protect the key. If a system doesn't have a TPM, software-based techniques protect the key. The additional information the user supplies can be a PIN value or, if the system has the necessary hardware, biometric information, such as fingerprint or facial recognition. To protect privacy, the biometric information is used only on the provisioned device to access the provisioned key: it isn't shared across devices.
 
 The adoption of new authentication technology requires that identity providers and organizations deploy and use that technology. Windows Hello for Business lets users authenticate with their existing Microsoft account, an Active Directory account, a Microsoft Entra account, or even non-Microsoft Identity Provider Services or Relying Party Services that support [Fast ID Online V2.0 authentication](https://go.microsoft.com/fwlink/p/?LinkId=533889).
 
@@ -63,7 +63,7 @@ Identity providers have flexibility in how they provision credentials on client
 
 - **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an endorsement key. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM).
 
-- **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
+- **Attestation identity key**. To protect privacy, most TPM scenarios don't directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
 
 :::image type="content" alt-text="TPM Capabilities." source="images/tpm-capabilities.png" lightbox="images/tpm-capabilities.png":::
 *Figure 1:  TPM Cryptographic Key Management*
@@ -72,15 +72,15 @@ For Windows Hello for Business, Microsoft can fill the role of the identity CA.
 
 ## BitLocker Drive Encryption
 
-BitLocker provides full-volume encryption to protect data at rest. The most common device configuration splits the hard drive into several volumes. The operating system and user data reside on one volume that holds confidential information, and other volumes hold public information such as boot components, system information and recovery tools. (These other volumes are used infrequently enough that they do not need to be visible to users.) Without more protections in place, if the volume containing the operating system and user data is not encrypted, someone can boot another operating system and easily bypass the intended operating system's enforcement of file permissions to read any user data.
+BitLocker provides full-volume encryption to protect data at rest. The most common device configuration splits the hard drive into several volumes. The operating system and user data reside on one volume that holds confidential information, and other volumes hold public information such as boot components, system information and recovery tools. (These other volumes are used infrequently enough that they don't need to be visible to users.) Without more protections in place, if the volume containing the operating system and user data isn't encrypted, someone can boot another operating system and easily bypass the intended operating system's enforcement of file permissions to read any user data.
 
-In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows logon prompt, the only path forward is for the user to log on with his or her credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however-for example, a different operating system is booted from a USB device-the operating system volume and user data can't be read and are not accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities:
+In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows sign-in prompt, the only path forward is for the user to sign in with their credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however-for example, a different operating system is booted from a USB device-the operating system volume and user data can't be read and aren't accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities:
 
 - **Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component's measurement is sent to the TPM before it runs, a component can't erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values.
 
-- **Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process can't proceed normally because the data on the operating system can't be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS).
+- **Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM won't let Windows Boot Manager use the key, and the startup process can't proceed normally because the data on the operating system can't be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM won't allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS).
 
-Device hardware characteristics are important to BitLocker and its ability to protect data. One consideration is whether the device provides attack vectors when the system is at the logon screen. For example, if the Windows device has a port that allows direct memory access so that someone can plug in hardware and read memory, an attacker can read the operating system volume's decryption key from memory while at the Windows logon screen. To mitigate this risk, organizations can configure BitLocker so that the TPM key requires both the correct software measurements and an authorization value. The system startup process stops at Windows Boot Manager, and the user is prompted to enter the authorization value for the TPM key or insert a USB device with the value. This process stops BitLocker from automatically loading the key into memory where it might be vulnerable, but has a less desirable user experience.
+Device hardware characteristics are important to BitLocker and its ability to protect data. One consideration is whether the device provides attack vectors when the system is at the sign-in screen. For example, if the Windows device has a port that allows direct memory access so that someone can plug in hardware and read memory, an attacker can read the operating system volume's decryption key from memory while at the Windows sign-in screen. To mitigate this risk, organizations can configure BitLocker so that the TPM key requires both the correct software measurements and an authorization value. The system startup process stops at Windows Boot Manager, and the user is prompted to enter the authorization value for the TPM key or insert a USB device with the value. This process stops BitLocker from automatically loading the key into memory where it might be vulnerable, but has a less desirable user experience.
 
 Newer hardware and Windows work better together to disable direct memory access through ports and reduce attack vectors. The result is that organizations can deploy more systems without requiring users to enter additional authorization information during the startup process. The right hardware allows BitLocker to be used with the "TPM-only" configuration giving users a single sign-on experience without having to enter a PIN or USB key during boot.
 
@@ -92,17 +92,17 @@ For software measurements, Device Encryption relies on measurements of the autho
 
 ## Measured Boot
 
-Windows 8 introduced Measured Boot as a way for the operating system to record the chain of measurements of software components and configuration information in the TPM through the initialization of the Windows operating system. In previous Windows versions, the measurement chain stopped at the Windows Boot Manager component itself, and the measurements in the TPM were not helpful for understanding the starting state of Windows.
+Windows 8 introduced Measured Boot as a way for the operating system to record the chain of measurements of software components and configuration information in the TPM through the initialization of the Windows operating system. In previous Windows versions, the measurement chain stopped at the Windows Boot Manager component itself, and the measurements in the TPM weren't helpful for understanding the starting state of Windows.
 
-The Windows boot process happens in stages and often involves non-Microsoft drivers to communicate with vendor-specific hardware or implement antimalware solutions. For software, Measured Boot records measurements of the Windows kernel, Early-Launch Anti-Malware drivers, and boot drivers in the TPM. For configuration settings, Measured Boot records security-relevant information such as signature data that antimalware drivers use and configuration data about Windows security features (e.g., whether BitLocker is on or off).
+The Windows boot process happens in stages and often involves non-Microsoft drivers to communicate with vendor-specific hardware or implement anti-malware solutions. For software, Measured Boot records measurements of the Windows kernel, Early-Launch anti-malware drivers, and boot drivers in the TPM. For configuration settings, Measured Boot records security-relevant information such as signature data that anti-malware drivers use and configuration data about Windows security features (for example, whether BitLocker is on or off).
 
 Measured Boot ensures that TPM measurements fully reflect the starting state of Windows software and configuration settings. If security settings and other protections are set up correctly, they can be trusted to maintain the security of the running operating system thereafter. Other scenarios can use the operating system's starting state to determine whether the running operating system should be trusted.
 
-TPM measurements are designed to avoid recording any privacy-sensitive information as a measurement. As an additional privacy protection, Measured Boot stops the measurement chain at the initial starting state of Windows. Therefore, the set of measurements does not include details about which applications are in use or how Windows is being used. Measurement information can be shared with external entities to show that the device is enforcing adequate security policies and did not start with malware.
+TPM measurements are designed to avoid recording any privacy-sensitive information as a measurement. As an additional privacy protection, Measured Boot stops the measurement chain at the initial starting state of Windows. Therefore, the set of measurements doesn't include details about which applications are in use or how Windows is being used. Measurement information can be shared with external entities to show that the device is enforcing adequate security policies and didn't start with malware.
 
 The TPM provides the following way for scenarios to use the measurements recorded in the TPM during boot:
 
-- **Remote Attestation**.  Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process.
+- **Remote Attestation**.  Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or *quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process.
 
 When new security features are added to Windows, Measured Boot adds security-relevant configuration information to the measurements recorded in the TPM. Measured Boot enables remote attestation scenarios that reflect the system firmware and the Windows initialization state.
 
@@ -111,24 +111,22 @@ When new security features are added to Windows, Measured Boot adds security-rel
 
 ## Health Attestation
 
-Some Windows improvements help security solutions implement remote attestation scenarios. Microsoft provides a Health Attestation service, which can create attestation identity key certificates for TPMs from different manufacturers as well as parse measured boot information to extract simple security assertions, such as whether BitLocker is on or off. The simple security assertions can be used to evaluate device health.
+Some Windows improvements help security solutions implement remote attestation scenarios. Microsoft provides a Health Attestation service, which can create attestation identity key certificates for TPMs from different manufacturers and parse measured boot information to extract simple security assertions, such as whether BitLocker is on or off. The simple security assertions can be used to evaluate device health.
 
 Mobile device management (MDM) solutions can receive simple security assertions from the Microsoft Health Attestation service for a client without having to deal with the complexity of the quote or the detailed TPM measurements. MDM solutions can act on the security information by quarantining unhealthy devices or blocking access to cloud services such as Microsoft Office 365.
 
 ## Credential Guard
 
-Credential Guard is a new feature in Windows that helps protect Windows credentials in organizations that have deployed AD DS. Historically, a user's credentials (such as a logon password) were hashed to generate an authorization token. The user employed the token to access resources that he or she was permitted to use. One weakness of the token model is that malware that had access to the operating system kernel could look through the computer's memory and harvest all the access tokens currently in use. The attacker could then use harvested tokens to log on to other machines and collect more credentials. This kind of attack is called a "pass the hash" attack, a malware technique that infects one machine to infect many machines across an organization.
+Credential Guard is a new feature in Windows that helps protect Windows credentials in organizations that have deployed AD DS. Historically, a user's credentials (such as a sign-in password) were hashed to generate an authorization token. The user employed the token to access resources that they were permitted to use. One weakness of the token model is that malware that had access to the operating system kernel could look through the computer's memory and harvest all the access tokens currently in use. The attacker could then use harvested tokens to sign in to other machines and collect more credentials. This kind of attack is called a "pass the hash" attack, a malware technique that infects one machine to infect many machines across an organization.
 
-Similar to the way Microsoft Hyper-V keeps virtual machines (VMs) separate from one another, Credential Guard uses virtualization to isolate the process that hashes credentials in a memory area that the operating system kernel can't access. This isolated memory area is initialized and protected during the boot process so that components in the larger operating system environment can't tamper with it. Credential Guard uses the TPM to protect its keys with TPM measurements, so they are accessible only during the boot process step when the separate region is initialized; they are not available for the normal operating system kernel. The local security authority code in the Windows kernel interacts with the isolated memory area by passing in credentials and receiving single-use authorization tokens in return.
+Similar to the way Microsoft Hyper-V keeps virtual machines (VMs) separate from one another, Credential Guard uses virtualization to isolate the process that hashes credentials in a memory area that the operating system kernel can't access. This isolated memory area is initialized and protected during the boot process so that components in the larger operating system environment can't tamper with it. Credential Guard uses the TPM to protect its keys with TPM measurements, so they're accessible only during the boot process step when the separate region is initialized; they aren't available for the normal operating system kernel. The local security authority code in the Windows kernel interacts with the isolated memory area by passing in credentials and receiving single-use authorization tokens in return.
 
-The resulting solution provides defense in depth, because even if malware runs in the operating system kernel, it can't access the secrets inside the isolated memory area that actually generates authorization tokens. The solution does not solve the problem of key loggers because the passwords such loggers capture actually pass through the normal Windows kernel, but when combined with other solutions, such as smart cards for authentication, Credential Guard greatly enhances the protection of credentials in Windows.
+The resulting solution provides defense in depth, because even if malware runs in the operating system kernel, it can't access the secrets inside the isolated memory area that actually generates authorization tokens. The solution doesn't solve the problem of key loggers because the passwords such loggers capture actually pass through the normal Windows kernel, but when combined with other solutions, such as smart cards for authentication, Credential Guard greatly enhances the protection of credentials in Windows.
 
 ## Conclusion
 
 The TPM adds hardware-based security benefits to Windows. When installed on hardware that includes a TPM, Window delivers remarkably improved security benefits. The following table summarizes the key benefits of the TPM's major features.
 
-<br/>
-
 | Feature                    | Benefits when used on a system with a TPM                                                                                                                                                             |
 |----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Platform Crypto Provider   | - If the machine is compromised, the private key associated with the certificate can't be copied off the device.<br>- The TPM's dictionary attack mechanism protects PIN values to use a certificate. |
@@ -138,8 +136,6 @@ The TPM adds hardware-based security benefits to Windows. When installed on hard
 | Device Encryption          | With a Microsoft account and the right hardware, consumers' devices seamlessly benefit from data-at-rest protection.                                                                                  |
 | Measured Boot              | A hardware root of trust contains boot measurements that help detect malware during remote attestation.                                                                                               |
 | Health Attestation         | MDM solutions can easily perform remote attestation and evaluate client health before granting access to resources or cloud services such as Office 365.                                              |
-| Credential Guard           | Defense in depth increases so that even if malware has administrative rights on one machine, it is significantly more difficult to compromise additional machines in an organization.                 |
+| Credential Guard           | Defense in depth increases so that even if malware has administrative rights on one machine, it's significantly more difficult to compromise additional machines in an organization.                 |
 
-<br />
-
-Although some of the aforementioned features have additional hardware requirements (e.g., virtualization support), the TPM is a cornerstone of Windows security. Microsoft and other industry stakeholders continue to improve the global standards associated with TPM and find more and more applications that use it to provide tangible benefits to customers. Microsoft has included support for most TPM features in its version of Windows for the Internet of Things (IoT) called [Windows IoT Core](/windows/iot-core/windows-iot-core).  IoT devices that might be deployed in insecure physical locations and connected to cloud services like [Azure IoT Hub](https://azure.microsoft.com/documentation/services/iot-hub/) for management can use the TPM in innovative ways to address their emerging security requirements.
+Although some of the aforementioned features have more hardware requirements (for example, virtualization support), the TPM is a cornerstone of Windows security. Microsoft and other industry stakeholders continue to improve the global standards associated with TPM and find more applications that use it to provide tangible benefits to customers. Microsoft has included support for most TPM features in its version of Windows for the Internet of Things (IoT) called [Windows IoT Core](/windows/iot-core/windows-iot-core). IoT devices that might be deployed in insecure physical locations and connected to cloud services like [Azure IoT Hub](https://azure.microsoft.com/documentation/services/iot-hub/) for management can use the TPM in innovative ways to address their emerging security requirements.
diff --git a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 9e08708019..bede99fdbe 100644
--- a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -2,7 +2,7 @@
 title: Troubleshoot the TPM
 description: Learn how to view and troubleshoot the Trusted Platform Module (TPM).
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ms.collection:
 - tier1
 ---
@@ -13,9 +13,6 @@ This article provides information how to troubleshoot the Trusted Platform Modul
 
 - [Troubleshoot TPM initialization](#tpm-initialization)
 - [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm)
-
-With TPM 1.2 and Windows 11, you can also take the following actions:
-
 - [Turn on or turn off the TPM](#turn-on-or-turn-off-the-tpm)
 
 For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true).
@@ -28,17 +25,17 @@ Windows automatically initializes and takes ownership of the TPM. There's no nee
 
 If you find that Windows isn't able to initialize the TPM automatically, review the following information:
 
-- You can try clearing the TPM to the factory default values, allowing Windows to reinitialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm)
-- If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system
-- If you have TPM 1.2 with Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it's turned back on, Windows will reinitialize it
-- If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it, and then allow the operating system to initialize the TPM
+- You can try clearing the TPM to the factory default values, allowing Windows to reinitialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm).
+- If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system.
+- If you have TPM 1.2 with Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it's turned back on, Windows reinitializes it.
+- If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it, and then allow the operating system to initialize the TPM.
 
 ### Network connection issues for domain-joined Windows 11 devices
 
 If you have Windows 11, the initialization of the TPM can't complete when your computer has network connection issues and both of the following conditions exist:
 
-- An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through group policy
-- A domain controller can't be reached. This scenario may occur on a device that is currently disconnected from the internal network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter)
+- An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through group policy.
+- A domain controller can't be reached. This scenario may occur on a device that is currently disconnected from the internal network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter).
 
 If these issues occur, an error message appears, and you can't complete the initialization process. To avoid the issue, allow Windows to initialize the TPM while you're connected to the corporate network, and you can contact a domain controller.
 
@@ -46,7 +43,7 @@ If these issues occur, an error message appears, and you can't complete the init
 
 Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows doesn't support this configuration. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs, you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm).
 
-For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection isn't changed.
+For example, toggling TPMs cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected for use and the selection isn't changed.
 
 ## Clear all the keys from the TPM
 
@@ -61,11 +58,11 @@ Clearing the TPM resets it to an unowned state. After you clear the TPM, the Win
 
 Clearing the TPM can result in data loss. To protect against such loss, review the following precautions:
 
-- Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM
-- Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator
-- If you want to temporarily suspend TPM operations on Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm)
-- Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Don't clear the TPM directly from UEFI
-- Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website
+- Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
+- Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator.
+- If you want to temporarily suspend TPM operations on Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm).
+- Always use functionality in the operating system (such as TPM.msc) to clear the TPM. Don't clear the TPM directly from UEFI.
+- Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website.
 
 Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
 
@@ -76,7 +73,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
 1. Select **Security processor details**.
 1. Select **Security processor troubleshooting**.
 1. Select **Clear TPM**.
-    - You'll be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
+    - You'll be prompted to restart the computer. During the restart, you might be prompted to press a button to confirm that you wish to clear the TPM.
     - After the device restarts, your TPM will be automatically prepared for use by Windows.
 
 ## Turn on or turn off the TPM
@@ -100,7 +97,7 @@ If you want to stop using the services that are provided by the TPM, you can use
 1. Open the TPM MMC (`tpm.msc`).
 1. In the **Action** pane, select **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
 1. In the **Turn off the TPM security hardware** dialog box, select a method to enter your owner password and turning off the TPM:
-   - If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the *.tpm* file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**.
+   - If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the `.tpm` file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**.
    - If you don't have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**.
    - If you didn't save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
 
diff --git a/windows/security/hardware-security/tpm/manage-tpm-commands.md b/windows/security/hardware-security/tpm/manage-tpm-commands.md
index d309758d11..fc2bcfb404 100644
--- a/windows/security/hardware-security/tpm/manage-tpm-commands.md
+++ b/windows/security/hardware-security/tpm/manage-tpm-commands.md
@@ -2,14 +2,14 @@
 title: Manage TPM commands
 description: This article for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # Manage TPM commands
 
 This article for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 
-After a computer user takes ownership of the TPM, the TPM owner can limit which TPM commands can be run by creating a list of blocked TPM commands. The list can be created and applied to all computers in a domain by using Group Policy, or a list can be created for individual computers by using the TPM MMC. Because some hardware vendors might provide additional commands or the Trusted Computing Group may decide to add commands in the future, the TPM MMC also supports the ability to block new commands.
+After a computer user takes ownership of the TPM, the TPM owner can limit which TPM commands can be run by creating a list of blocked TPM commands. The list can be created and applied to all computers in a domain by using Group Policy, or a list can be created for individual computers by using the TPM MMC. Because some hardware vendors might provide more commands or the Trusted Computing Group might decide to add commands in the future, the TPM MMC also supports the ability to block new commands.
 
 The following procedures describe how to manage the TPM command lists. You must be a member of the local Administrators group.
 
@@ -33,34 +33,24 @@ The following procedures describe how to manage the TPM command lists. You must
     > [!NOTE]
     > For a list of commands, see links in the [TPM Specification](https://www.trustedcomputinggroup.org/tpm-main-specification/).
 
-1. After you have added numbers for each command that you want to block, select **OK** twice.
+1. After adding numbers for each command that you want to block, select **OK** twice.
 
 1. Close the Local Group Policy Editor.
 
 ## Block or allow TPM commands by using the TPM MMC
 
 1. Open the TPM MMC (`tpm.msc`). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**.
-
 1. In the console tree, select **Command Management**. A list of TPM commands is displayed.
-
 1. In the list, select a command that you want to block or allow.
-
 1. Under **Actions**, select **Block Selected Command** or **Allow Selected Command** as needed. If **Allow Selected Command** is unavailable, that command is currently blocked by Group Policy.
 
 ## Block new commands
 
 1. Open the TPM MMC (`tpm.msc`). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**.
-
 1. In the console tree, select **Command Management**. A list of TPM commands is displayed.
-
 1. In the **Action** pane, select **Block New Command**. The **Block New Command** dialog box is displayed.
-
 1. In the **Command Number** text box, type the number of the new command that you want to block, and then select **OK**. The command number you entered is added to the blocked list.
 
 ## Use the TPM cmdlets
 
 You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatformModule PowerShell cmdlets](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true).
-
-## Related articles
-
-- [Trusted Platform Module](trusted-platform-module-overview.md)
diff --git a/windows/security/hardware-security/tpm/manage-tpm-lockout.md b/windows/security/hardware-security/tpm/manage-tpm-lockout.md
index abf6374e8f..7dfa150354 100644
--- a/windows/security/hardware-security/tpm/manage-tpm-lockout.md
+++ b/windows/security/hardware-security/tpm/manage-tpm-lockout.md
@@ -2,7 +2,7 @@
 title: Manage TPM lockout
 description: This article for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # Manage TPM lockout
@@ -21,11 +21,11 @@ In some cases, encryption keys are protected by a TPM by requiring a valid autho
 
 TPM 2.0 devices have standardized lockout behavior which Windows configures. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 10 minutes. This configuration means that every continuous 10 minutes of powered on operation without an event causes the counter to decrease by 1.
 
-If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner's authorization. This value is no longer retained by default starting with Windows 10 version 1607 and higher.
+If your TPM is in lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner's authorization. This value is no longer retained by default starting with Windows 10 version 1607 and higher.
 
 ### TPM 1.2
 
-The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. These delays can prevent them from using the TPM for a period of time.
+The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips might not store failed attempts over time. Other TPM chips might store every failed attempt indefinitely. Therefore, some users might experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. These delays can prevent them from using the TPM for some time.
 
 ## Reset the TPM lockout by using the TPM MMC
 
@@ -73,7 +73,3 @@ For information about mitigating dictionary attacks that use the lockout setting
 ## Use the TPM cmdlets
 
 You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/).
-
-## Related articles
-
-- [Trusted Platform Module](trusted-platform-module-overview.md)
diff --git a/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index 281201247a..c3cd7b4d47 100644
--- a/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -1,8 +1,8 @@
 ---
-title: UnderstandPCR banks on TPM 2.0 devices
+title: Understand PCR banks on TPM 2.0 devices
 description: Learn about what happens when you switch PCR banks on TPM 2.0 devices.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # PCR banks on TPM 2.0 devices
@@ -27,9 +27,9 @@ It's important to note that this binding to PCR values also includes the hashing
 
 ## What happens when PCR banks are switched?
 
-When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. Each hash algorithm will return a different cryptographic signature for the same inputs.
+When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. Each hash algorithm returns a different cryptographic signature for the same inputs.
 
-As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR[12] and subsequently changed the PCR bank to SHA-256, the banks wouldn't match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows won't be able to unseal it if the PCR banks are switched while BitLocker is enabled.
+As a result, if the currently used PCR bank is switched, all keys that are bound to the previous PCR values no longer work. For example, if you had a key bound to the SHA-1 value of PCR[12] and later changed the PCR bank to SHA-256, the banks wouldn't match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows can't unseal it if the PCR banks are switched while BitLocker is enabled.
 
 ## What can I do to switch PCRs when BitLocker is already active?
 
@@ -43,7 +43,7 @@ You can configure a TPM to have multiple PCR banks active. When BIOS performs me
 - DWORD: `TPMActivePCRBanks`
 - Defines which PCR banks are currently active. This value should be interpreted as a bitmap for which the bits are defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 21 of Revision 1.27.
 
-Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions isn't met.
+Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows prefers the use of the SHA-256 bank for measurements and falls back to SHA1 PCR bank if one of the preconditions isn't met.
 
 You can identify which PCR bank is currently used by Windows by looking at the registry:
 
@@ -51,4 +51,4 @@ You can identify which PCR bank is currently used by Windows by looking at the r
 - DWORD: `TPMDigestAlgID`
 - Algorithm ID of the PCR bank that Windows is currently using. This value represents an algorithm identifier as defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 3 of Revision 1.27.
 
-Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they aren't used by Windows and measurements that appear to be from Windows shouldn't be trusted.
+Windows only uses one PCR bank to continue boot measurements. All other active PCR banks are extended with a separator to indicate that they aren't used by Windows and measurements that appear to be from Windows shouldn't be trusted.
diff --git a/windows/security/hardware-security/tpm/tpm-fundamentals.md b/windows/security/hardware-security/tpm/tpm-fundamentals.md
index d4612701db..a6b202ab80 100644
--- a/windows/security/hardware-security/tpm/tpm-fundamentals.md
+++ b/windows/security/hardware-security/tpm/tpm-fundamentals.md
@@ -2,7 +2,7 @@
 title: Trusted Platform Module (TPM) fundamentals
 description: Learn about the components of the Trusted Platform Module and how they're used to mitigate dictionary attacks.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # TPM fundamentals
@@ -98,7 +98,7 @@ TPM 2.0 allows some keys to be created without an authorization value associated
 
 Originally, BitLocker allowed from 4 to 20 characters for a PIN. Windows Hello has its own PIN for sign-in, which can be 4 to 127 characters. Both BitLocker and Windows Hello use the TPM to prevent PIN brute-force attacks.
 
-Windows 10, version 1607 and earlier used Dictionary Attack Prevention parameters. The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. For example, when BitLocker is used with a TPM + PIN configuration, the number of PIN guesses is limited over time. A TPM 2.0 in this example could be configured to allow only 32 PIN guesses immediately, and then only one more guess every two hours. This totals a maximum of about 4415 guesses per year. If the PIN is four digits, all 9999 possible PIN combinations could be attempted in a little over two years.
+Windows 10, version 1607 and earlier used Dictionary Attack Prevention parameters. The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. For example, when BitLocker is used with a TPM + PIN configuration, the number of PIN guesses is limited over time. A TPM 2.0 in this example could be configured to allow only 32 PIN guesses immediately, and then only one more guess every two hours. This totals a maximum of about 4,415 guesses per year. If the PIN is four digits, all 9999 possible PIN combinations could be attempted in a little over two years.
 
 Starting in Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to six characters, to better align with other Windows features that use TPM 2.0, including Windows Hello. Increasing the PIN length requires a greater number of guesses for an attacker. Therefore, the lockout duration between each guess was shortened to allow legitimate users to retry a failed attempt sooner while maintaining a similar level of protection. In case the legacy parameters for lockout threshold and recovery time need to be used, make sure that GPO is enabled and [configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0](/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings#configure-the-system-to-use-legacy-dictionary-attack-prevention-parameters-setting-for-tpm-20).
 
diff --git a/windows/security/hardware-security/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md
index 4471400a65..ae731d1f10 100644
--- a/windows/security/hardware-security/tpm/tpm-recommendations.md
+++ b/windows/security/hardware-security/tpm/tpm-recommendations.md
@@ -1,15 +1,15 @@
 ---
 title: TPM recommendations
-description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows.
+description: This article provides recommendations for Trusted Platform Module (TPM) technology for Windows.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ms.collection:
 - tier1
 ---
 
 # TPM recommendations
 
-This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows.
+This article provides recommendations for Trusted Platform Module (TPM) technology for Windows.
 
 For a basic feature description of TPM, see the [Trusted Platform Module Technology Overview](trusted-platform-module-overview.md).
 
@@ -17,24 +17,24 @@ For a basic feature description of TPM, see the [Trusted Platform Module Technol
 
 Traditionally, TPMs are discrete chips soldered to a computer's motherboard. Such implementations allow the computer's original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Discrete TPM implementations are common. However, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 
-TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform's owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user is planning to reinstall the operating system, he or she may need to clear the TPM before reinstalling so that Windows can take full advantage of the TPM.
+TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform's owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user is planning to reinstall the operating system, they may need to clear the TPM before reinstalling so that Windows can take full advantage of the TPM.
 
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards. These standards support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
-OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. For example, software alone cannot reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust-that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM.
+OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone can't achieve. For example, software alone can't reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust-that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly can't leave the TPM.
 
-The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs whereas others do not.
+The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments clearly define security requirements for TPMs whereas others don't.
 
 ## TPM 1.2 vs. 2.0 comparison
 
-From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0, which has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM.
+From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0, which has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization, and NV RAM.
 
 ## Why TPM 2.0?
 
 TPM 2.0 products and systems have important security advantages over TPM 1.2, including:
 
 - The TPM 1.2 spec only allows for the use of RSA and the SHA-1 hashing algorithm.
-- For security reasons, some entities are moving away from SHA-1. Notably, NIST has required many federal agencies to move to SHA-256 as of 2014, and technology leaders, including Microsoft and Google have announced they will remove support for SHA-1 based signing or certificates in 2017.
+- For security reasons, some entities are moving away from SHA-1. Notably, NIST requires many federal agencies to move to SHA-256 as of 2014, and technology leaders, including Microsoft and Google have removed support for SHA-1 based signing or certificates in 2017.
 - TPM 2.0 **enables greater crypto agility** by being more flexible with respect to cryptographic algorithms.
   - TPM 2.0 supports newer algorithms, which can improve drive signing and key generation performance. For the full list of supported algorithms, see the [TCG Algorithm Registry](http://www.trustedcomputinggroup.org/tcg-algorithm-registry/). Some TPMs don't support all algorithms.
   - For the list of algorithms that Windows supports in the platform cryptographic storage provider, see [CNG Cryptographic Algorithm Providers](/windows/win32/seccertenroll/cng-cryptographic-algorithm-providers).
@@ -58,7 +58,7 @@ There are three implementation options for TPMs:
 - Integrated TPM solution, using dedicated hardware integrated into one or more semiconductor packages alongside, but logically separate from, other components.
 - Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit.
 
-Windows uses any compatible TPM in the same way. Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions, which should suit all needs.
+Windows uses any compatible TPM in the same way. Microsoft doesn't take a position on which way a TPM should be implemented and there's a wide ecosystem of available TPM solutions, which should suit all needs.
 
 ## Is there any importance for TPM for consumers?
 
@@ -84,25 +84,21 @@ The following table defines which Windows features require TPM support.
 
 | Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
 |--|--|--|--|--|
-| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. |
+| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm, which is being deprecated. |
 | BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/index.md#device-encryption) including TPM 2.0 support |
 | Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. |
 | Windows Defender Application Control (Device Guard) | No | Yes | Yes |
-| Windows Defender System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. |
-| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with Windows Defender System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers. |
-| Device Health Attestation | Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. |
-| Windows Hello/Windows Hello for Business | No | Yes | Yes | Microsoft Entra join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. TPM 2.0 is recommended over TPM 1.2 for better performance and security. Windows Hello as a FIDO platform authenticator will take advantage of TPM 2.0 for key storage. |
+| System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. |
+| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers. |
+| Device Health Attestation | Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm, which is being deprecated. |
+| Windows Hello/Windows Hello for Business | No | Yes | Yes | Microsoft Entra join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. TPM 2.0 is recommended over TPM 1.2 for better performance and security. Windows Hello as a FIDO platform authenticator takes advantage of TPM 2.0 for key storage. |
 | UEFI Secure Boot | No | Yes | Yes |
 | TPM Platform Crypto Provider Key Storage Provider | Yes | Yes | Yes |
 | Virtual Smart Card | Yes | Yes | Yes |
 | Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. |
-| Autopilot | No | N/A | Yes | If you intend to deploy a scenario which requires TPM (such as white glove and self-deploying mode), then TPM 2.0 and UEFI firmware are required. |
+| Autopilot | No | N/A | Yes | If you intend to deploy a scenario, which requires TPM (such as white glove and self-deploying mode), then TPM 2.0 and UEFI firmware are required. |
 | SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. |
 
 ## OEM Status on TPM 2.0 system availability and certified parts
 
 Government customers and enterprise customers in regulated industries may have acquisition standards that require use of common certified TPM parts. As a result, OEMs, who provide the devices, may be required to use only certified TPM components on their commercial class systems. For more information, contact your OEM or hardware vendor.
-
-## Related topics
-
-- [Trusted Platform Module](trusted-platform-module-overview.md)
diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-overview.md b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md
index 46a0c61d51..372d8ad9ee 100644
--- a/windows/security/hardware-security/tpm/trusted-platform-module-overview.md
+++ b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md
@@ -2,7 +2,7 @@
 title: Trusted Platform Module Technology Overview
 description: Learn about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ms.collection:
 - tier1
 ---
diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
index 4ea0c0f2d7..fdc858bcd3 100644
--- a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -1,13 +1,52 @@
 ---
 title: TPM Group Policy settings
-description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
+description: This article describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 ms.topic: conceptual
-ms.date: 11/17/2023
+ms.date: 07/10/2024
 ---
 
 # TPM Group Policy settings
 
-This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. The Group Policy settings for TPM services are located under **Computer Configuration** > **Administrative Templates** > **System** > **Trusted Platform Module Services**.
+This article describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. The Group Policy settings for TPM services are located under **Computer Configuration** > **Administrative Templates** > **System** > **Trusted Platform Module Services**.
+
+## Configure the list of blocked TPM commands
+
+This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
+
+If you enable this policy setting, Windows blocks the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number `129` is `TPM_OwnerReadInternalPub`, and command number `170` is `TPM_FieldUpgrade`.
+
+If you disable or don't configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by running `tpm.msc`, navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running `tpm.msc` or through scripting against the Win32_Tpm interface.
+
+## Configure the system to clear the TPM if it is not in a ready state
+
+This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy takes effect only if the system's TPM is in a state other than Ready, including if the TPM is "Ready, with reduced functionality". The prompt to clear the TPM will start occurring after the next reboot, upon user sign-in only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and sign-in until the policy is disabled or until the TPM is in a Ready state.
+
+## Ignore the default list of blocked TPM commands
+
+This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows ignores the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
+
+The local list of blocked TPM commands is configured outside of Group Policy by running `tpm.msc` or through scripting against the `Win32_Tpm` interface. The default list of blocked TPM commands is preconfigured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or don't configure this policy setting, Windows blocks the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
+
+## Ignore the local list of blocked TPM commands
+
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions, which require TPM owner authorization without requiring the user to enter the TPM owner password.
+
+You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
+
+If you enable this policy setting, Windows stores the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
+
+Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios, which don't depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features, which depend on the TPM anti-hammering logic can be used.
+
+Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
+
+Choose the operating system managed TPM authentication setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications.
+
+> [!NOTE]
+> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value is regenerated and any copies of the original TPM owner authorization value are invalidated.
 
 ## Configure the level of TPM owner authorization information available to the operating system
 
@@ -24,11 +63,11 @@ This policy setting configured which TPM authorization values are stored in the
 
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
-- **Full**: This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0.
+- **Full**: This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that don't require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0.
 
 - **Delegated**: This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows prior to version 1703.
 
-- **None**: This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
+- **None**: This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization can't be stored locally. Using this setting might cause issues with some TPM-based applications.
 
 > [!NOTE]
 > If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid.
@@ -46,31 +85,31 @@ The following table shows the TPM owner authorization values in the registry.
 | 2          | Delegated |
 | 4          | Full      |
 
-If you enable this policy setting, the Windows operating system will store the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose.
+If you enable this policy setting, the Windows operating system stores the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose.
 
-On Windows 10 prior to version 1607, if you disable or do not configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not configured, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is enabled, only the administrative delegation and the user delegation blobs are stored in the local registry.
+On Windows 10 prior to version 1607, if you disable or don't configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not configured, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is enabled, only the administrative delegation and the user delegation blobs are stored in the local registry.
 
 ## Standard User Lockout Duration
 
 This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response that indicates an authorization failure occurred. Authorization failures that are older than the duration you set are ignored. If the number of TPM commands with an authorization failure within the lockout duration equals a threshold, a standard user is prevented from sending commands that require
 authorization to the TPM.
 
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it's global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption.
 
 This setting helps administrators prevent the TPM hardware from entering a lockout mode by slowing the speed at which standard users can send commands that require authorization to the TPM.
 
 For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration:
 
-- [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold): This value is the maximum number of authorization failures that each standard user can have before the user is not allowed to send commands that require authorization to the TPM.
-- [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold): This value is the maximum total number of authorization failures that all standard users can have before all standard users are not allowed to send commands that require authorization to the TPM.
+- [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold): This value is the maximum number of authorization failures that each standard user can have before the user isn't allowed to send commands that require authorization to the TPM.
+- [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold): This value is the maximum total number of authorization failures that all standard users can have before all standard users aren't allowed to send commands that require authorization to the TPM.
 
 An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
-If you do not configure this policy setting, a default value of 480 minutes (8 hours) is used.
+If you don't configure this policy setting, a default value of 480 minutes (8 hours) is used.
 
 ## Standard User Individual Lockout Threshold
 
-This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). This value is the maximum number of authorization failures that each standard user can have before the user is not allowed to send commands that require authorization to the TPM. If the number of authorization failures for the user within the duration that is set for the **Standard User Lockout Duration** policy setting equals this value, the standard user is prevented from sending commands that require authorization to the Trusted Platform Module (TPM).
+This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). This value is the maximum number of authorization failures that each standard user can have before the user isn't allowed to send commands that require authorization to the TPM. If the number of authorization failures for the user within the duration that is set for the **Standard User Lockout Duration** policy setting equals this value, the standard user is prevented from sending commands that require authorization to the Trusted Platform Module (TPM).
 
 This setting helps administrators prevent the TPM hardware from entering a lockout mode by slowing the speed at which standard users can send commands that require authorization to the TPM.
 
@@ -78,7 +117,7 @@ An authorization failure occurs each time a standard user sends a command to the
 
 An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
-If you do not configure this policy setting, a default value of 4 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
+If you don't configure this policy setting, a default value of 4 is used. A value of zero means that the operating system won't allow standard users to send commands to the TPM, which might cause an authorization failure.
 
 ## Standard User Total Lockout Threshold
 
@@ -90,7 +129,7 @@ An authorization failure occurs each time a standard user sends a command to the
 
 An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
-If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
+If you don't configure this policy setting, a default value of 9 is used. A value of zero means that the operating system won't allow standard users to send commands to the TPM, which might cause an authorization failure.
 
 ## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
 
@@ -114,14 +153,13 @@ You can change what users see about TPM in **Windows Security**. The Group Polic
 
 ### Disable the Clear TPM button
 
-If you don't want users to be able to click the **Clear TPM** button in **Windows Security**, you can disable it with this Group Policy setting. Select **Enabled** to make the **Clear TPM** button unavailable for use.
+If you don't want users to be able to select the **Clear TPM** button in **Windows Security**, you can disable it with this Group Policy setting. Select **Enabled** to make the **Clear TPM** button unavailable for use.
 
 ### Hide the TPM Firmware Update recommendation
 
 If you don't want users to see the recommendation to update TPM firmware, you can disable it with this setting. Select **Enabled** to prevent users from seeing a recommendation to update their TPM firmware when a vulnerable firmware is detected.
 
-## Related topics
+## Related articles
 
-- [Trusted Platform Module](trusted-platform-module-overview.md)
 - [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true)
 - [BitLocker planning guide](../../operating-system-security/data-protection/bitlocker/planning-guide.md)
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 3a7b6d25bd..20731a876a 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -1,9 +1,9 @@
 ---
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 title: Access Control overview
 description: Learn about access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
 ms.topic: overview
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index ba0aa757cc..70dbff7388 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,9 +1,9 @@
 ---
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
 ms.topic: concept-article
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
@@ -37,7 +37,7 @@ The default Administrator account can't be deleted or locked out, but it can be
 
 Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group.
 
-Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.  
+Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.
 
 #### Account group membership
 
@@ -219,7 +219,7 @@ The following table shows the Group Policy and registry settings that are used t
 ||Registry value data|0|
 
 > [!NOTE]
-> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. 
+> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates.
 
 #### To enforce local account restrictions for remote access
 
diff --git a/windows/security/identity-protection/credential-guard/configure.md b/windows/security/identity-protection/credential-guard/configure.md
index fee6dbbc20..b965f14e38 100644
--- a/windows/security/identity-protection/credential-guard/configure.md
+++ b/windows/security/identity-protection/credential-guard/configure.md
@@ -404,4 +404,4 @@ bcdedit /set vsmlaunchtype off
 <!--links-->
 
 [CSP-1]: /windows/client-management/mdm/policy-csp-deviceguard#enablevirtualizationbasedsecurity
-[INT-1]: /mem/intune/configuration/settings-catalog
+[INT-1]: /mem/intune/configuration/custom-settings-configure
diff --git a/windows/security/identity-protection/credential-guard/considerations-known-issues.md b/windows/security/identity-protection/credential-guard/considerations-known-issues.md
index b52bfea7e9..71298d9a5b 100644
--- a/windows/security/identity-protection/credential-guard/considerations-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/considerations-known-issues.md
@@ -112,7 +112,7 @@ Once the device has connectivity to the domain controllers, DPAPI recovers the u
 
 When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection.  The impact includes: Outlook is unable to start and work protected documents can't be opened. If DPAPI is working, then newly created work data is protected and can be accessed.
 
-**Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
+**Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
 
 ## Known issues
 
diff --git a/windows/security/identity-protection/hello-for-business/configure.md b/windows/security/identity-protection/hello-for-business/configure.md
index 008110433e..901fa618d2 100644
--- a/windows/security/identity-protection/hello-for-business/configure.md
+++ b/windows/security/identity-protection/hello-for-business/configure.md
@@ -106,7 +106,7 @@ Windows Hello for Business is enabled by default for devices that are Microsoft
 
 Configuration type| Details |
 |--|-|
-| CSP (user)|**Key path**: `HHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\<Tenant-ID>\UserSid\Policies`<br>**Key name**: `UsePassportForWork`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` to enable<br>&emsp;`0` to disable |
+| CSP (user)|**Key path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\<Tenant-ID>\UserSid\Policies`<br>**Key name**: `UsePassportForWork`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` to enable<br>&emsp;`0` to disable |
 | CSP (device)|**Key path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\<Tenant-ID>\Device\Policies`<br>**Key name**: `UsePassportForWork`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` to enable<br>&emsp;`0` to disable |
 | GPO (user)|**Key path**: `HKEY_USERS\<UserSID>\SOFTWARE\Policies\Microsoft\PassportForWork`<br>**Key name**: `Enabled`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` to enable<br>&emsp;`0` to disable |
 | GPO (user)|**Key path**: `KEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork`<br>**Key name**: `Enabled`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` to enable<br>&emsp;`0` to disable |
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
index 50ff10820c..e2e4402d37 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
@@ -37,7 +37,7 @@ Use the following instructions to configure your devices using either Microsoft
 
 Windows Hello for Business provisioning performs the initial enrollment of the Windows Hello for Business authentication certificate. This certificate expires based on the duration configured in the Windows Hello for Business *authentication certificate* template.
 
-The process requires no user interaction, provided the user signs-in using Windows Hello for Business. The certificate is renewed in the background before it expires.
+The process requires no user interaction, provided the user signs in using Windows Hello for Business. The certificate is renewed in the background before it expires.
 
 [!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]
 
@@ -135,6 +135,6 @@ To better understand the authentication flows, review the following sequence dia
 
 <!--links-->
 
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+[AZ-4]: /entra/identity/devices/troubleshoot-device-dsregcmd
 [CSP-1]: /windows/client-management/mdm/passportforwork-csp
 [MEM-1]: /mem/intune/configuration/custom-settings-configure
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
index bbb9a72759..8b2347f411 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
@@ -34,7 +34,7 @@ ms.topic: tutorial
 
 ## Federated authentication to Microsoft Entra ID
 
-Windows Hello for Business hybrid certificate trust requires Active Directory to be federated with Microsoft Entra ID using AD FS. You must also configure the AD FS farm to support Azure registered devices.
+Windows Hello for Business hybrid certificate trust requires Active Directory to be federated with Microsoft Entra ID using AD FS. You must also configure the AD FS farm to support Microsoft Entra registered devices.
 
 If you're new to AD FS and federation services:
 
@@ -82,9 +82,9 @@ During Windows Hello for Business provisioning, users receive a sign-in certific
 > [Next: configure and validate the Public Key Infrastructure >](hybrid-cert-trust-pki.md)
 
 <!--links-->
-[AZ-8]: /azure/active-directory/devices/hybrid-azuread-join-plan
-[AZ-10]: /azure/active-directory/devices/howto-hybrid-azure-ad-join#federated-domains
-[AZ-11]: /azure/active-directory/devices/hybrid-azuread-join-manual
+[AZ-8]: /entra/identity/devices/hybrid-join-plan
+[AZ-10]: /entra/identity/devices/how-to-hybrid-join#federated-domains
+[AZ-11]: /entra/identity/devices/hybrid-join-manual
 
 [SER-2]: /windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm
 [SER-3]: /windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
index 9af88ba3bf..136b0f615d 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
@@ -202,7 +202,7 @@ The following scenarios aren't supported using Windows Hello for Business cloud
 
 <!--Links-->
 
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+[AZ-4]: /entra/identity/devices/troubleshoot-device-dsregcmd
 [CSP-1]: /windows/client-management/mdm/passportforwork-csp
 [ENTRA-1]: /entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azureadhybridauthenticationmanagement-module
 [MEM-1]: /mem/intune/configuration/custom-settings-configure
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
index 62f5d4401e..de3ffd9240 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
@@ -108,7 +108,7 @@ To better understand the authentication flows, review the following sequence dia
 - [Microsoft Entra join authentication to Active Directory using a key](../how-it-works-authentication.md#microsoft-entra-join-authentication-to-active-directory-using-a-key)
 
 <!--links-->
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
-[AZ-5]: /azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler
+[AZ-4]: /entra/identity/devices/troubleshoot-device-dsregcmd
+[AZ-5]: /entra/identity/hybrid/connect/how-to-connect-sync-feature-scheduler
 [CSP-1]: /windows/client-management/mdm/passportforwork-csp
 [MEM-1]: /mem/intune/configuration/custom-settings-configure
diff --git a/windows/security/identity-protection/hello-for-business/deploy/index.md b/windows/security/identity-protection/hello-for-business/deploy/index.md
index f5c412fc4f..09c8d47a70 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/index.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/index.md
@@ -146,7 +146,9 @@ The goal of Windows Hello for Business is to move organizations away from passwo
 - On-premises deployments must use a multifactor option that can integrate as an AD FS multifactor adapter. Organizations can choose from non-Microsoft options that offer an AD FS MFA adapter. For more information, see [Microsoft and non-Microsoft additional authentication methods][SER-2]
 
 > [!IMPORTANT]
-> As of July 1, 2019, Microsoft doesn't offer MFA Server for new deployments. New deployments that require multifactor authentication should use cloud-based Microsoft Entra multifactor authentication. Existing deployment where the MFA Server was activated prior to July 1, 2019 can download the latest version, future updates, and generate activation credentials. For more information, see [Getting started with the Azure Multi-Factor Authentication Server][ENTRA-2].
+> Beginning July 1, 2019, Microsoft doesn't offer MFA Server for new deployments. New deployments that require multifactor authentication should use cloud-based Microsoft Entra multifactor authentication.
+>
+>Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service MFA requests. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users' authentication data](/entra/identity/authentication/how-to-migrate-mfa-server-to-mfa-user-authentication) to the cloud-based Azure MFA.
 
 || Deployment model | MFA options |
 |--|--|--|
@@ -159,7 +161,6 @@ The goal of Windows Hello for Business is to move organizations away from passwo
 For more information:
 
 - [Configure Microsoft Entra multifactor authentication settings][ENTRA-4]
-- [Configure Azure MFA as authentication provider with AD FS][SER-1]
 - [Manage an external authentication method in Microsoft Entra ID][ENTRA-11]
 
 #### MFA and federated authentication
@@ -205,6 +206,9 @@ Hybrid and on-premises deployments use directory synchronization, however, each
 | **Hybrid** | Microsoft Entra Connect Sync|
 | **On-premises** | Azure MFA server |
 
+> [!IMPORTANT]
+>Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service MFA requests. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users' authentication data](/entra/identity/authentication/how-to-migrate-mfa-server-to-mfa-user-authentication) to the cloud-based Azure MFA.
+
 ## Device configuration options
 
 Windows Hello for Business provides a rich set of granular policy settings. There are two main options to configure Windows Hello for Business: configuration service provider (CSP) and group policy (GPO).
@@ -240,6 +244,9 @@ Here are some considerations regarding licensing requirements for cloud services
 | **🔲** | **On-premises** | Key | Azure MFA, if used as MFA solution |
 | **🔲** | **On-premises** | Certificate | Azure MFA, if used as MFA solution |
 
+> [!IMPORTANT]
+>Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service MFA requests. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users' authentication data](/entra/identity/authentication/how-to-migrate-mfa-server-to-mfa-user-authentication) to the cloud-based Azure MFA.
+
 ## Operating System requirements
 
 ### Windows requirements
@@ -268,6 +275,8 @@ All supported Windows Server versions can be used with Windows Hello for Busines
 | **🔲** | **On-premises** | Key | All supported versions |
 | **🔲** | **On-premises** | Certificate | All supported versions |
 
+The minimum required domain functional and forest functional levels are Windows Server 2008 R2 for all deployment models.
+
 ## Prepare users
 
 When you are ready to enable Windows Hello for Business in your organization, make sure to prepare the users by explaining how to provision and use Windows Hello.
@@ -291,7 +300,6 @@ Now that you've read about the different deployment options and requirements, yo
 <!--links-->
 
 [ENTRA-1]: /entra/identity/authentication/concept-mfa-howitworks
-[ENTRA-2]: /entra/identity/authentication/howto-mfaserver-deploy
 [ENTRA-3]: /entra/identity/hybrid/connect/how-to-connect-sync-whatis
 [ENTRA-4]: /entra/identity/authentication/howto-mfa-mfasettings
 [ENTRA-5]: /entra/identity/devices/hybrid-join-plan
@@ -302,7 +310,6 @@ Now that you've read about the different deployment options and requirements, yo
 [ENTRA-10]: /entra/identity/hybrid/connect/whatis-fed
 [ENTRA-11]: /entra/identity/authentication/how-to-authentication-external-method-manage
 
-[SER-1]: /windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa
 [SER-2]: /windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods
 
 [KB-1]: https://support.microsoft.com/topic/5010415
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
index ce1d4a781d..3a9200db54 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
@@ -37,7 +37,7 @@ Follow the instructions below to configure your devices using either Microsoft I
 
 Windows Hello for Business provisioning performs the initial enrollment of the Windows Hello for Business authentication certificate. This certificate expires based on the duration configured in the Windows Hello for Business *authentication certificate* template.
 
-The process requires no user interaction, provided the user signs-in using Windows Hello for Business. The certificate is renewed in the background before it expires.
+The process requires no user interaction, provided the user signs in using Windows Hello for Business. The certificate is renewed in the background before it expires.
 
 [!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]
 
@@ -86,4 +86,4 @@ To better understand the provisioning flows, review the following sequence diagr
 - [Provisioning in an on-premises certificate trust deployment model](../how-it-works-provisioning.md#provisioning-in-an-on-premises-certificate-trust-deployment-model)
 
 <!--links-->
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+[AZ-4]: /entra/identity/devices/troubleshoot-device-dsregcmd
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll.md
index 85c263917f..41cea6946f 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll.md
@@ -62,4 +62,4 @@ To better understand the provisioning flows, review the following sequence diagr
 
 - [Provisioning in an on-premises key trust deployment model](../how-it-works-provisioning.md#provisioning-in-an-on-premises-key-trust-deployment-model)
 
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+[AZ-4]: /entra/identity/devices/troubleshoot-device-dsregcmd
diff --git a/windows/security/identity-protection/hello-for-business/faq.yml b/windows/security/identity-protection/hello-for-business/faq.yml
index 217320345b..c17a99f819 100644
--- a/windows/security/identity-protection/hello-for-business/faq.yml
+++ b/windows/security/identity-protection/hello-for-business/faq.yml
@@ -16,7 +16,10 @@ sections:
     questions:
       - question: What's the difference between Windows Hello and Windows Hello for Business?
         answer: |
-          Windows Hello represents the biometric framework provided in Windows. Windows Hello lets users use biometrics to sign in to their devices by securely storing their user name and password and releasing it for authentication when the user successfully identifies themselves using biometrics. Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate.
+          *Windows Hello* is an authentication technology that allows users to sign in to their Windows devices using biometric data, or a PIN, instead of a traditional password.
+
+          *Windows Hello for Business* is an extension of Windows Hello that provides enterprise-grade security and management capabilities, including device attestation, certificate-based authentication, and conditional access policies. Policy settings can be deployed to devices to ensure they're secure and compliant with organizational requirements.
+
       - question: Why a PIN is better than an online password
         answer: |
           Three main reasons:
@@ -150,7 +153,7 @@ sections:
 
           It's possible to Microsoft Entra register a domain joined device. If the domain joined device has a convenience PIN, sign in with the convenience PIN will no longer work. This configuration isn't supported by Windows Hello for Business.
 
-          For more information, see [Microsoft Entra registered devices](/azure/active-directory/devices/concept-azure-ad-register).
+          For more information, see [Microsoft Entra registered devices](/entra/identity/devices/concept-device-registration).
       - question: Does Windows Hello for Business work with non-Windows operating systems?
         answer: |
           Windows Hello for Business is a feature of the Windows platform.
@@ -162,7 +165,7 @@ sections:
           Windows Hello for Business is two-factor authentication based on the observed authentication factors of: *something you have*, *something you know*, and *something that's part of you*. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
 
           > [!NOTE]
-          > The Windows Hello for Business key meets Microsoft Entra multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
+          > The Windows Hello for Business key meets Microsoft Entra multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/entra/identity/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
       - question: Which is a better or more secure for of authentication, key or certificate?
         answer: |
           Both types of authentication provide the same security; one is not more secure than the other.
@@ -203,7 +206,7 @@ sections:
     questions:
       - question: What is Windows Hello for Business cloud Kerberos trust?
         answer: |
-          Windows Hello for Business *cloud Kerberos trust* is a *trust model* that enables Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Microsoft Entra hybrid joined devices and on-premises resource access on Microsoft Entra joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [cloud Kerberos trust deployment](/windows/security/identity-protection/hello-for-business/deploy).
+          Windows Hello for Business *cloud Kerberos trust* is a *trust model* that enables Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Microsoft Entra hybrid joined devices and on-premises resource access on Microsoft Entra joined devices](/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [cloud Kerberos trust deployment](/windows/security/identity-protection/hello-for-business/deploy).
       - question: Does Windows Hello for Business cloud Kerberos trust work in my on-premises environment?
         answer: |
           This feature doesn't work in a pure on-premises AD domain services environment.
@@ -213,7 +216,7 @@ sections:
       - question: Do I need line of sight to a domain controller to use Windows Hello for Business cloud Kerberos trust?
         answer: |
           Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller when:
-          - a user signs-in for the first time or unlocks with Windows Hello for Business after provisioning
+          - a user signs in for the first time or unlocks with Windows Hello for Business after provisioning
           - attempting to access on-premises resources secured by Active Directory
       - question: Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust?
         answer: |
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index 4f77b96763..e6b79420ad 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -15,7 +15,7 @@ PIN reset on Microsoft Entra joined devices uses a flow called *web sign-in* to
 
 ### Identify PIN Reset allowed domains issue
 
-The user can launch the PIN reset flow from the lock screen using the *I forgot my PIN* link in the PIN credential provider. Selecting the link launches a full screen UI for the PIN experience on Microsoft Entra join devices. Typically, the UI displays an Azure authentication page, where the user authenticates using Microsoft Entra credentials and completes MFA.
+The user can launch the PIN reset flow from the lock screen using the *I forgot my PIN* link in the PIN credential provider. Selecting the link launches a full screen UI for the PIN experience on Microsoft Entra join devices. Typically, the UI displays an authentication page, where the user authenticates using Microsoft Entra credentials and completes MFA.
 
 In federated environments, authentication may be configured to route to AD FS or a non-Microsoft identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it fails and displays the *We can't open that page right now* error, if the domain for the server page isn't included in an allowlist.
 
@@ -23,7 +23,7 @@ If you're a customer of *Azure US Government* cloud, PIN reset also attempts to
 
 ### Resolve PIN Reset allowed domains issue
 
-To resolve the error, you can configure a list of allowed domains for PIN reset using the [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy. For information on how to configure the policy, see [Configure allowed URLs for federated identity providers on Microsoft Entra joined devices](hello-feature-pin-reset.md#configure-allowed-urls-for-federated-identity-providers-on-azure-ad-joined-devices).
+To resolve the error, you can configure a list of allowed domains for PIN reset using the [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy. For information on how to configure the policy, see [Configure allowed URLs for federated identity providers on Microsoft Entra joined devices](hello-feature-pin-reset.md#configure-allowed-urls-for-federated-identity-providers-on-microsoft-entra-joined-devices).
 
 ## Hybrid key trust sign in broken due to user public key deletion
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index cfe9d5519f..ef8e864841 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -40,7 +40,7 @@ If the error occurs again, check the error code against the following table to s
 | 0x80090035 | Policy requires TPM and the device doesn't have TPM. | Change the Windows Hello for Business policy to not require a TPM. |
 | 0x80090036 | User canceled an interactive dialog. | User is asked to try again. |
 | 0x801C0003 | User isn't authorized to enroll. | Check if the user has permission to perform the operation​. |
-| 0x801C000E | Registration quota reached. | Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](/azure/active-directory/devices/device-management-azure-portal). |
+| 0x801C000E | Registration quota reached. | Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](/entra/identity/devices/manage-device-identities). |
 | 0x801C000F | Operation successful, but the device requires a reboot. | Reboot the device. |
 | 0x801C0010 | The AIK certificate isn't valid or trusted. | Sign out and then sign in again. |
 | 0x801C0011 | The attestation statement of the transport key is invalid. | Sign out and then sign in again. |
@@ -53,7 +53,7 @@ If the error occurs again, check the error code against the following table to s
 | 0x801C03EA | Server failed to authorize user or device. | Check if the token is valid and user has permission to register Windows Hello for Business keys. |
 | 0x801C03EB | Server response http status isn't valid | Sign out and then sign in again. |
 | 0x801C03EC | Unhandled exception from server. | sign out and then sign in again. |
-| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but wasn't performed. <br><br> -or- <br><br> Token wasn't found in the Authorization header. <br><br> -or- <br><br> Failed to read one or more objects. <br><br> -or- <br><br> The request sent to the server was invalid. <br><br> -or- <br><br> User doesn't have permissions to join to Microsoft Entra ID. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure  AD and rejoin. <br> Allow user(s) to join to Microsoft Entra ID under Microsoft Entra Device settings. |
+| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but wasn't performed. <br><br> -or- <br><br> Token wasn't found in the Authorization header. <br><br> -or- <br><br> Failed to read one or more objects. <br><br> -or- <br><br> The request sent to the server was invalid. <br><br> -or- <br><br> User doesn't have permissions to join to Microsoft Entra ID. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Microsoft Entra ID and rejoin. <br> Allow user(s) to join to Microsoft Entra ID under Microsoft Entra Device settings. |
 | 0x801C03EE | Attestation failed. | Sign out and then sign in again. |
 | 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. |
 | 0x801C03F2 | Windows Hello key registration failed. | ERROR_BAD_DIRECTORY_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in Microsoft Entra ID and the Primary SMTP address are the same in the proxy address. |
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 558d15b2f9..3d2908e78a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -71,7 +71,7 @@ Sign-in to computer running Microsoft Entra Connect with access equivalent to *l
 The easiest way to verify that the onPremisesDistingushedNamne attribute is synchronized is to use the Graph Explorer for Microsoft Graph.
 
 1. Open a web browser and navigate to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
-1. Select **Sign in to Graph Explorer** and provide Azure credentials
+1. Select **Sign in to Graph Explorer** and provide Microsoft Entra ID credentials
 
    > [!NOTE]
    > To successfully query the Graph API, adequate [permissions](/graph/api/user-get?) must be granted
@@ -487,7 +487,7 @@ Certificate enrollment for Microsoft Entra joined devices occurs over the Intern
 
 Ideally, you configure your Microsoft Intune SCEP certificate profile to use multiple external NDES URLs. This enables Microsoft Intune to round-robin load balance the certificate requests to identically configured NDES Servers (each NDES server can accommodate approximately 300 concurrent requests). Microsoft Intune sends these requests to Microsoft Entra Application Proxies.
 
-Microsoft Entra Application proxies are serviced by lightweight Application Proxy Connector agents. See [What is Application Proxy](/azure/active-directory/manage-apps/application-proxy#what-is-application-proxy) for more details. These agents are installed on your on-premises, domain joined devices and make authenticated secure outbound connection to Azure, waiting to process requests from Microsoft Entra Application Proxies. You can create connector groups in Microsoft Entra ID to assign specific connectors to service specific applications.
+Microsoft Entra Application proxies are serviced by lightweight Application Proxy Connector agents. See [What is Application Proxy](/entra/identity/app-proxy/#what-is-application-proxy) for more details. These agents are installed on your on-premises, domain joined devices and make authenticated secure outbound connection to Azure, waiting to process requests from Microsoft Entra Application Proxies. You can create connector groups in Microsoft Entra ID to assign specific connectors to service specific applications.
 
 Connector group automatically round-robin, load balance the Microsoft Entra application proxy requests to the connectors within the assigned connector group. This ensures Windows Hello for Business certificate requests have multiple dedicated Microsoft Entra application proxy connectors exclusively available to satisfy enrollment requests. Load balancing the NDES servers and connectors should ensure users enroll their Windows Hello for Business certificates in a timely manner.
 
diff --git a/windows/security/identity-protection/hello-for-business/index.md b/windows/security/identity-protection/hello-for-business/index.md
index c9827058be..e838ad5167 100644
--- a/windows/security/identity-protection/hello-for-business/index.md
+++ b/windows/security/identity-protection/hello-for-business/index.md
@@ -18,7 +18,7 @@ The following table lists the main authentication and security differences betwe
 ||Windows Hello for Business|Windows Hello|
 |-|-|-|
 |**Authentication**|Users can authenticate to:<br>- A Microsoft Entra ID account<br>- An Active Directory account<br>- Identity provider (IdP) or relying party (RP) services that support [Fast ID Online (FIDO) v2.0](https://fidoalliance.org/) authentication.|Users can authenticate to:<br>- A Microsoft account<br>- Identity provider (IdP) or relying party (RP) services that support [Fast ID Online (FIDO) v2.0](https://fidoalliance.org/) authentication.|
-|**Security**|It uses **key-based** or **certificate-based** authentication. There's no symmetric secret (password) which can be stolen from a server or phished from a user and used remotely.<br>Enhanced security is available on devices with a Trusted Platform Module (TPM).|Users can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it's set up, but can use a password hash depending on the account type. This configuration is referred to as *Windows Hello convenience PIN*, and it's not backed by asymmetric (public/private key) or certificate-based authentication.|
+|**Security**|It uses **key-based** or **certificate-based** authentication. There's no symmetric secret (password) which can be stolen from a server or phished from a user and used remotely.<br>Enhanced security is available on devices with a Trusted Platform Module (TPM).|Users can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it's set up, but can use a password hash depending on the account type. This configuration isn't backed by asymmetric (public/private key) or certificate-based authentication.|
 
 > [!NOTE]
 > FIDO2 (Fast Identity Online) authentication is an open standard for passwordless authentication. It allows users to sign in to their devices and apps using biometric authentication or a physical security key, without the need for a traditional password. FIDO2 support in Windows Hello for Business provides an additional layer of security and convenience for users, while also reducing the risk of password-related attacks.
diff --git a/windows/security/identity-protection/hello-for-business/pin-reset.md b/windows/security/identity-protection/hello-for-business/pin-reset.md
index 816f46365d..aabf1fc5f2 100644
--- a/windows/security/identity-protection/hello-for-business/pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/pin-reset.md
@@ -49,7 +49,7 @@ To register the applications, follow these steps:
 
 :::row:::
   :::column span="3":::
-  1. Go to the [Microsoft PIN Reset Service Production website][APP-1], and sign in as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator). Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to give consent to the application to access your organization
+  1. Go to the [Microsoft PIN Reset Service Production website][APP-1], and sign in as at least an [Application Administrator][ENT-2]. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to give consent to the application to access your organization
   :::column-end:::
   :::column span="1":::
     :::image type="content" alt-text="Screenshot showing the PIN reset service permissions page." source="images/pin-reset/pin-reset-service-prompt.png" lightbox="images/pin-reset/pin-reset-service-prompt.png" border="true":::
@@ -57,7 +57,7 @@ To register the applications, follow these steps:
 :::row-end:::
 :::row:::
   :::column span="3":::
-  2. Go to the [Microsoft PIN Reset Client Production website][APP-2], and sign as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator). Review the permissions requested by the *Microsoft Pin Reset Client Production* application, and select **Next**.
+  2. Go to the [Microsoft PIN Reset Client Production website][APP-2], and sign as at least an [Application Administrator][ENT-2]. Review the permissions requested by the *Microsoft Pin Reset Client Production* application, and select **Next**.
   :::column-end:::
   :::column span="1":::
     :::image type="content" alt-text="Screenshot showing the PIN reset client permissions page." source="images/pin-reset/pin-reset-client-prompt.png" lightbox="images/pin-reset/pin-reset-client-prompt.png" border="true":::
@@ -76,7 +76,7 @@ To register the applications, follow these steps:
 
 ### Confirm that the two PIN Reset service principals are registered in your tenant
 
-1. Sign in to the [Microsoft Entra Manager admin center](https://entra.microsoft.com)
+1. Sign in to the [Microsoft Entra Manager admin center][ENTRA]
 1. Select **Microsoft Entra ID > Applications > Enterprise applications**
 1. Search by application name "Microsoft PIN" and verify that both **Microsoft Pin Reset Service Production** and **Microsoft Pin Reset Client Production** are in the list
    :::image type="content" alt-text="PIN reset service permissions page." source="images/pin-reset/pin-reset-applications.png" lightbox="images/pin-reset/pin-reset-applications-expanded.png":::
@@ -103,7 +103,7 @@ The following instructions provide details how to configure your devices. Select
 >[!NOTE]
 > You can also configure PIN recovery from the **Endpoint security** blade:
 >
-> 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
+> 1. Sign in to the [Microsoft Intune admin center][INTUNE]
 > 1. Select **Endpoint security > Account protection > Create Policy**
 
 Alternatively, you can configure devices using a [custom policy][INT-1] with the [PassportForWork CSP][CSP-1].
@@ -113,7 +113,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
 | `./Vendor/MSFT/Policy/PassportForWork/`*TenantId*`/Policies/EnablePinRecovery`| Boolean | True |
 
 >[!NOTE]
-> You must replace `TenantId` with the identifier of your Microsoft Entra tenant. To look up your Tenant ID, see [How to find your Microsoft Entra tenant ID](/azure/active-directory/fundamentals/how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account::
+> You must replace `TenantId` with the identifier of your Microsoft Entra tenant. To look up your Tenant ID, see [How to find your Microsoft Entra tenant ID][ENT-3] or try the following, ensuring to sign-in with your organization's account::
 
 ```msgraph-interactive
 GET https://graph.microsoft.com/v1.0/organization?$select=id
@@ -133,7 +133,7 @@ GET https://graph.microsoft.com/v1.0/organization?$select=id
 
 #### Confirm that PIN Recovery policy is enforced on the devices
 
-The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/azure/active-directory/devices/troubleshoot-device-dsregcmd) from the command line. This state can be found under the output in the user state section as the **CanReset** line item. If **CanReset** reports as DestructiveOnly, then only destructive PIN reset is enabled. If **CanReset** reports DestructiveAndNonDestructive, then nondestructive PIN reset is enabled.
+The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**][ENT-4] from the command line. This state can be found under the output in the user state section as the **CanReset** line item. If **CanReset** reports as DestructiveOnly, then only destructive PIN reset is enabled. If **CanReset** reports DestructiveAndNonDestructive, then nondestructive PIN reset is enabled.
 
 **Sample User state Output for Destructive PIN Reset**
 
@@ -233,12 +233,18 @@ For Microsoft Entra hybrid joined devices:
 > [!NOTE]
 > Key trust on Microsoft Entra hybrid joined devices doesn't support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work.
 
-You may find that PIN reset from Settings only works post sign in. Also, the lock screen PIN reset function doesn't work if you have any matching limitation of self-service password reset from the lock screen. For more information, see [Enable Microsoft Entra self-service password reset at the Windows sign-in screen](/azure/active-directory/authentication/howto-sspr-windows#general-limitations).
+You may find that PIN reset from Settings only works post sign in. Also, the lock screen PIN reset function doesn't work if you have any matching limitation of self-service password reset from the lock screen. For more information, see [Enable Microsoft Entra self-service password reset at the Windows sign-in screen][ENT-1].
 
 <!--links-->
 
-[CSP-1]: /windows/client-management/mdm/passportforwork-csp
-[CSP-2]: /windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls
-[INT-1]: /mem/intune/configuration/settings-catalog
 [APP-1]: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent
 [APP-2]: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp
+[CSP-2]: /windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls
+[ENT-1]: /entra/identity/authentication/howto-sspr-windows#general-limitations
+[ENT-2]: /entra/identity/role-based-access-control/permissions-reference#application-administrator
+[ENT-3]: /entra/fundamentals/how-to-find-tenant
+[ENT-4]: /entra/identity/devices/troubleshoot-device-dsregcmd
+[ENTRA]: https://entra.microsoft.com
+[INT-1]: /mem/intune/configuration/settings-catalog
+[INTUNE]: https://go.microsoft.com/fwlink/?linkid=2109431
diff --git a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
index 97e372d620..bc28fecee5 100644
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@@ -14,6 +14,10 @@ This article describes two certificate deployment approaches, where authenticati
 - Using Microsoft Intune with SCEP or PKCS connectors
 - Using an Active Directory Certificate Services (AD CS) enrollment policy
 
+>[!IMPORTANT]
+> If you deploy the certificate using Microsoft Intune, and you have [User Account Control](../../application-security/application-control/user-account-control/index.md) configured to *Prompt for credentials on the secure desktop*, you won't be able to use the *run as* feature.
+> In such scenario, when you try to execute an application with elevated privileges and choose the Windows Hello for Business credential, you'll receive the error message: **The username or password is incorrect**.
+
 > [!TIP]
 > Consider using Remote Credential Guard instead of Windows Hello for Business for RDP sign-in. Remote Credential Guard provides single sign-on (SSO) to RDP sessions using Kerberos authentication, and doesn't require the deployment of certificates. For more information, see [Remote Credential Guard](../remote-credential-guard.md).
 
diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
index f047719f37..d685983a32 100644
--- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md
+++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
@@ -14,7 +14,7 @@ Starting in **Windows 11, version 22H2**, WebAuthn APIs support ECC algorithms.
 
 ## What does this mean?
 
-By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.md) or [FIDO2 Security Keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to implement passwordless multi-factor authentication for their applications on Windows devices.
+By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.md) or [FIDO2 Security Keys][ENT-1] to implement passwordless multi-factor authentication for their applications on Windows devices.
 
 Users of these apps or sites can use any browser that supports WebAuthn APIs for passwordless authentication. Users will have a familiar and consistent experience on Windows, no matter which browser they use.
 
@@ -69,7 +69,7 @@ FIDO2 authenticators have already been implemented and WebAuthn relying parties
 - Keys for multiple accounts (keys can be stored per relying party)
 - Client PIN
 - Location (the authenticator returns a location)
-- [Hash-based Message Authentication Code (HMAC)-secret](/dotnet/api/system.security.cryptography.hmac) (enables offline scenarios)
+- [Hash-based Message Authentication Code (HMAC)-secret][NET-1] (enables offline scenarios)
 
 The following options might be useful in the future, but haven't been observed in the wild yet:
 
@@ -100,15 +100,26 @@ Here's an approximate layout of where the Microsoft bits go:
 - **WebAuthn client: Microsoft Edge**. Microsoft Edge can handle the user interface for the WebAuthn and CTAP2 features that this article describes. It also supports the AppID extension. Microsoft Edge can interact with both CTAP1 and CTAP2 authenticators. This scope for interaction means that it can create and use both U2F and FIDO2 credentials. However, Microsoft Edge doesn't speak the U2F protocol. Therefore, relying parties must use only the WebAuthn specification. Microsoft Edge on Android doesn't support WebAuthn.
 
   > [!NOTE]
-  > For authoritative information about Microsoft Edge support for WebAuthn and CTAP, see [Legacy Microsoft Edge developer documentation](/microsoft-edge/dev-guide/windows-integration/web-authentication).
+  > For authoritative information about Microsoft Edge support for WebAuthn and CTAP, see [Legacy Microsoft Edge developer documentation][EDGE-1].
 
 - **Platform: Windows 10, Windows 11**. Windows 10 and Windows 11 host the Win32 Platform WebAuthn APIs.
 
-- **Roaming Authenticators**. You might notice that there's no *Microsoft* roaming authenticator. The reason is because there's already a strong ecosystem of products that specialize in strong authentication, and every customer (whether corporations or individuals) has different requirements for security, ease of use, distribution, and account recovery. For more information on the ever-growing list of FIDO2-certified authenticators, see [FIDO Certified Products](https://fidoalliance.org/certification/fido-certified-products/). The list includes built-in authenticators, roaming authenticators, and even chip manufacturers who have certified designs.
+- **Roaming Authenticators**. You might notice that there's no *Microsoft* roaming authenticator. The reason is because there's already a strong ecosystem of products that specialize in strong authentication, and every customer (whether corporations or individuals) has different requirements for security, ease of use, distribution, and account recovery. For more information on the ever-growing list of FIDO2-certified authenticators, see [FIDO Certified Products][EXT-1]. The list includes built-in authenticators, roaming authenticators, and even chip manufacturers who have certified designs.
 
 ## Developer references
 
-The WebAuthn APIs are documented in the [Microsoft/webauthn](https://github.com/Microsoft/webauthn) GitHub repo. To understand how FIDO2 authenticators work, review the following two specifications:
+The WebAuthn APIs are documented in the [Microsoft/webauthn][EXT-2] GitHub repo. To understand how FIDO2 authenticators work, review the following two specifications:
 
-- [Web Authentication: An API for accessing Public Key Credentials](https://www.w3.org/TR/webauthn/) (available on the W3C site). This document is known as the WebAuthn spec.
-- [Client to Authenticator Protocol (CTAP)](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html). This document is available at the [FIDO Alliance](http://fidoalliance.org/) site, on which hardware and platform teams are working together to solve the problem of FIDO authentication.
+- [Web Authentication: An API for accessing Public Key Credentials][EXT-3] (available on the W3C site). This document is known as the WebAuthn spec.
+- [Client to Authenticator Protocol (CTAP)][EXT-4]. This document is available at the [FIDO Alliance][EXT-5] site, on which hardware and platform teams are working together to solve the problem of FIDO authentication.
+
+<!--links-->
+
+[ENT-1]: /entra/identity/authentication/how-to-enable-passkey-fido2
+[NET-1]: /dotnet/api/system.security.cryptography.hmac
+[EDGE-1]: /microsoft-edge/dev-guide/windows-integration/web-authentication
+[EXT-1]: https://fidoalliance.org/certification/fido-certified-products/
+[EXT-2]: https://github.com/Microsoft/webauthn
+[EXT-3]: https://www.w3.org/TR/webauthn/
+[EXT-4]: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
+[EXT-5]: http://fidoalliance.org
diff --git a/windows/security/identity-protection/passkeys/images/hello-use-confirm.png b/windows/security/identity-protection/passkeys/images/hello-use-confirm.png
deleted file mode 100644
index 4139c708c3..0000000000
Binary files a/windows/security/identity-protection/passkeys/images/hello-use-confirm.png and /dev/null differ
diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md
index 44f695a852..ebad860cb2 100644
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@@ -1,11 +1,11 @@
 ---
 title: Support for passkeys in Windows
 description: Learn about passkeys and how to use them on Windows devices.
-ms.collection: 
+ms.collection:
 - tier1
 ms.topic: overview
-ms.date: 11/07/2023
-appliesto: 
+ms.date: 09/06/2024
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ---
@@ -31,7 +31,7 @@ FIDO protocols prioritize user privacy, as they're designed to prevent online se
 
 ### Passkeys compared to passwords
 
-Passkeys have several advantages over passwords, including their ease of use and intuitive nature. Unlike passwords, passkeys are easy to create, don't need to be remembered, and don't need to be safeguarded. Additionally, passkeys are unique to each website or application, preventing their reuse. They're highly secure because they're only stored on the user's devices, with the service only storing public keys. Passkeys are designed to prevent attackers to guess or obtain them, which helps to make them resistant to phishing attempts where the attacker may try to trick the user into revealing the private key. Passkeys are enforced by the browsers or operating systems to only be used for the appropriate service, rather than relying on human verification. Finally, passkeys provide cross-device and cross-platform authentication, meaning that a passkey from one device can be used to sign in on another device.
+Passkeys have several advantages over passwords, including their ease of use and intuitive nature. Unlike passwords, passkeys are easy to create, don't need to be remembered, and don't need to be safeguarded. Additionally, passkeys are unique to each website or application, preventing their reuse. They're highly secure because they're only stored on the user's devices, with the service only storing public keys. Passkeys are designed to prevent attackers to guess or obtain them, which helps to make them resistant to phishing attempts where the attacker might try to trick the user into revealing the private key. Passkeys are enforced by the browsers or operating systems to only be used for the appropriate service, rather than relying on human verification. Finally, passkeys provide cross-device and cross-platform authentication, meaning that a passkey from one device can be used to sign in on another device.
 
 [!INCLUDE [passkey](../../../../includes/licensing/passkeys.md)]
 
@@ -113,7 +113,7 @@ Pick one of the following options to learn how to save a passkey, based on where
 
 :::row:::
   :::column span="4":::
-  4. Select your linked device name (e.g. **Pixel**) > **Next**
+  4. Select your linked device name (for example, **Pixel**) > **Next**
   :::column-end:::
 :::row-end:::
 :::row:::
@@ -241,7 +241,7 @@ Pick one of the following options to learn how to use a passkey, based on where
 
 :::row:::
   :::column span="4":::
-  4. Select your linked device name (e.g. **Pixel**) > **Next**
+  4. Select your linked device name (for example, **Pixel**) > **Next**
   :::column-end:::
 :::row-end:::
 :::row:::
@@ -311,12 +311,86 @@ Starting in Windows 11, version 22H2 with [KB5030310][KB-1], you can use the Set
 > [!NOTE]
 > Some passkeys for *login.microsoft.com* can't be deleted, as they're used with Microsoft Entra ID and/or Microsoft Account for signing in to the device and Microsoft services.
 
+## Passkeys in Bluetooth-restricted environments
+
+For passkey cross-device authentication scenarios, both the Windows device and the mobile device must have Bluetooth enabled and connected to the Internet. This allows the user to authorize another device securely over Bluetooth without transferring or copying the passkey itself.
+
+Some organizations restrict Bluetooth usage, which includes the use of passkeys. In such cases, organizations can allow passkeys by permitting Bluetooth pairing exclusively with passkey-enabled FIDO2 authenticators.
+
+To limit the use of Bluetooth to only passkey use cases, use the [Bluetooth Policy CSP][CSP-8] and the [DeviceInstallation Policy CSP][CSP-7].
+
+### Device configuration
+
+[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
+
+#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
+
+To configure devices with Microsoft Intune, [you can use a custom policy][INT-2] with these settings:
+
+| Setting |
+|--|
+| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowAdvertising][CSP-1] </li><li>Data type: **Integer** </li><li>Value: `0` </li><br>When set to `0`, the device doesn't send out advertisements. |
+| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowDiscoverableMode][CSP-2] </li><li>Data type: **Integer** </li><li>Value: `0` </li><br>When set to `0`, other devices can't detect the device. |
+| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowPrepairing][CSP-3]</li><li>Data type: **Integer** </li><li>Value: `0` </li><br>Prevents specific bundled Bluetooth peripherals from automatically pairing with the host device.</li> |
+| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowPromptedProximalConnections][CSP-4] </li><li>Data type: **Integer** </li><li>Value: `0`</li><br>Prevents users from using Swift Pair and other proximity-based scenarios. |
+| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[ServicesAllowedList][CSP-5] </li></li><li>Data type: **String** </li><li>Value: `{0000FFFD-0000-1000-8000-00805F9B34FB};{0000FFF9-0000-1000-8000-00805F9B34FB}` <br><br> Set a list of allowable Bluetooth services and profiles: <br>- FIDO Alliance Universal Second Factor Authenticator service (`0000fffd-0000-1000-8000-00805f9b34fb`) <br>- FIDO2 secure client-to-authenticator transport service (`0000FFF9-0000-1000-8000-00805F9B34FB`)<br><br>For more information, see [FIDO CTAP 2.1 standard specification][BT-1] and [Bluetooth Assigned Numbers document][BT-2]. |
+| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/`[PreventInstallationOfMatchingDeviceIDs][CSP-6]</li><li>Data type: **String** </li><li>Value: `<enabled/><data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/><data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/>`</li><br>Disables the existing Bluetooth Personal Area Network (PAN) network adapter, preventing the installation of the Bluetooth Network Adapter that can be used for network connectivity or tethering. |
+
+#### [:::image type="icon" source="../../images/icons/powershell.svg" border="false"::: **PowerShell**](#tab/powershell)
+
+[!INCLUDE [powershell-wmi-bridge-1](../../../../includes/configure/powershell-wmi-bridge-1.md)]
+
+```powershell
+# Bluetooth configuration
+$namespaceName = "root\cimv2\mdm\dmmap"
+$className = "MDM_Policy_Config01_Bluetooth02"
+New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{
+    ParentID="./Vendor/MSFT/Policy/Config";
+    InstanceID="Bluetooth";
+    AllowDiscoverableMode=0;
+    AllowAdvertising=0;
+    AllowPrepairing=0;
+    AllowPromptedProximalConnections=0;
+    ServicesAllowedList="{0000FFF9-0000-1000-8000-00805F9B34FB};{0000FFFD-0000-1000-8000-00805F9B34FB}"
+}
+
+
+# Device installation configuration
+$namespaceName = "root\cimv2\mdm\dmmap"
+$className = "MDM_Policy_Config01_DeviceInstallation02"
+New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{
+    ParentID="./Vendor/MSFT/Policy/Config";
+    InstanceID="DeviceInstallation";
+    PreventInstallationOfMatchingDeviceIDs='<![CDATA[<Enabled/><Data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/><Data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/>]]>'
+}
+```
+
+[!INCLUDE [powershell-wmi-bridge-2](../../../../includes/configure/powershell-wmi-bridge-2.md)]
+
+---
+
+>[!NOTE]
+>Once the settings are applied, if you try to pair a device via Bluetooth, it will initially pair and immediately disconnect. The Bluetooth device is blocked from loading and not available from Settings nor Device Manager.
+
 ## :::image type="icon" source="../../images/icons/feedback.svg" border="false"::: Provide feedback
 
 To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the category **Security and Privacy > Passkey**.
 
 <!--links used in this document-->
 
+[BT-1]: https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#ble-fido-service
+[BT-2]: https://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Assigned_Numbers/out/en/Assigned_Numbers.pdf?v=1713387868258
 [FHUB]: feedback-hub:?tabid=2&newFeedback=true
 [KB-1]: https://support.microsoft.com/kb/5030310
 [MSS-1]: ms-settings:savedpasskeys
+
+[INT-2]: /mem/intune/configuration/custom-settings-configure
+
+[CSP-1]: /windows/client-management/mdm/policy-csp-bluetooth#allowadvertising
+[CSP-2]: /windows/client-management/mdm/policy-csp-bluetooth#allowdiscoverablemode
+[CSP-3]: /windows/client-management/mdm/policy-csp-bluetooth#allowprepairing
+[CSP-4]: /windows/client-management/mdm/policy-csp-bluetooth#allowpromptedproximalconnections
+[CSP-5]: /windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist
+[CSP-6]: /windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids
+[CSP-7]: /windows/client-management/mdm/policy-csp-deviceinstallation
+[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth
\ No newline at end of file
diff --git a/windows/security/identity-protection/passwordless-experience/images/edge-on.png b/windows/security/identity-protection/passwordless-experience/images/edge-on.png
deleted file mode 100644
index 06a13b6f1a..0000000000
Binary files a/windows/security/identity-protection/passwordless-experience/images/edge-on.png and /dev/null differ
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index b65ca79389..8c0882c38c 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -2,7 +2,7 @@
 title: Deploy Virtual Smart Cards
 description: Learn about what to consider when deploying a virtual smart card authentication solution
 ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index 755499b07b..3ee5766ed3 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -2,7 +2,7 @@
 title: Evaluate Virtual Smart Card Security
 description: Learn about the security characteristics and considerations when deploying TPM virtual smart cards.
 ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Evaluate Virtual Smart Card Security
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index b1660c359e..f9d707ff54 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -1,8 +1,8 @@
 ---
-title: Get Started with Virtual Smart Cards - Walkthrough Guide 
+title: Get Started with Virtual Smart Cards - Walkthrough Guide
 description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
 ms.topic: get-started
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Get Started with Virtual Smart Cards: Walkthrough Guide
@@ -79,10 +79,11 @@ In this step, you create the virtual smart card on the client computer by using
 
   `tpmvscmgr.exe create /name TestVSC /pin default /adminkey random /generate`
 
-  This creates a virtual smart card with the name **TestVSC**, omit the unlock key, and generate the file system on the card. The PIN is set to the default, 12345678. To be prompted for a PIN, instead of **/pin default** you can type **/pin prompt**.\
-  For more information about the Tpmvscmgr command-line tool, see [Use Virtual Smart Cards](virtual-smart-card-use-virtual-smart-cards.md) and [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md).
+  This creates a virtual smart card with the name **TestVSC**, omit the unlock key, and generate the file system on the card. The PIN is set to the default, 12345678.
 
-1. Wait several seconds for the process to finish. Upon completion, Tpmvscmgr.exe provides you with the device instance ID for the TPM Virtual Smart Card. Store this ID for later reference because you need it to manage or remove the virtual smart card.
+1. Wait several seconds for the process to finish. Upon completion, Tpmvscmgr.exe provides you with the device instance ID for the TPM Virtual Smart Card. Store this ID for later reference because you need it to manage or remove the virtual smart card. To be prompted for a PIN, instead of **/pin default** you can type **/pin prompt**.
+
+For more information about the Tpmvscmgr command-line tool, see [Use Virtual Smart Cards](virtual-smart-card-use-virtual-smart-cards.md) and [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md).
 
 ## Step 3: Enroll for the certificate on the TPM Virtual Smart Card
 
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index 9e37414666..985c2fcf93 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -2,7 +2,7 @@
 title: Virtual Smart Card Overview
 description: Learn about virtual smart card technology for Windows.
 ms.topic: overview
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Virtual Smart Card Overview
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index 8ebcae8444..4204ca10f0 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -2,7 +2,7 @@
 title: Tpmvscmgr
 description: Learn about the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
 ms.topic: reference
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Tpmvscmgr
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 8113208565..d1a28711ff 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -2,7 +2,7 @@
 title: Understanding and Evaluating Virtual Smart Cards
 description: Learn how smart card technology can fit into your authentication design.
 ms.topic: overview
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Understand and Evaluate Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 68ad880e77..de527ed1b0 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -2,7 +2,7 @@
 title: Use Virtual Smart Cards
 description: Learn about the requirements for virtual smart cards, how to use and manage them.
 ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Use Virtual Smart Cards
diff --git a/windows/security/images/icons/control-panel.svg b/windows/security/images/icons/control-panel.svg
deleted file mode 100644
index 6eebbe9be8..0000000000
--- a/windows/security/images/icons/control-panel.svg
+++ /dev/null
@@ -1,9 +0,0 @@
-<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-<rect y="2" width="18" height="13.5" fill="url(#pattern0)"/>
-<defs>
-<pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
-<use xlink:href="#image0_116_429" transform="scale(0.0104167 0.0138889)"/>
-</pattern>
-<image id="image0_116_429" width="96" height="72" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABICAYAAAAJZ/BjAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAB3RJTUUH5woDFB4lG/rW4QAAH3lJREFUeAG9XWmwZVV1XvfdN/f4eoSGpmdAbLGVBmSexEIxDkk0VqoSh0SNlfAnZVnG/Aj+ICmTsjJUUlZJxWhirGiiJCWFEhsZhGDTCCJIQwvN0N30PL/53fduvm8N++xz7r2vu9Fy97tn773Wt4a99nD23edcqDWbTWG64o47r+++9Kb7ZeFSka4upbVciK3VWshnTIAaWqUms27XRIlq4ruFjO4UzawJYFb9y/BZ0UQzgsaA7fJYlPRQLSSi1ZlYwVBME5gaRFHJdUE25JszMyLHDkpz2723P37HbZ+nIzUKXPXdZ/d1nb1qOQm/VArjnZS4o+aRh5/eZalU9UqzOYM22aDQRnjZmubCmWAKAlkZPcxQRw2DTHFB1Nw6oY1IgaowmzTgNOqrVQYoQ1LqUGoicdeO27f93mWfr9/bffb19bdc+8eFhayk0qhXlLYoDJEcp37xQg9mCTb5OmJCieVsmI2ooFMHkmcshnssl1MGAkODRMEQcD+jWvhY1hKBJdV0OJ9NQkot87o6p0oz+1m9pGPeouvv/OevSO3qe19syqIzGPxUmAfaPSlGXfLGPFRXS0WjZDBXYd2UokIqGwJghs2KBIjMgJL5Q75KlfQoUi8dyAaAcClIIRZGIUz5WheXGjAxM1EJVMVPAtx/+ggZbYcqIB1VLEfdZxR8FYMwFDazRit5tkDRl0rSBqh/haMlGCoMRgkSOnIg/CgvJajTl0iqJyqecy1G4GLJUDRpEaSAe7CUrxd4gz/1XTEIvjOLAejChRBkvMOURQWOmb8YHRAp65kgRW4GQwpURoVaSGJZWWy4p1QIAiAlmleY6Qg2HKtJnYuGWBM4rq/lYDsoyzryOWjwj/cSGzzQzFiEY1mQ1Ac1TACUR2wUW+ngZLuMVXG9JEBRCH1woOgAOMAU/qzsr8nNi7tlQbfRjanXDhdaK7DmQNA6eZKpagNpQ8oEZi9GO2ZHObetoZzIduV1yoHmRqoc16rZoYmmfH//pLw2Nl3W4LIYDqaH9TQaIHrTIgS/TiOoxCfXXCmHPHWobr0QRGHP3AZHc+lDGYVEnqRUtOMl/HITVEKzyXQ7wVwmyuFj4FVJVJhTqWWRazudRESntKSvJree1VP4RVX8MAbIu63JRW/SEm0N5SO/g/a8w8oQWghN4MASdZplQ2rdqBhLsO8zUIuE4mN0w+tVdTo0yo51VRnYGVDdyjPrOooT02lZVsvL7dSUrbXWXH6op7hRM+iW4Bg6AUtQZV1NAIOxqm1Ikm1b5EqRQcA6hj1cfBKdeqDCM2s+6lzfoyOsL0g0x2mRQuFacsXMKVcvAaBAlBVsGgpiiAAUuCBlec7KyxnEimRmNgtsMKy9OTgGbzenQrtkjTRegcis5EIAKAZCFvQZy3WaFWVu26hX5wMLGnQoYsRZ1k9XluOmyS1fjsvtRlmNZ5Vm1c8MkBUpUamGktnzTIhFWqMiI2dM4ygzAk5oIFnSm7DHQoNDoqVcURtaxi5GOgLsQZ/Bto7fOGemcfNB4KeZT6M+wzr14YI/DTq+lfKbaVe9jp0gysyD1mSH2M6FOfuqnPJgtzDztqpY5nZZzalq5m4+0JOEDiitZfbVUBtrGYnF7ugZDYozEyYKeRvdrLIskhrgGQaeAUeAGfSZ6YY0phoyNtmQ18ZF9ox3yf6JuhxrdMvIdE2eft8yGX/0C3Ji2z/KcP8KOTbnfDm0YJMcXvhWGZ63Xuo9PVKvd6NT+EHndNWxT6dVdALDkNoaTtIxlM0xy9zX081GJmdkyy9G5PHdY3IUu5bTSYsH63LZygG5Ye0cGeihRDlY4Z2HqlDpfnaHzyUxtgOfoPFmpPhCXAFp5GeBn240ZGpqUg6ONORnJ+uyfaRfJnRJMJ2qyZXVZFr6p47oZ8nJZ2T9vu/ITK0uh+dulO0rPyz7l98gXX0L0Blws970WYEu4BcmeKcd4T5RJWdHi5+5z+3KKigyMjEjf/vwYTk6Oi03rx6QNyzu1fa3ExlvNOWe507K0/vGZe9YTb6Htv58/4TcduUi6S829mVf1DEzVswY3QWZCQacjGqjyFXZ3BOAI/gzuqw0hIGfnpqS4bEJeehItzw7MiDTHnhfcyLLNbWUu5rTsvTkU7L02T+V4y+vlcfX/7kcWna19PT2aUfoJOCyhCVKI5StSS2jrKq90hALB9qHwg9fHNHgf+Pdy+Xalf1VyVRn8H/jX3bK1h0neJKJz4xMYui/WlsgW14YkVsvnJuwecEOEWNIFxyfAfDAnct7p4AVJV2yCIdxW2qmEfwpmZyYlB3HG3LfkX4ZacSOpdBLDSqrBdPnJq3S5rpgdKfc8PQn5MXl75Onzv+szAziq3sPpLgsEc/7BPOsE1htSRAZHp2Uex98Xrb+dJccOTbaAum7ZLO888KhWYNPoR88d1zu335Y6jwHwqeGpXd6ckwa83rlsV31cgfkDQwfSeNMRU7fsQuCIk2oOsMJlrkSy3DlHwwz+LyxctRPjI/Ljw815f+O96tiCiqeViKZqNW8TAdmS5TmjNiw79uy9MRP5f433ylT81eJ9JoU5fVmzWo0kGUKekYMg/+FLz0gew+cUHq7S62vT964xBW3AzjtZ7tPSNfUBGwg+OwExI/5zMgY7mMDyXZVRR6K3D+dx1x4mEogJZg+b49WLPjsAOxsNPhj8uCBpjxytA+++NKEXA/skNFH9VPL4DsmD37Sr14UlxyzcPRFuenJ35f68ZelMTkp09xN6b3Ht7lwXv2nHbbF1TD/3x/tmDX4hDYnJuTZw5Mu1Tm7+OwBdMC4dgI7oqth5fpgnwzhhtw5uUfqHHxF/Lgi4JswEi4MLMu65UOptTNIw7KDAHKnw2VnanJCHj0osu04Rg54octUqjals66JdqKc5XmgM3JLcf74bnn7Ux+T+zZ9VRoLVulMqGMnbd8ToAW7hRb9IGx94tWk6wO3Xiw3XbXeb+RGpv27nxvW+8D3XxqVW9YMJny18I6LFst7Ng7J3U+8hsbY6K8vGpL63Dly1XllOcaQE5O5lvO4KiPbhgKqttI6nVtWBWgcRlyTW8zGtI7C5480MPJt2QEEiUAT1IxWPVEvb/AaooIc7NPO54+9Ipdv/5z8aNOXdbDopgGNsXuy3hmgi20pjBzO1vybr94QTU02ibxx3aBsPzAhH7nngFx1br9cfna/RyTBUuGtm9fJ8Nz58uiOQ1KbM0fqCxbIeuyarkPHZU1WfKrDSOERyl7Rm3DSjILSecnRqDCANgOw9GDHw93ODw7ZskP5UMhyVJIuJXJVKik1KK7W9Q46jWzFsR/Lulf+VV5c93G7ByD6uoxii8QvduF8q7WKMQIcPoDzmj+5YpE8sHNEHn11TB7ahS8vs6Ze6VmxQoYG6vK28+x7QA8PLzskbTrXYnyZLJKeBaV4FXQtFe7rcYUuPXbzncIa/MMDdTk55QYVqmM72l5ocDVpZhVqFdPZZVPVnt+UN+36sryy/F3SqK/SLSmXzuh4nfeV1qRqxX4aaKD34wDylvPn6ifhWQCPYuFLVUUVW6rnBmI9cgD1dKVB6TdHxYcF5lr2GcAbL0b/wdEpefYkJg+E46YKcW0/9dlsQe46tQMrfPqgqlnokKLB7dh9jeNy8Uv/gI3AJO5JGBj4pA5oJ3A6NDrkTlk7TGX4mbELbYmJggYzCIT4oGTJ2eRGmbbQAR5cby1FdLS6nhRMTB82kjffJ452ScN3N6YMMuyBFHDuzqgHxjQuuHHTTvBdN016EaXTS8SHzJqD35P66AFshxvQDf+8LQoIYIA7qKePgU/FTjIJQBlUFMdcC6EGefwzowFLgBAHQx/IJAaR+IRur1rjEDye74xMNOTp490eYAaZgTU5QLIgO4/8XC87gcAzTCHBTouZ0T0zLqv3362bAt0gqAOnUJz5ou12eOgvSQfRZTQ4CigYwWIefpV0sAKm4pjzw9lqlGIb2iIUBAaQ/3wG7BlpygTPqVyp6lGE6ww5VjXycEtzY2RFJeRO08m8bhJ27URfefiH8sKqj8hMby+mM/fW+HZMI3ozLplWRbQRKcqRk358fFq2H5yUY5XDuBwT8swX4SZ84dJemd9nYznnWWycAp/MLe4EGROjt+yCiLLAAeBCNsrtBvzqCBRwWaGG3CutkkDlyjULtOop6Q1CJW8XZNdYQRbVhaMviOCLUXN6AAd2NG0NLRCnKCX/avLIq6PyP9tPygTOe84kDWIH9f6L5sml53Q+QwozKQZuQjsgC5cHFUEmQEHg+rLBL2D7cPqnSsBzHWy1+mtZohrOWxIOFEKdm0gN0RmRd0L3N47J4NgumRhckNnLNVQk1b3CR3JZ23FoQv7rmRNyHY6Wb79qSC7Cvr5TunfHSfnMPfvkmb1jPJaSqYUD8s2nm7IYs2HtIj2Tbi8KQ7TFNqkHCIrehBVNigNSL5GRgsuOmJFD4z4DQNfRxs6hnH6cRl5OL5Y8kyG4knJKBD2nBbwdbeHwDrcX9oEmEHZ4ZFJOhQaFOHMLTkNXze+Rr75z2azBfwEd9YGvvig/33Vcapx5o6MyuvewTOK5x/d/MWzaQrHnGifGhO3OcnaFHkXoeT/BpeSNAS0UcGejJ52qiG3MhLyYKCgoP6O3fa7gNiPouQunSxuc2JcaV7iEU8ppvBLy0PNJ5eIhOyoIH9NIBGLnkSn5+MXzZLCnndWkQu5+5oiMIeg8BdXDOKzHzBvHh+WlPm7NsxFeOMNgaCK/SPwiBoLRePXlhYgARq60pkyiUcFLLC/kASe80M0yRqMSjc5i7xWfkz58Xm+iWYZr639slb+647s4psaygQc6ei6hnLLmay5dE64rI/mPWvWluLJkUePprJ6GYjXIO6AGuin3YRnOURTlcuALfemRpJJ4d/XdQ0DUSSowPTCq232DV7U6LlrZuUOa8jfbjpljYSjPXU8+Qtu1gD7R1sO7svN9COlMqwzkDauXyI1XrLeG5La8zLX73pfG5DOXzci83vy4oAy+9Y2L5I67GnJicso6gB2BR6bdQwtkw2Jf/9Ux860k7XTrImtd8QBNmSAiZ9GxSZ5wnrP0dc3IKB64MKX4O7gacCVninQNVEmRv956zGwkPgr2Zwgvq5tuSKF6cSWKwczaedwJyEgz93QsDS0YlKs3r5a3X7lBens6HxfftGaOfGnbUfnduw/IX16zSDZia+lqCt0orVs2KHfddol8+utPyc9eOSJd/f3Ss3qV9OCx6S3r8TQs988lSUptT3wrZEtQhvZiyjgr8GEHzMddYwRnQK0KDW2xovL2GDWbeo6OJStFOSPqshUY5D7BVT8FyPr4e98kF5x1ufTioUpXd48d0JUOvQobLSXXvQG7ng9unC93Pz8sN34TR82nSkvXyAA+THMxY97/hrmycoGGs71ktAFcLXodSxDxGTcC56QYBTz25ZsJy/un5DV8GWsR86AVdFOQ63dI4SAgKaBadpaJaiXJO00zv1CWB5Bnz+EaTk/1cFpz11TOcr2QJdpIdr0cx9CbzuqTn+NY+uBI+7ciMhU6w5bgIczGZX3SC0dyXskwGMrjhQ1SXw2hS1BiKk1rLh+NQs4ZgGPfcweb8sQhU5SQXijXrZYHPS/HcM9pRRmyuc6kmP7nFX4TFenD0kLfIvzufFlHKExMsjNdpKPah0C+Fc8C2qUKuh2koCWwF6KOOFoTjFDchFEniSEPbCow+JjSnAHnzUMZGrALS+wUTJoPYc81YJnSPH4KD0LIhYpcnkAm0BLMCyvnNaWnu1v9062MtgC40KuCdKBNSspaeWRlbrcCckqLHpNmB8egSP6oX4U/lXsARDJlViSYHWBL0NI5XXL2wLTs5pFEhqU/VgfR6Zrx4nXDFMxETiQUEpHo0MkC/zKmFzfjxz18eUufB2jI4C95RRtDGDkS6ZkapbUntYMF3HUUhkq+KcqMKJ1FfIySOQaCvWaDrZSe0DmIwDy4iL12AKd5N25yV58Ftbg7EqMffuvVKVGmq1EA2Pv6IY4yLsuKfWM2Pr8oKD/Xm2G0BZn8WVgOVw/hpotXGTlA+EmBBy7w3nILC+lIHdjGzK9VoNfhMf5ZMFkqpaiGLJhBUlxGtyWIjoPIxpdSIrBh9jIUR9uGRXVZ0jctB3kskcmkaUYlTk9sBjKjqx0QEt95iioRM79CB7Dcqd+yWrD9467H7gFF9KnMElUxTLnKvOwwBYxMzcj9eCj/5N5xOTqu+6/E7lTgaejmFf1y7aoBGchf6a8a0TpaV6G37JtSEEtIG116H0AHDPT1yrtWj8rXtufByRqZjGQGnVawvEPYskTM9JFof9b2Cmb9oqZcgN1HHTPS3pJzH4mzgalqq8E3ZZUrZBj8f3zsmOw7iVcrx/GAB0+cNiGwN2+Yp48qKxJa5aHAM4cm5YGXR+XZgxPyqc0LW7Hud4prRZFvQytULidILutDiA3kjbhLG30+XmJ6y5JJefwAmhhGShEzBUmHFqwWfRu5KaAe75Qk5KoLoPrVh+9Tv3VBl/TyGYAuP5idvu+v/ngwqWKhQ2/Q6oMIIoN/8uCINMbwfhBsPnLohCzBez//+bEN2O5SuH3iqyx8m4Idccs67IkrKfchueEFPEVASRtouVZhjPw8xRrL0daFXUdPT5+8a21dlvVzlPsnX8O1nPGAYb/idmN4zvCQo2m/P2gfmiuOow5zkfcO8t+/oSZLFgyk0c/fEGhw2wUJeGsMlfDP/rFtxuJV5Cd7JxD4CZkZHsHLVnjhii9d4XP3T/fLfduPKqbThe8R8Rh7G18D92Ra3TRo2gby6AMrXrabMOkMjBOtoBAjhjY0MGYBO2Ee3gb76MaaDPWiUYxuBFSD6VtV6uWHRp0eTqhTFFO+YdLbddQFumGJ4S2vKe9eJ3Lpef14R9RHP/f/vD+xB+hn9QMC/7GHLLd2WZnGTYZPwKbRATUPvL3xxrfexuUnL+Pc6hRp0/I+PE2zl9uokinyqOhApRc0y40PCsUzYQqQwU9Ia0HF9cIBZjMByxCmPoOwZN6AfOLiLlmM7y4c3flOJgKuhlOQiaMT9qliaFxnQ+pEw3EBeDfO0q5b24c3pXvVPm++/EGHDX91MV3oOiS1PSSyzL+WD5lIC/vRnl7oQ8B5zq+vH3Im4HPl2vkGmuX6GG7cQwNtDvHcJtubbFOPz1Z9LSUCb94SSKk2iadcnAUcdVyK0Al1BGMploNPbuqS9Qs56i1gsaSobg1+hU4aPmW8Y9wFdQPlPszTD11UkxvWDUhvP97N1Buv73y8IfSYQdZ/apRKvA3GbNOggr95RZ90zx2Unjk4T8IssJkwLh+8ZJlcc/7izrLgfAc/6nh0z7hcfg6+ljOFvbBvVA1rKS7g4ygCV/tzWKDLVdbYOCad7jh3Rx9YHZ2weH5N/mDTuDzyypRseaUpeHVIkwbRim7HdLiqyJRnAoUdql83JPKhjd3oZFt26vzWy5Gvxjkv+EGiWhZdPUmzpgr+ulWD8hx2NLvWnCfTi2F0+KRcvn6xXHjRMvni49lpa6YUk1S27ZuQh/GLmlULe+QavCGX289dSXHggFGGccu7oEwiitYm1ryh7oB+6eEs0HpNMB5lAPUb1k/JxcvH5b6d07J1r0hDR6MJhc6Sk8kzYBJAZMU87PPXdcnGs/AKIE45GXj+ZMlmH7ZBnIk++t2lknyJ1qljYC9axrfi/uiShfIQXkt8bE9djs6fJ4/jMcPjHYJP/VTLpevt+HnStQh+D39QmAyjEG2Dn1yCWtwAuPQ9QIUppA0zVXbNlOUGePNDD/AWGAHhmrx0YV0+8KYpece6Sdm2Zxp75KbsHRGbFVAYMyn8o0qeai7GE8O1C2uy+ZwuWYeHG1zrebPnUhdftvSGy+Brc3JnKuXkOOh5uQLLg9KHTrh57aB+EqyNbJBy2TI+R9A+6vaXYFGw19NZy6PhAgGaPWcn4G6O9ZxR1H04ZwZG6yIE8Oa5Dblx/bRM4gd7R/D7q93Hm3J8oib8qQ+DPqe3JssGa3Lugi7px02wuxvBhixv8rHU6KhnZ3NgMPg6QCpeRZszMkkMElMbtjGCGdGMvOAm2TILw0iVBjXyTDBJ5rQ81PpMuHCNCtm2vC/CP+btTCQigw5BfVe/hi2WdkpdZhhMbI96+poyODgj5yy27Vf4lgdV13UNNDuVgYZO6DUM7dMDfpAKt63uJOcmdhtYwmshANXc9RXgCHhBsVIbQYfk8dRdUPhO7+wvfyjv6jiSPYXqTvXUSg9N6OeIpax2Bt5UY2fYNgy5KnProdhHtQZPyxb0NNJJU2wRfOqpBpsQ06/g1susTIO3QFIUc3W0XEZWB22gE13h0X7ngpZuwmSxmQEpqw91YZfcaL7xQk6nkGviEkK6OmEX1Kijqt10RcAt5wwguLATVvV+gZvfUuy7yd0/xveV8MORXG1ephpPOZmy5jdKySejBl5z54V9vaFmIpQ4VVK7dBCNSnpQxz0AVafYNKmoIq8lmUlzvsJMeGDsT4MUZzQqqZgETAo08CRb5JVeRfHR343n9MkynEJGImY/7i8P7JnAe6uFhKoCzyhRcykENY6TQ4/lhXyZjhpYwU39ZeQWaAuBsnm7qAjBSLsgKmRwkuKwRJq6WswOU875AloSMGrr1XqhCDwQWtFLCa4mDZ4amgN45HMDgo/7tnzqrj3y708eQwNm5A8vG5K/eMcKuQZfprb4L1vC/cgLhaSE7SgbKtWsmpt+/WXVhQiWdHoFWVqCaKGE0Top5myM9vknnpez992Dx5INinROVWWdkafNGVx6oSw//0Ny212vyp0P49eBeoiEX7hvGcZPZSfl7397rTz/2pj+1utUSn9590KDxYeD4zJ8mVs+L383NDDwRkc4QMgzKgZQJFCDZfeCEiMqcsXW35GBsdN4bSNJ/OoKfUOfVmXf2LpPavihiL6Gjh0W31D7+iO7tAOmcC/476dOfXj2q/Oq0PQAXtr94m+eC4KFmFd2D3OlsBO0AIInzICM4kXtiJweaOQztbyHM8avodicsVlnx8U460Dg9fVAbnPx/YEpW2Z/DR6VTXRzGiDCWUSLpQfEnK6SIBT3gFxXC7JgPvK2b8t5u7+lhgrqmZVmUd/Gy0L3QM+FcjGqH750qfzTlp3A4jbqnfDJazdoA2dwk37vmxcWQh1L9IIBQ+Jg055DPqtzBm93rSP4V+Ltug7j1ulh0zqJ1u2bcCejbegjg+fJc+fbUkBH2kAK/wp7Bc1LHVlJYSuCA2wZdjuff98GfPOekn978CWEsCkfvX6N/Nl7LpDdeKK18dxBeSNXgTNJ0QFh2wYyNAQhL7nignVKS4TG1pWaopNIr635+h4MIx8JCqS+pty+eQELaQ3TyulcOjjWgWwa1aPUardSrVsQ+tAL1+KXKOfOLW9Ddw835EeVbeis7rY4VIzKkCtBSpVAtOaERTRzkc89dBiM4LgcAD4DHOqBCMHWEFQMEtgBFDoKCVASMRcKpxIzeRcjpdAhus/fghPLof4uOWcuVlCAdg9P43zJnkbl2FJZ1YcN21K3sxyIJNtCSBwtkJ23hsQWESXElj2ziucrlXtAMFV3q6J22qE8DFYdMS30iIicGxJlhQmVs5OSokD2ETz+O4KtZ9uk8klbCWJUBSg9dXLuXkmifaXQULRfA1HSU/ig+OJitrF5qNwDQi21IEXVap1IDmQPB5CFkieOCb71CWdktW+SigJ66tIsQu1YSsOlxCtVyibJqrZGES0yICQaJYqZpvcAUBKbBQQAv+zk6RvXP7s5MCAEH8TNLoGBYLJ6RlUwGRHJAhVoUvKkAXdCKmcqc+ysZbUNQVVCBd4G9ZJloyQdRjC3WJ4ltYMmkShkdgulDHgk14JsH5ZIMkoiDuOxY8FwIp9b3rVzTA7jTQFrlplQoOstLAWBwixbilIeJ3UA7MgDe8pcTeCieaEgVUnKlJQaGqCMz2Lgg53nJWjOSEIsWLBztmoFIW/zAQzkb+E3B51S7byv7Ta1FKyiODvYQWqOeTtQIVQKLCuchXZRr1r0k50RWUxTPdFTgWjFc4aWdhR+ymiAkkq+guHYpPmUAyBcL1kuNc4sJX4qhAcd8qrfgNl/sgwPPtSrtChTAQLOOhMM2KT2Khqs/0FVN2xNQyUFoo0csZkDrKaQuB5q5y/yNZGm3yxNTGnUT5r6aT7psYmbS/opCz3wElC0Q/1SDXbJ/NC20SZjoAnC9uf1RC3q1P96UsQzZGG3uz58SBpz8f+NYaJjSbkXMmetIRYAkiPx1ZIUCNLj96gpMKABQ5SmUG01p0UXO4aZ90XAdEBQlqMaD33YhTobFAB58PRogkF3W+pnpeGKg0zq7BiAqod0bYT6XJpp5KtwNCwJwHCF5izN2smA0T2C/+ATja38yi74W1agPuRKtGeAUQaxFkW9WjGhW5aI4OtIo6zpIVk1tXMQzMQPza1OmTvBr+Zu17LQBlCmxyHuR0VB7ldersBeVxWxOHjbWpt33Yd26jSljfiY0oJgdBulvGqdU9tbwCw+EeCCYCCOSpMrvjQZx+muIPmAQvxugYLVl5qI0+RyYS/kLQdTC3SQfuPDolVVnBVCWlI+KPNyDmwrmAPalCHTd+A5ZegMCMjqv3uy2Zi3RKvJHxY4YBHseGQY+BJGW2FY4+fLQ0ggpxCDgAbZ6Ee9XFBwsW7TOISqAXDjXEb48L7wBSXHk9ZGteovXdrpLwGyyplgMzEtcs0fOSJ7P7uZbmn6f14LPdwtGOonAAAAAElFTkSuQmCC"/>
-</defs>
-</svg>
diff --git a/windows/security/images/icons/drive.svg b/windows/security/images/icons/drive.svg
deleted file mode 100644
index 0293932c8e..0000000000
--- a/windows/security/images/icons/drive.svg
+++ /dev/null
@@ -1,75 +0,0 @@
-<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_127_1763)">
-<g clip-path="url(#clip1_127_1763)">
-<path d="M18.8399 9.1783L15.2316 5.19317C15.1191 5.07028 14.9745 5.00006 14.8137 5.00006H5.17828C5.02559 5.00006 4.8729 5.07028 4.76039 5.19317L1.16016 9.1783H18.8399Z" fill="#E1E3E6"/>
-<path opacity="0.5" d="M18.8399 9.1783L15.2316 5.19317C15.1191 5.07028 14.9745 5.00006 14.8137 5.00006H5.17828C5.02559 5.00006 4.8729 5.07028 4.76039 5.19317L1.16016 9.1783H18.8399Z" fill="url(#paint0_linear_127_1763)"/>
-<path opacity="0.5" d="M1.16016 9.1783L4.76679 5.19317C4.87925 5.07028 5.02383 5.00006 5.18448 5.00006H14.8156C14.9682 5.00006 15.1208 5.07028 15.2333 5.19317L18.8399 9.1783H1.16016Z" fill="url(#paint1_linear_127_1763)"/>
-<path d="M18.4431 15H1.56476C1.25011 15 1 14.7309 1 14.3922V9.60785C1 9.26921 1.25011 9.00003 1.56476 9.00003H18.4351C18.7497 9.00003 18.9998 9.26921 18.9998 9.60785V14.3922C19.0079 14.7222 18.7497 15 18.4431 15Z" fill="url(#paint2_linear_127_1763)"/>
-<path opacity="0.6" d="M18.4431 15H1.56476C1.25011 15 1 14.7309 1 14.3922V9.60785C1 9.26921 1.25011 9.00003 1.56476 9.00003H18.4351C18.7497 9.00003 18.9998 9.26921 18.9998 9.60785V14.3922C19.0079 14.7222 18.7497 15 18.4431 15Z" fill="url(#paint3_linear_127_1763)"/>
-<path opacity="0.6" d="M1.56477 15H18.4352C18.7499 15 19 14.7309 19 14.3922V9.60785C19 9.26921 18.7499 9.00003 18.4352 9.00003H1.56477C1.25011 9.00003 1 9.26921 1 9.60785V14.3922C1 14.7222 1.25818 15 1.56477 15Z" fill="url(#paint4_linear_127_1763)"/>
-<path d="M17.4667 14H2.53333C2.23619 14 2 13.752 2 13.44V9.00003H18V13.44C18 13.752 17.7638 14 17.4667 14Z" fill="url(#paint5_linear_127_1763)"/>
-<path d="M18.4375 9.07717C18.7107 9.07717 18.9277 9.3086 18.9277 9.60003V14.4C18.9277 14.6915 18.7107 14.9229 18.4375 14.9229H1.5625C1.28929 14.9229 1.07232 14.6915 1.07232 14.4V9.60003C1.07232 9.3086 1.28929 9.07717 1.5625 9.07717H18.4375ZM18.4375 9.00003H1.5625C1.24911 9.00003 1 9.26574 1 9.60003V14.4C1 14.7343 1.24911 15 1.5625 15H18.4375C18.7509 15 19 14.7343 19 14.4V9.60003C19 9.26574 18.7509 9.00003 18.4375 9.00003Z" fill="url(#paint6_linear_127_1763)"/>
-<path opacity="0.15" d="M4.99972 12.0003C5.27602 11.7244 5.27627 11.2766 5.00028 11.0003C4.7243 10.724 4.27658 10.7238 4.00028 10.9998C3.72398 11.2758 3.72373 11.7235 3.99972 11.9998C4.2757 12.2761 4.72342 12.2763 4.99972 12.0003Z" stroke="#00FF00" stroke-width="0.522914" stroke-miterlimit="10"/>
-<path opacity="0.3" d="M4.99972 12.0003C5.27602 11.7244 5.27627 11.2766 5.00028 11.0003C4.7243 10.724 4.27658 10.7238 4.00028 10.9998C3.72398 11.2758 3.72373 11.7235 3.99972 11.9998C4.2757 12.2761 4.72342 12.2763 4.99972 12.0003Z" stroke="#00FF00" stroke-width="0.261461" stroke-miterlimit="10"/>
-<path d="M4.99972 12.0003C5.27602 11.7244 5.27627 11.2766 5.00028 11.0003C4.7243 10.724 4.27658 10.7238 4.00028 10.9998C3.72398 11.2758 3.72373 11.7235 3.99972 11.9998C4.2757 12.2761 4.72342 12.2763 4.99972 12.0003Z" fill="#00B300"/>
-<path d="M4.39104 11.9616C4.77592 11.899 5.03549 11.5409 4.97284 11.1561C4.95494 11.0755 4.92808 10.9949 4.89228 10.9233C4.74907 10.8249 4.57005 10.7801 4.38208 10.807C3.9972 10.8696 3.73763 11.2277 3.80028 11.6125C3.81818 11.6931 3.84503 11.7737 3.88084 11.8453C4.02405 11.9437 4.20307 11.9885 4.39104 11.9616Z" fill="url(#paint7_radial_127_1763)"/>
-<path d="M4.99972 12.0003C5.27602 11.7244 5.27627 11.2766 5.00028 11.0003C4.7243 10.724 4.27658 10.7238 4.00028 10.9998C3.72398 11.2758 3.72373 11.7235 3.99972 11.9998C4.2757 12.2761 4.72342 12.2763 4.99972 12.0003Z" stroke="#00FF00" stroke-width="0.0894687" stroke-miterlimit="10"/>
-</g>
-</g>
-<defs>
-<linearGradient id="paint0_linear_127_1763" x1="13.9892" y1="4.95508" x2="14.6969" y2="4.35094" gradientUnits="userSpaceOnUse">
-<stop stop-color="white" stop-opacity="0"/>
-<stop offset="0.2836" stop-color="#DCDCDC" stop-opacity="0.1418"/>
-<stop offset="0.9093" stop-color="#838383" stop-opacity="0.4546"/>
-<stop offset="1" stop-color="#767676" stop-opacity="0.5"/>
-</linearGradient>
-<linearGradient id="paint1_linear_127_1763" x1="6.00862" y1="4.95507" x2="5.30105" y2="4.35125" gradientUnits="userSpaceOnUse">
-<stop stop-color="white" stop-opacity="0"/>
-<stop offset="0.2836" stop-color="#DCDCDC" stop-opacity="0.1418"/>
-<stop offset="0.9093" stop-color="#838383" stop-opacity="0.4546"/>
-<stop offset="1" stop-color="#767676" stop-opacity="0.5"/>
-</linearGradient>
-<linearGradient id="paint2_linear_127_1763" x1="10.0039" y1="14.9968" x2="10.0039" y2="8.9946" gradientUnits="userSpaceOnUse">
-<stop stop-color="#ABABAB"/>
-<stop offset="0.1971" stop-color="#A7A7A7"/>
-<stop offset="0.3984" stop-color="#9B9B9B"/>
-<stop offset="0.6016" stop-color="#868686"/>
-<stop offset="0.8047" stop-color="#6A6A6A"/>
-<stop offset="1" stop-color="#474747"/>
-</linearGradient>
-<linearGradient id="paint3_linear_127_1763" x1="7.39469" y1="9.18753" x2="6.70448" y2="8.54622" gradientUnits="userSpaceOnUse">
-<stop stop-color="white" stop-opacity="0"/>
-<stop offset="0.4506" stop-color="#BBBBBB" stop-opacity="0.2253"/>
-<stop offset="0.8188" stop-color="#898989" stop-opacity="0.4094"/>
-<stop offset="1" stop-color="#767676" stop-opacity="0.5"/>
-</linearGradient>
-<linearGradient id="paint4_linear_127_1763" x1="12.6133" y1="9.18753" x2="13.3035" y2="8.54621" gradientUnits="userSpaceOnUse">
-<stop stop-color="white" stop-opacity="0"/>
-<stop offset="0.4506" stop-color="#BBBBBB" stop-opacity="0.2253"/>
-<stop offset="0.8188" stop-color="#898989" stop-opacity="0.4094"/>
-<stop offset="1" stop-color="#767676" stop-opacity="0.5"/>
-</linearGradient>
-<linearGradient id="paint5_linear_127_1763" x1="10" y1="14" x2="10" y2="8.99894" gradientUnits="userSpaceOnUse">
-<stop stop-color="#666666"/>
-<stop offset="0.109" stop-color="#5E5E5E"/>
-<stop offset="0.6917" stop-color="#393939"/>
-<stop offset="1" stop-color="#2B2B2B"/>
-</linearGradient>
-<linearGradient id="paint6_linear_127_1763" x1="10" y1="15" x2="10" y2="9.00003" gradientUnits="userSpaceOnUse">
-<stop stop-color="#C9C9C9"/>
-<stop offset="0.3698" stop-color="#CDCDCD"/>
-<stop offset="0.7464" stop-color="#D9D9D9"/>
-<stop offset="1" stop-color="#E6E6E6"/>
-</linearGradient>
-<radialGradient id="paint7_radial_127_1763" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(4.33063 11.589) rotate(-117.661) scale(0.94236 0.847944)">
-<stop stop-color="#BDFFBD"/>
-<stop offset="1" stop-color="#00FF00"/>
-</radialGradient>
-<clipPath id="clip0_127_1763">
-<rect width="20" height="20" fill="white"/>
-</clipPath>
-<clipPath id="clip1_127_1763">
-<rect width="20" height="20" fill="white"/>
-</clipPath>
-</defs>
-</svg>
diff --git a/windows/security/images/icons/face.svg b/windows/security/images/icons/face.svg
deleted file mode 100644
index a4fa1ca0df..0000000000
--- a/windows/security/images/icons/face.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="14" height="11" viewBox="0 0 14 11" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M6.95605 10.8428C6.37598 10.8428 5.7959 10.7666 5.21582 10.6143C4.63574 10.4619 4.08203 10.2451 3.55469 9.96387C3.02734 9.67676 2.54395 9.33105 2.10449 8.92676C1.66504 8.52246 1.29883 8.06543 1.00586 7.55566C0.958984 7.47363 0.920898 7.39746 0.891602 7.32715C0.868164 7.25098 0.856445 7.16309 0.856445 7.06348C0.856445 6.94043 0.879883 6.82617 0.926758 6.7207C0.973633 6.60938 1.03809 6.5127 1.12012 6.43066C1.20801 6.34277 1.30469 6.27539 1.41016 6.22852C1.52148 6.18164 1.63867 6.1582 1.76172 6.1582C1.9375 6.1582 2.08398 6.19629 2.20117 6.27246C2.32422 6.34863 2.43555 6.4541 2.53516 6.58887C2.64648 6.73535 2.75488 6.87891 2.86035 7.01953C2.97168 7.16016 3.08887 7.29785 3.21191 7.43262C3.74512 7.9834 4.33105 8.3877 4.96973 8.64551C5.6084 8.90332 6.30859 9.03223 7.07031 9.03223C7.5625 9.03223 8.01367 8.97656 8.42383 8.86523C8.83984 8.75391 9.22656 8.59277 9.58398 8.38184C9.94141 8.1709 10.2754 7.91602 10.5859 7.61719C10.8965 7.3125 11.1953 6.96973 11.4824 6.58887C11.582 6.45996 11.6875 6.35742 11.7988 6.28125C11.9102 6.19922 12.0508 6.1582 12.2207 6.1582C12.4902 6.1582 12.7129 6.24023 12.8887 6.4043C13.0703 6.56836 13.1611 6.78809 13.1611 7.06348C13.1611 7.16309 13.1494 7.24512 13.126 7.30957C13.1025 7.37402 13.0674 7.44727 13.0205 7.5293C12.874 7.79297 12.7041 8.03613 12.5107 8.25879C12.3174 8.47559 12.1152 8.68652 11.9043 8.8916C11.2305 9.53027 10.4688 10.0166 9.61914 10.3506C8.76953 10.6787 7.88184 10.8428 6.95605 10.8428ZM5.16309 2.08887C5.16309 2.28223 5.125 2.4668 5.04883 2.64258C4.97266 2.81836 4.87012 2.97363 4.74121 3.1084C4.6123 3.2373 4.45996 3.33984 4.28418 3.41602C4.11426 3.49219 3.92969 3.53027 3.73047 3.53027C3.53125 3.53027 3.34375 3.49219 3.16797 3.41602C2.99805 3.33984 2.84863 3.2373 2.71973 3.1084C2.59082 2.97949 2.48828 2.83008 2.41211 2.66016C2.33594 2.48438 2.29785 2.29688 2.29785 2.09766C2.29785 1.89844 2.33301 1.71094 2.40332 1.53516C2.47949 1.35938 2.58203 1.20703 2.71094 1.07812C2.83984 0.943359 2.98926 0.837891 3.15918 0.761719C3.33496 0.685547 3.52246 0.647461 3.72168 0.647461C3.9209 0.647461 4.10547 0.685547 4.27539 0.761719C4.45117 0.837891 4.60352 0.943359 4.73242 1.07812C4.86719 1.20703 4.97266 1.35938 5.04883 1.53516C5.125 1.70508 5.16309 1.88965 5.16309 2.08887ZM8.85449 2.08887C8.85449 1.88965 8.89258 1.70215 8.96875 1.52637C9.04492 1.35059 9.14746 1.19824 9.27637 1.06934C9.40527 0.94043 9.55762 0.837891 9.7334 0.761719C9.90918 0.685547 10.0967 0.647461 10.2959 0.647461C10.4951 0.647461 10.6797 0.685547 10.8496 0.761719C11.0254 0.837891 11.1777 0.943359 11.3066 1.07812C11.4355 1.20703 11.5352 1.35938 11.6055 1.53516C11.6816 1.70508 11.7197 1.88965 11.7197 2.08887C11.7197 2.28809 11.6816 2.47559 11.6055 2.65137C11.5293 2.82129 11.4268 2.97363 11.2979 3.1084C11.1689 3.2373 11.0166 3.33984 10.8408 3.41602C10.6709 3.49219 10.4863 3.53027 10.2871 3.53027C10.0879 3.53027 9.90039 3.49219 9.72461 3.41602C9.55469 3.33984 9.40527 3.2373 9.27637 3.1084C9.14746 2.97363 9.04492 2.82129 8.96875 2.65137C8.89258 2.47559 8.85449 2.28809 8.85449 2.08887Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/insider.svg b/windows/security/images/icons/insider.svg
deleted file mode 100644
index fa002fa2a1..0000000000
--- a/windows/security/images/icons/insider.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M6.37207 2.58398C6.37207 2.23242 6.44238 1.90137 6.58301 1.59082C6.72949 1.27441 6.92285 0.999023 7.16309 0.764648C7.40332 0.530273 7.68164 0.345703 7.99805 0.210938C8.31445 0.0703125 8.64844 0 9 0C9.35742 0 9.69434 0.0703125 10.0107 0.210938C10.333 0.351562 10.6113 0.541992 10.8457 0.782227C11.0859 1.0166 11.2764 1.29492 11.417 1.61719C11.5576 1.93359 11.6279 2.27051 11.6279 2.62793C11.6279 2.99121 11.5576 3.33105 11.417 3.64746C11.2822 3.96387 11.0947 4.24219 10.8545 4.48242C10.6201 4.7168 10.3418 4.9043 10.0195 5.04492C9.70312 5.17969 9.36328 5.24707 9 5.24707C8.64844 5.24707 8.31445 5.17969 7.99805 5.04492C7.68164 4.91016 7.40332 4.72852 7.16309 4.5C6.92285 4.26562 6.72949 3.99316 6.58301 3.68262C6.44238 3.37207 6.37207 3.04102 6.37207 2.68945V2.58398ZM1.125 3.375V3.33105C1.125 3.02637 1.18652 2.74219 1.30957 2.47852C1.43262 2.20898 1.59668 1.97461 1.80176 1.77539C2.00684 1.57617 2.24414 1.41797 2.51367 1.30078C2.78906 1.18359 3.07617 1.125 3.375 1.125C3.67969 1.125 3.96973 1.18652 4.24512 1.30957C4.52051 1.42676 4.75781 1.58789 4.95703 1.79297C5.16211 1.99219 5.32324 2.22949 5.44043 2.50488C5.56348 2.78027 5.625 3.07031 5.625 3.375C5.625 3.68555 5.56348 3.97852 5.44043 4.25391C5.32324 4.52344 5.16211 4.76074 4.95703 4.96582C4.75781 5.16504 4.52051 5.32617 4.24512 5.44922C3.96973 5.56641 3.67969 5.625 3.375 5.625C3.06445 5.625 2.77148 5.56641 2.49609 5.44922C2.22656 5.32617 1.98926 5.16504 1.78418 4.96582C1.58496 4.76074 1.42383 4.52344 1.30078 4.25391C1.18359 3.97852 1.125 3.68555 1.125 3.375ZM10.5029 2.62793C10.5029 2.42285 10.4619 2.22949 10.3799 2.04785C10.3037 1.86621 10.1953 1.70801 10.0547 1.57324C9.91992 1.43262 9.76172 1.32422 9.58008 1.24805C9.39844 1.16602 9.20508 1.125 9 1.125C8.79492 1.125 8.60156 1.16602 8.41992 1.24805C8.23828 1.32422 8.07715 1.43262 7.93652 1.57324C7.80176 1.70801 7.69336 1.86621 7.61133 2.04785C7.53516 2.22949 7.49707 2.42285 7.49707 2.62793C7.49707 2.83301 7.53516 3.02637 7.61133 3.20801C7.69336 3.38965 7.80176 3.54785 7.93652 3.68262C8.07715 3.81738 8.23828 3.92578 8.41992 4.00781C8.60156 4.08398 8.79492 4.12207 9 4.12207C9.20508 4.12207 9.39844 4.08398 9.58008 4.00781C9.76172 3.92578 9.91992 3.81738 10.0547 3.68262C10.1953 3.54785 10.3037 3.38965 10.3799 3.20801C10.4619 3.02637 10.5029 2.83301 10.5029 2.62793ZM12.375 3.375V3.33105C12.375 3.02637 12.4365 2.74219 12.5596 2.47852C12.6826 2.20898 12.8467 1.97461 13.0518 1.77539C13.2568 1.57617 13.4941 1.41797 13.7637 1.30078C14.0391 1.18359 14.3262 1.125 14.625 1.125C14.9297 1.125 15.2197 1.18652 15.4951 1.30957C15.7705 1.42676 16.0078 1.58789 16.207 1.79297C16.4121 1.99219 16.5732 2.22949 16.6904 2.50488C16.8135 2.78027 16.875 3.07031 16.875 3.375C16.875 3.68555 16.8135 3.97852 16.6904 4.25391C16.5732 4.52344 16.4121 4.76074 16.207 4.96582C16.0078 5.16504 15.7705 5.32617 15.4951 5.44922C15.2197 5.56641 14.9297 5.625 14.625 5.625C14.3145 5.625 14.0215 5.56641 13.7461 5.44922C13.4766 5.32617 13.2393 5.16504 13.0342 4.96582C12.835 4.76074 12.6738 4.52344 12.5508 4.25391C12.4336 3.97852 12.375 3.68555 12.375 3.375ZM4.5 3.375C4.5 3.22266 4.4707 3.0791 4.41211 2.94434C4.35352 2.80371 4.27148 2.68359 4.16602 2.58398C4.06641 2.47852 3.94629 2.39648 3.80566 2.33789C3.6709 2.2793 3.52734 2.25 3.375 2.25C3.2168 2.25 3.07031 2.2793 2.93555 2.33789C2.80078 2.39648 2.68066 2.47852 2.5752 2.58398C2.47559 2.68359 2.39648 2.80078 2.33789 2.93555C2.2793 3.07031 2.25 3.2168 2.25 3.375C2.25 3.5332 2.2793 3.68262 2.33789 3.82324C2.39648 3.95801 2.47559 4.0752 2.5752 4.1748C2.6748 4.27441 2.79199 4.35352 2.92676 4.41211C3.06738 4.4707 3.2168 4.5 3.375 4.5C3.5332 4.5 3.67969 4.4707 3.81445 4.41211C3.94922 4.35352 4.06641 4.27441 4.16602 4.1748C4.27148 4.06934 4.35352 3.94922 4.41211 3.81445C4.4707 3.67969 4.5 3.5332 4.5 3.375ZM15.75 3.375C15.75 3.22266 15.7207 3.0791 15.6621 2.94434C15.6035 2.80371 15.5215 2.68359 15.416 2.58398C15.3164 2.47852 15.1963 2.39648 15.0557 2.33789C14.9209 2.2793 14.7773 2.25 14.625 2.25C14.4668 2.25 14.3203 2.2793 14.1855 2.33789C14.0508 2.39648 13.9307 2.47852 13.8252 2.58398C13.7256 2.68359 13.6465 2.80078 13.5879 2.93555C13.5293 3.07031 13.5 3.2168 13.5 3.375C13.5 3.5332 13.5293 3.68262 13.5879 3.82324C13.6465 3.95801 13.7256 4.0752 13.8252 4.1748C13.9248 4.27441 14.042 4.35352 14.1768 4.41211C14.3174 4.4707 14.4668 4.5 14.625 4.5C14.7832 4.5 14.9297 4.4707 15.0645 4.41211C15.1992 4.35352 15.3164 4.27441 15.416 4.1748C15.5215 4.06934 15.6035 3.94922 15.6621 3.81445C15.7207 3.67969 15.75 3.5332 15.75 3.375ZM0 10.2832C0 9.82031 0.0908203 9.375 0.272461 8.94727C0.459961 8.51953 0.708984 8.14453 1.01953 7.82227C1.33594 7.49414 1.70215 7.2334 2.11816 7.04004C2.54004 6.84668 2.98535 6.75 3.4541 6.75C3.99902 6.75 4.51758 6.86426 5.00977 7.09277C5.50781 7.31543 5.92383 7.64648 6.25781 8.08594C6.60352 7.66406 7.01074 7.33594 7.47949 7.10156C7.94824 6.86719 8.45508 6.75 9 6.75C9.55078 6.75 10.0576 6.86719 10.5205 7.10156C10.9893 7.33594 11.3965 7.66406 11.7422 8.08594C12.082 7.64648 12.4951 7.31543 12.9814 7.09277C13.4736 6.86426 13.9951 6.75 14.5459 6.75C15.0146 6.75 15.457 6.84668 15.873 7.04004C16.2949 7.2334 16.6611 7.49414 16.9717 7.82227C17.2881 8.14453 17.5371 8.51953 17.7188 8.94727C17.9062 9.375 18 9.82031 18 10.2832C18 10.834 17.9062 11.3262 17.7188 11.7598C17.5371 12.1934 17.2529 12.6035 16.8662 12.9902L12.0938 17.8506C12.0059 17.9502 11.8887 18 11.7422 18C11.6777 18 11.6133 17.9883 11.5488 17.9648C11.4844 17.9355 11.4287 17.8975 11.3818 17.8506L9 15.416L6.61816 17.8506C6.51855 17.9502 6.39844 18 6.25781 18C6.11133 18 5.99414 17.9502 5.90625 17.8506L1.13379 12.9814C0.74707 12.5889 0.459961 12.1787 0.272461 11.751C0.0908203 11.3232 0 10.834 0 10.2832ZM6.25781 16.6025L8.20898 14.6162L6.61816 12.9814C6.24902 12.6064 5.96777 12.208 5.77441 11.7861C5.58105 11.3584 5.48438 10.8779 5.48438 10.3447C5.48438 10.1396 5.49902 9.9375 5.52832 9.73828C5.55762 9.53906 5.60742 9.3457 5.67773 9.1582C5.52539 8.96484 5.37305 8.78906 5.2207 8.63086C5.07422 8.47266 4.91602 8.33789 4.74609 8.22656C4.57617 8.11523 4.38867 8.03027 4.18359 7.97168C3.97852 7.90723 3.74414 7.875 3.48047 7.875C3.1582 7.875 2.85352 7.94238 2.56641 8.07715C2.2793 8.20605 2.02734 8.38477 1.81055 8.61328C1.59961 8.83594 1.43262 9.09375 1.30957 9.38672C1.18652 9.67969 1.125 9.98438 1.125 10.3008C1.125 10.6934 1.18945 11.0361 1.31836 11.3291C1.45312 11.6162 1.65527 11.9004 1.9248 12.1816L6.25781 16.6025ZM9 13.8076L10.5996 12.1816C10.8691 11.9062 11.0684 11.6221 11.1973 11.3291C11.332 11.0303 11.3994 10.6875 11.3994 10.3008C11.3994 9.97266 11.335 9.66211 11.2061 9.36914C11.083 9.07617 10.9102 8.81836 10.6875 8.5957C10.4707 8.37305 10.2158 8.19727 9.92285 8.06836C9.63574 7.93945 9.32812 7.875 9 7.875C8.67188 7.875 8.36133 7.93945 8.06836 8.06836C7.78125 8.19727 7.5293 8.37305 7.3125 8.5957C7.0957 8.81836 6.92285 9.07617 6.79395 9.36914C6.6709 9.66211 6.60938 9.97266 6.60938 10.3008C6.60938 10.6875 6.67383 11.0303 6.80273 11.3291C6.9375 11.6279 7.13672 11.9121 7.40039 12.1816L9 13.8076ZM11.7422 16.6025L16.0752 12.1816C16.3447 11.9004 16.5439 11.6162 16.6729 11.3291C16.8076 11.0361 16.875 10.6934 16.875 10.3008C16.875 9.98438 16.8135 9.67969 16.6904 9.38672C16.5674 9.09375 16.3975 8.83594 16.1807 8.61328C15.9697 8.38477 15.7207 8.20605 15.4336 8.07715C15.1465 7.94238 14.8418 7.875 14.5195 7.875C14.2559 7.875 14.0215 7.90723 13.8164 7.97168C13.6113 8.03027 13.4238 8.11523 13.2539 8.22656C13.084 8.33789 12.9229 8.47266 12.7705 8.63086C12.624 8.78906 12.4746 8.96484 12.3223 9.1582C12.457 9.54492 12.5244 9.94043 12.5244 10.3447C12.5244 10.8779 12.4248 11.3584 12.2256 11.7861C12.0322 12.208 11.751 12.6064 11.3818 12.9814L9.79102 14.6162L11.7422 16.6025Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/iris.svg b/windows/security/images/icons/iris.svg
deleted file mode 100644
index 465902e0b3..0000000000
--- a/windows/security/images/icons/iris.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="14" height="12" viewBox="0 0 14 12" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M7.00879 0.612305C7.6709 0.612305 8.33594 0.706055 9.00391 0.893555C9.67188 1.08105 10.3047 1.34766 10.9023 1.69336C11.5 2.03906 12.042 2.45508 12.5283 2.94141C13.0146 3.42773 13.4072 3.97266 13.7061 4.57617C13.7412 4.64648 13.7705 4.72266 13.7939 4.80469C13.8174 4.88086 13.8291 4.95996 13.8291 5.04199C13.8291 5.33496 13.7295 5.57227 13.5303 5.75391C13.3369 5.92969 13.0967 6.01758 12.8096 6.01758C12.6279 6.01758 12.4727 5.9707 12.3438 5.87695C12.2207 5.77734 12.1094 5.65723 12.0098 5.5166C11.9277 5.39941 11.8516 5.28223 11.7812 5.16504C11.7168 5.04785 11.6436 4.93359 11.5615 4.82227C11.2979 4.46484 10.9961 4.14551 10.6562 3.86426C10.3164 3.58301 9.9502 3.3457 9.55762 3.15234C9.16504 2.95312 8.75195 2.80371 8.31836 2.7041C7.89062 2.59863 7.4541 2.5459 7.00879 2.5459C6.53418 2.5459 6.0625 2.60742 5.59375 2.73047C5.13086 2.84766 4.68848 3.02051 4.2666 3.24902C3.85059 3.47754 3.46387 3.75586 3.10645 4.08398C2.75488 4.40625 2.45312 4.77246 2.20117 5.18262C2.16602 5.24121 2.13086 5.30273 2.0957 5.36719C2.06055 5.42578 2.02539 5.48438 1.99023 5.54297C1.89648 5.68945 1.7793 5.80664 1.63867 5.89453C1.49805 5.97656 1.33984 6.01758 1.16406 6.01758C1.0293 6.01758 0.90332 5.99121 0.786133 5.93848C0.668945 5.88574 0.566406 5.81543 0.478516 5.72754C0.390625 5.63965 0.320312 5.53711 0.267578 5.41992C0.214844 5.30273 0.188477 5.17676 0.188477 5.04199C0.188477 4.88379 0.229492 4.72852 0.311523 4.57617C0.62793 3.9668 1.02637 3.41895 1.50684 2.93262C1.99316 2.44043 2.5293 2.02441 3.11523 1.68457C3.70117 1.33887 4.3252 1.0752 4.9873 0.893555C5.65527 0.706055 6.3291 0.612305 7.00879 0.612305ZM7.00879 5.45508C7.39551 5.45508 7.75879 5.52832 8.09863 5.6748C8.43848 5.82129 8.73438 6.02344 8.98633 6.28125C9.23828 6.5332 9.4375 6.8291 9.58398 7.16895C9.73047 7.50879 9.80371 7.87207 9.80371 8.25879C9.80371 8.64551 9.72754 9.01172 9.5752 9.35742C9.42871 9.69727 9.22656 9.99316 8.96875 10.2451C8.7168 10.4971 8.4209 10.6963 8.08105 10.8428C7.74121 10.9893 7.37793 11.0625 6.99121 11.0625C6.59863 11.0625 6.23242 10.9893 5.89258 10.8428C5.55859 10.6963 5.26562 10.4971 5.01367 10.2451C4.76758 9.9873 4.57129 9.68848 4.4248 9.34863C4.28418 9.00293 4.21387 8.63672 4.21387 8.25C4.21387 7.86328 4.28711 7.50293 4.43359 7.16895C4.58008 6.8291 4.7793 6.5332 5.03125 6.28125C5.28906 6.02344 5.58496 5.82129 5.91895 5.6748C6.25879 5.52832 6.62207 5.45508 7.00879 5.45508Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/key.svg b/windows/security/images/icons/key.svg
deleted file mode 100644
index 62e4755d33..0000000000
--- a/windows/security/images/icons/key.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M1.6875 18C1.45898 18 1.24219 17.9561 1.03711 17.8682C0.832031 17.7803 0.650391 17.6602 0.492188 17.5078C0.339844 17.3496 0.219727 17.168 0.131836 16.9629C0.0439453 16.7578 0 16.541 0 16.3125V14.5283C0 14.3057 0.0410156 14.0918 0.123047 13.8867C0.210938 13.6758 0.333984 13.4912 0.492188 13.333L5.44922 8.38477C5.55469 8.2793 5.63379 8.15625 5.68652 8.01562C5.73926 7.86914 5.76562 7.72266 5.76562 7.57617C5.76562 7.49414 5.75684 7.40918 5.73926 7.32129C5.70996 7.13379 5.68359 6.94629 5.66016 6.75879C5.63672 6.57129 5.625 6.38379 5.625 6.19629C5.625 5.65137 5.70117 5.12109 5.85352 4.60547C6.00586 4.08398 6.21973 3.59473 6.49512 3.1377C6.77637 2.68066 7.10742 2.25879 7.48828 1.87207C7.86914 1.48535 8.28809 1.1543 8.74512 0.878906C9.20801 0.603516 9.69727 0.389648 10.2129 0.237305C10.7285 0.0791016 11.2588 0 11.8037 0C12.3721 0 12.9199 0.0732422 13.4473 0.219727C13.9805 0.366211 14.4756 0.574219 14.9326 0.84375C15.3896 1.11328 15.8057 1.43848 16.1807 1.81934C16.5615 2.19434 16.8867 2.61035 17.1562 3.06738C17.4258 3.52441 17.6338 4.01953 17.7803 4.55273C17.9268 5.08008 18 5.62793 18 6.19629C18 6.76465 17.9268 7.3125 17.7803 7.83984C17.6338 8.36719 17.4258 8.85938 17.1562 9.31641C16.8867 9.77344 16.5615 10.1895 16.1807 10.5645C15.8057 10.9395 15.3896 11.2617 14.9326 11.5312C14.4756 11.8008 13.9834 12.0088 13.4561 12.1553C12.9287 12.3018 12.3809 12.375 11.8125 12.375C11.2324 12.375 10.6699 12.2959 10.125 12.1377V12.1553C10.125 12.46 10.084 12.7031 10.002 12.8848C9.91992 13.0605 9.80859 13.1953 9.66797 13.2891C9.52734 13.3828 9.36328 13.4443 9.17578 13.4736C8.98828 13.4971 8.78613 13.5088 8.56934 13.5088C8.45801 13.5088 8.34375 13.5088 8.22656 13.5088C8.10938 13.5029 7.99219 13.5 7.875 13.5V14.625C7.875 14.9355 7.76367 15.2021 7.54102 15.4248C7.32422 15.6416 7.06055 15.75 6.75 15.75H5.625V16.3125C5.625 16.541 5.58105 16.7578 5.49316 16.9629C5.40527 17.168 5.28223 17.3496 5.12402 17.5078C4.97168 17.6602 4.79297 17.7803 4.58789 17.8682C4.38281 17.9561 4.16602 18 3.9375 18H1.6875ZM3.9375 16.875C4.06641 16.875 4.16895 16.8516 4.24512 16.8047C4.32129 16.752 4.37695 16.6875 4.41211 16.6113C4.44727 16.5352 4.46777 16.4502 4.47363 16.3564C4.48535 16.2568 4.49121 16.1572 4.49121 16.0576V15.917C4.49121 15.7412 4.51465 15.5771 4.56152 15.4248C4.6084 15.2666 4.67871 15.1289 4.77246 15.0117C4.86621 14.8945 4.9834 14.8008 5.12402 14.7305C5.26465 14.6602 5.43164 14.625 5.625 14.625H6.75V13.5C6.75 13.1895 6.8584 12.9258 7.0752 12.709C7.29785 12.4863 7.56445 12.375 7.875 12.375H9V11.3379C9 11.1797 9.05273 11.0479 9.1582 10.9424C9.26953 10.8311 9.4043 10.7754 9.5625 10.7754C9.63867 10.7754 9.71484 10.79 9.79102 10.8193C9.97266 10.8838 10.1426 10.9424 10.3008 10.9951C10.4648 11.0479 10.623 11.0947 10.7754 11.1357C10.9336 11.1709 11.0947 11.2002 11.2588 11.2236C11.4287 11.2412 11.6133 11.25 11.8125 11.25C12.2754 11.25 12.7207 11.1914 13.1484 11.0742C13.582 10.9512 13.9863 10.7812 14.3613 10.5645C14.7363 10.3418 15.0791 10.0781 15.3896 9.77344C15.7002 9.46289 15.9639 9.12012 16.1807 8.74512C16.4033 8.37012 16.5732 7.96875 16.6904 7.54102C16.8135 7.10742 16.875 6.65918 16.875 6.19629C16.875 5.72754 16.8135 5.2793 16.6904 4.85156C16.5732 4.41797 16.4033 4.01367 16.1807 3.63867C15.9639 3.26367 15.7002 2.9209 15.3896 2.61035C15.085 2.2998 14.7451 2.03613 14.3701 1.81934C13.9951 1.59668 13.5908 1.42676 13.1572 1.30957C12.7295 1.18652 12.2812 1.125 11.8125 1.125H11.6279C11.458 1.125 11.2881 1.13965 11.1182 1.16895C10.9482 1.19824 10.7783 1.23633 10.6084 1.2832C10.0811 1.42969 9.58301 1.66406 9.11426 1.98633C8.64551 2.30273 8.23535 2.68066 7.88379 3.12012C7.53809 3.55957 7.2627 4.04297 7.05762 4.57031C6.85254 5.0918 6.75 5.63086 6.75 6.1875C6.75 6.42188 6.77344 6.65332 6.82031 6.88184C6.86719 7.11035 6.89062 7.3418 6.89062 7.57617C6.89062 7.875 6.83496 8.16504 6.72363 8.44629C6.6123 8.72168 6.45117 8.96484 6.24023 9.17578L1.29199 14.1328C1.18066 14.2441 1.125 14.376 1.125 14.5283V16.3125C1.125 16.4648 1.18066 16.5967 1.29199 16.708C1.40332 16.8193 1.53516 16.875 1.6875 16.875H3.9375ZM12.375 4.5C12.375 4.3418 12.4043 4.19531 12.4629 4.06055C12.5215 3.92578 12.6006 3.80859 12.7002 3.70898C12.8057 3.60352 12.9258 3.52148 13.0605 3.46289C13.1953 3.4043 13.3418 3.375 13.5 3.375C13.6523 3.375 13.7959 3.4043 13.9307 3.46289C14.0713 3.52148 14.1914 3.60352 14.291 3.70898C14.3965 3.80859 14.4785 3.92871 14.5371 4.06934C14.5957 4.2041 14.625 4.34766 14.625 4.5C14.625 4.6582 14.5957 4.80469 14.5371 4.93945C14.4785 5.07422 14.3965 5.19434 14.291 5.2998C14.1914 5.39941 14.0742 5.47852 13.9395 5.53711C13.8047 5.5957 13.6582 5.625 13.5 5.625C13.3418 5.625 13.1924 5.5957 13.0518 5.53711C12.917 5.47852 12.7998 5.39941 12.7002 5.2998C12.6006 5.2002 12.5215 5.08301 12.4629 4.94824C12.4043 4.80762 12.375 4.6582 12.375 4.5Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/kiosk.svg b/windows/security/images/icons/kiosk.svg
deleted file mode 100644
index f975677d19..0000000000
--- a/windows/security/images/icons/kiosk.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="14" height="18" viewBox="0 0 14 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M11.5615 -0.00878906C11.8545 -0.00878906 12.1328 0.0527344 12.3965 0.175781C12.666 0.292969 12.9004 0.454102 13.0996 0.65918C13.3047 0.858398 13.4658 1.09277 13.583 1.3623C13.7061 1.62598 13.7676 1.9043 13.7676 2.19727V7.91016C13.7676 8.21484 13.7061 8.50195 13.583 8.77148C13.46 9.03516 13.2959 9.2666 13.0908 9.46582C12.8857 9.66504 12.6455 9.82324 12.3701 9.94043C12.1006 10.0576 11.8164 10.1162 11.5176 10.1162H9.26758V16.8662H10.9551C11.1133 16.8662 11.2451 16.9219 11.3506 17.0332C11.4619 17.1387 11.5176 17.2705 11.5176 17.4287C11.5176 17.5811 11.4619 17.7129 11.3506 17.8242C11.2393 17.9355 11.1074 17.9912 10.9551 17.9912H3.08008C2.92773 17.9912 2.7959 17.9355 2.68457 17.8242C2.57324 17.7129 2.51758 17.5811 2.51758 17.4287C2.51758 17.2764 2.57324 17.1445 2.68457 17.0332C2.7959 16.9219 2.92773 16.8662 3.08008 16.8662H4.76758V10.1162H2.47363C2.18066 10.1162 1.89941 10.0576 1.62988 9.94043C1.36621 9.81738 1.13184 9.65625 0.926758 9.45703C0.727539 9.25195 0.566406 9.01758 0.443359 8.75391C0.326172 8.48438 0.267578 8.20312 0.267578 7.91016V2.19727C0.267578 1.9043 0.326172 1.62598 0.443359 1.3623C0.566406 1.09277 0.727539 0.858398 0.926758 0.65918C1.13184 0.454102 1.36621 0.292969 1.62988 0.175781C1.89941 0.0527344 2.18066 -0.00878906 2.47363 -0.00878906H11.5615ZM12.6426 2.24121C12.6426 2.08887 12.6133 1.94531 12.5547 1.81055C12.4961 1.66992 12.4141 1.5498 12.3086 1.4502C12.209 1.34473 12.0889 1.2627 11.9482 1.2041C11.8135 1.14551 11.6699 1.11621 11.5176 1.11621H2.51758C2.36523 1.11621 2.21875 1.14551 2.07812 1.2041C1.94336 1.2627 1.82324 1.34473 1.71777 1.4502C1.61816 1.5498 1.53906 1.66992 1.48047 1.81055C1.42188 1.94531 1.39258 2.08887 1.39258 2.24121V7.86621C1.39258 8.01855 1.42188 8.16211 1.48047 8.29688C1.54492 8.43164 1.62695 8.55176 1.72656 8.65723C1.83203 8.75684 1.95215 8.83887 2.08691 8.90332C2.22168 8.96191 2.36523 8.99121 2.51758 8.99121H11.5176C11.6699 8.99121 11.8135 8.96191 11.9482 8.90332C12.0889 8.84473 12.209 8.76562 12.3086 8.66602C12.4141 8.56055 12.4961 8.44043 12.5547 8.30566C12.6133 8.16504 12.6426 8.01855 12.6426 7.86621V2.24121ZM5.89258 16.8662H8.14258V10.1162H5.89258V16.8662Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/lock.svg b/windows/security/images/icons/lock.svg
deleted file mode 100644
index ccd1850fbb..0000000000
--- a/windows/security/images/icons/lock.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="14" height="18" viewBox="0 0 14 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M13.75 9V15.75C13.75 16.0605 13.6914 16.3535 13.5742 16.6289C13.457 16.8984 13.2959 17.1357 13.0908 17.3408C12.8857 17.5459 12.6455 17.707 12.3701 17.8242C12.1006 17.9414 11.8105 18 11.5 18H2.5C2.18945 18 1.89648 17.9414 1.62109 17.8242C1.35156 17.707 1.11426 17.5459 0.90918 17.3408C0.704102 17.1357 0.542969 16.8984 0.425781 16.6289C0.308594 16.3535 0.25 16.0605 0.25 15.75V9C0.25 8.68945 0.308594 8.39941 0.425781 8.12988C0.542969 7.85449 0.704102 7.61426 0.90918 7.40918C1.11426 7.2041 1.35156 7.04297 1.62109 6.92578C1.89648 6.80859 2.18945 6.75 2.5 6.75V4.5C2.5 3.87891 2.61719 3.2959 2.85156 2.75098C3.08594 2.2002 3.40527 1.72266 3.80957 1.31836C4.21973 0.908203 4.69727 0.585938 5.24219 0.351562C5.79297 0.117187 6.37891 0 7 0C7.62109 0 8.2041 0.117187 8.74902 0.351562C9.2998 0.585938 9.77734 0.908203 10.1816 1.31836C10.5918 1.72266 10.9141 2.2002 11.1484 2.75098C11.3828 3.2959 11.5 3.87891 11.5 4.5V6.75C11.8105 6.75 12.1006 6.80859 12.3701 6.92578C12.6455 7.04297 12.8857 7.2041 13.0908 7.40918C13.2959 7.61426 13.457 7.85449 13.5742 8.12988C13.6914 8.39941 13.75 8.68945 13.75 9ZM3.625 6.75H10.375V4.5C10.375 4.03125 10.2871 3.5918 10.1113 3.18164C9.93555 2.77148 9.69531 2.41406 9.39062 2.10938C9.08594 1.80469 8.72852 1.56445 8.31836 1.38867C7.9082 1.21289 7.46875 1.125 7 1.125C6.53125 1.125 6.0918 1.21289 5.68164 1.38867C5.27148 1.56445 4.91406 1.80469 4.60938 2.10938C4.30469 2.41406 4.06445 2.77148 3.88867 3.18164C3.71289 3.5918 3.625 4.03125 3.625 4.5V6.75ZM12.625 9C12.625 8.84766 12.5957 8.7041 12.5371 8.56934C12.4785 8.42871 12.3965 8.30859 12.291 8.20898C12.1914 8.10352 12.0713 8.02148 11.9307 7.96289C11.7959 7.9043 11.6523 7.875 11.5 7.875H2.5C2.3418 7.875 2.19531 7.9043 2.06055 7.96289C1.92578 8.02148 1.80566 8.10352 1.7002 8.20898C1.60059 8.30859 1.52148 8.42578 1.46289 8.56055C1.4043 8.69531 1.375 8.8418 1.375 9V15.75C1.375 15.9082 1.4043 16.0576 1.46289 16.1982C1.52148 16.333 1.60059 16.4502 1.7002 16.5498C1.7998 16.6494 1.91699 16.7285 2.05176 16.7871C2.19238 16.8457 2.3418 16.875 2.5 16.875H11.5C11.6582 16.875 11.8047 16.8457 11.9395 16.7871C12.0742 16.7285 12.1914 16.6494 12.291 16.5498C12.3965 16.4443 12.4785 16.3242 12.5371 16.1895C12.5957 16.0547 12.625 15.9082 12.625 15.75V9ZM8.125 12.375C8.125 12.5332 8.0957 12.6797 8.03711 12.8145C7.97852 12.9492 7.89648 13.0693 7.79102 13.1748C7.69141 13.2744 7.57422 13.3535 7.43945 13.4121C7.30469 13.4707 7.1582 13.5 7 13.5C6.8418 13.5 6.69238 13.4707 6.55176 13.4121C6.41699 13.3535 6.2998 13.2744 6.2002 13.1748C6.10059 13.0752 6.02148 12.958 5.96289 12.8232C5.9043 12.6826 5.875 12.5332 5.875 12.375C5.875 12.2168 5.9043 12.0703 5.96289 11.9355C6.02148 11.8008 6.10059 11.6836 6.2002 11.584C6.30566 11.4785 6.42578 11.3965 6.56055 11.3379C6.69531 11.2793 6.8418 11.25 7 11.25C7.15234 11.25 7.2959 11.2793 7.43066 11.3379C7.57129 11.3965 7.69141 11.4785 7.79102 11.584C7.89648 11.6836 7.97852 11.8037 8.03711 11.9443C8.0957 12.0791 8.125 12.2227 8.125 12.375Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/pin-code.svg b/windows/security/images/icons/pin-code.svg
deleted file mode 100644
index a5bfdc4148..0000000000
--- a/windows/security/images/icons/pin-code.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="12" height="16" viewBox="0 0 12 16" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M0.375 1.25C0.375 1.0918 0.404297 0.945312 0.462891 0.810547C0.521484 0.675781 0.600586 0.558594 0.700195 0.458984C0.805664 0.353516 0.925781 0.271484 1.06055 0.212891C1.19531 0.154297 1.3418 0.125 1.5 0.125C1.65234 0.125 1.7959 0.154297 1.93066 0.212891C2.07129 0.271484 2.19141 0.353516 2.29102 0.458984C2.39648 0.558594 2.47852 0.678711 2.53711 0.819336C2.5957 0.954102 2.625 1.09766 2.625 1.25C2.625 1.4082 2.5957 1.55469 2.53711 1.68945C2.47852 1.82422 2.39648 1.94434 2.29102 2.0498C2.19141 2.14941 2.07422 2.22852 1.93945 2.28711C1.80469 2.3457 1.6582 2.375 1.5 2.375C1.3418 2.375 1.19238 2.3457 1.05176 2.28711C0.916992 2.22852 0.799805 2.14941 0.700195 2.0498C0.600586 1.9502 0.521484 1.83301 0.462891 1.69824C0.404297 1.55762 0.375 1.4082 0.375 1.25ZM4.875 1.25C4.875 1.0918 4.9043 0.945312 4.96289 0.810547C5.02148 0.675781 5.10059 0.558594 5.2002 0.458984C5.30566 0.353516 5.42578 0.271484 5.56055 0.212891C5.69531 0.154297 5.8418 0.125 6 0.125C6.15234 0.125 6.2959 0.154297 6.43066 0.212891C6.57129 0.271484 6.69141 0.353516 6.79102 0.458984C6.89648 0.558594 6.97852 0.678711 7.03711 0.819336C7.0957 0.954102 7.125 1.09766 7.125 1.25C7.125 1.4082 7.0957 1.55469 7.03711 1.68945C6.97852 1.82422 6.89648 1.94434 6.79102 2.0498C6.69141 2.14941 6.57422 2.22852 6.43945 2.28711C6.30469 2.3457 6.1582 2.375 6 2.375C5.8418 2.375 5.69238 2.3457 5.55176 2.28711C5.41699 2.22852 5.2998 2.14941 5.2002 2.0498C5.10059 1.9502 5.02148 1.83301 4.96289 1.69824C4.9043 1.55762 4.875 1.4082 4.875 1.25ZM9.375 1.25C9.375 1.0918 9.4043 0.945312 9.46289 0.810547C9.52148 0.675781 9.60059 0.558594 9.7002 0.458984C9.80566 0.353516 9.92578 0.271484 10.0605 0.212891C10.1953 0.154297 10.3418 0.125 10.5 0.125C10.6523 0.125 10.7959 0.154297 10.9307 0.212891C11.0713 0.271484 11.1914 0.353516 11.291 0.458984C11.3965 0.558594 11.4785 0.678711 11.5371 0.819336C11.5957 0.954102 11.625 1.09766 11.625 1.25C11.625 1.4082 11.5957 1.55469 11.5371 1.68945C11.4785 1.82422 11.3965 1.94434 11.291 2.0498C11.1914 2.14941 11.0742 2.22852 10.9395 2.28711C10.8047 2.3457 10.6582 2.375 10.5 2.375C10.3418 2.375 10.1924 2.3457 10.0518 2.28711C9.91699 2.22852 9.7998 2.14941 9.7002 2.0498C9.60059 1.9502 9.52148 1.83301 9.46289 1.69824C9.4043 1.55762 9.375 1.4082 9.375 1.25ZM0.375 5.75C0.375 5.5918 0.404297 5.44531 0.462891 5.31055C0.521484 5.17578 0.600586 5.05859 0.700195 4.95898C0.805664 4.85352 0.925781 4.77148 1.06055 4.71289C1.19531 4.6543 1.3418 4.625 1.5 4.625C1.65234 4.625 1.7959 4.6543 1.93066 4.71289C2.07129 4.77148 2.19141 4.85352 2.29102 4.95898C2.39648 5.05859 2.47852 5.17871 2.53711 5.31934C2.5957 5.4541 2.625 5.59766 2.625 5.75C2.625 5.9082 2.5957 6.05469 2.53711 6.18945C2.47852 6.32422 2.39648 6.44434 2.29102 6.5498C2.19141 6.64941 2.07422 6.72852 1.93945 6.78711C1.80469 6.8457 1.6582 6.875 1.5 6.875C1.3418 6.875 1.19238 6.8457 1.05176 6.78711C0.916992 6.72852 0.799805 6.64941 0.700195 6.5498C0.600586 6.4502 0.521484 6.33301 0.462891 6.19824C0.404297 6.05762 0.375 5.9082 0.375 5.75ZM4.875 5.75C4.875 5.5918 4.9043 5.44531 4.96289 5.31055C5.02148 5.17578 5.10059 5.05859 5.2002 4.95898C5.30566 4.85352 5.42578 4.77148 5.56055 4.71289C5.69531 4.6543 5.8418 4.625 6 4.625C6.15234 4.625 6.2959 4.6543 6.43066 4.71289C6.57129 4.77148 6.69141 4.85352 6.79102 4.95898C6.89648 5.05859 6.97852 5.17871 7.03711 5.31934C7.0957 5.4541 7.125 5.59766 7.125 5.75C7.125 5.9082 7.0957 6.05469 7.03711 6.18945C6.97852 6.32422 6.89648 6.44434 6.79102 6.5498C6.69141 6.64941 6.57422 6.72852 6.43945 6.78711C6.30469 6.8457 6.1582 6.875 6 6.875C5.8418 6.875 5.69238 6.8457 5.55176 6.78711C5.41699 6.72852 5.2998 6.64941 5.2002 6.5498C5.10059 6.4502 5.02148 6.33301 4.96289 6.19824C4.9043 6.05762 4.875 5.9082 4.875 5.75ZM9.375 5.75C9.375 5.5918 9.4043 5.44531 9.46289 5.31055C9.52148 5.17578 9.60059 5.05859 9.7002 4.95898C9.80566 4.85352 9.92578 4.77148 10.0605 4.71289C10.1953 4.6543 10.3418 4.625 10.5 4.625C10.6523 4.625 10.7959 4.6543 10.9307 4.71289C11.0713 4.77148 11.1914 4.85352 11.291 4.95898C11.3965 5.05859 11.4785 5.17871 11.5371 5.31934C11.5957 5.4541 11.625 5.59766 11.625 5.75C11.625 5.9082 11.5957 6.05469 11.5371 6.18945C11.4785 6.32422 11.3965 6.44434 11.291 6.5498C11.1914 6.64941 11.0742 6.72852 10.9395 6.78711C10.8047 6.8457 10.6582 6.875 10.5 6.875C10.3418 6.875 10.1924 6.8457 10.0518 6.78711C9.91699 6.72852 9.7998 6.64941 9.7002 6.5498C9.60059 6.4502 9.52148 6.33301 9.46289 6.19824C9.4043 6.05762 9.375 5.9082 9.375 5.75ZM0.375 10.25C0.375 10.0918 0.404297 9.94531 0.462891 9.81055C0.521484 9.67578 0.600586 9.55859 0.700195 9.45898C0.805664 9.35352 0.925781 9.27148 1.06055 9.21289C1.19531 9.1543 1.3418 9.125 1.5 9.125C1.65234 9.125 1.7959 9.1543 1.93066 9.21289C2.07129 9.27148 2.19141 9.35352 2.29102 9.45898C2.39648 9.55859 2.47852 9.67871 2.53711 9.81934C2.5957 9.9541 2.625 10.0977 2.625 10.25C2.625 10.4082 2.5957 10.5547 2.53711 10.6895C2.47852 10.8242 2.39648 10.9443 2.29102 11.0498C2.19141 11.1494 2.07422 11.2285 1.93945 11.2871C1.80469 11.3457 1.6582 11.375 1.5 11.375C1.3418 11.375 1.19238 11.3457 1.05176 11.2871C0.916992 11.2285 0.799805 11.1494 0.700195 11.0498C0.600586 10.9502 0.521484 10.833 0.462891 10.6982C0.404297 10.5576 0.375 10.4082 0.375 10.25ZM4.875 10.25C4.875 10.0918 4.9043 9.94531 4.96289 9.81055C5.02148 9.67578 5.10059 9.55859 5.2002 9.45898C5.30566 9.35352 5.42578 9.27148 5.56055 9.21289C5.69531 9.1543 5.8418 9.125 6 9.125C6.15234 9.125 6.2959 9.1543 6.43066 9.21289C6.57129 9.27148 6.69141 9.35352 6.79102 9.45898C6.89648 9.55859 6.97852 9.67871 7.03711 9.81934C7.0957 9.9541 7.125 10.0977 7.125 10.25C7.125 10.4082 7.0957 10.5547 7.03711 10.6895C6.97852 10.8242 6.89648 10.9443 6.79102 11.0498C6.69141 11.1494 6.57422 11.2285 6.43945 11.2871C6.30469 11.3457 6.1582 11.375 6 11.375C5.8418 11.375 5.69238 11.3457 5.55176 11.2871C5.41699 11.2285 5.2998 11.1494 5.2002 11.0498C5.10059 10.9502 5.02148 10.833 4.96289 10.6982C4.9043 10.5576 4.875 10.4082 4.875 10.25ZM9.375 10.25C9.375 10.0918 9.4043 9.94531 9.46289 9.81055C9.52148 9.67578 9.60059 9.55859 9.7002 9.45898C9.80566 9.35352 9.92578 9.27148 10.0605 9.21289C10.1953 9.1543 10.3418 9.125 10.5 9.125C10.6523 9.125 10.7959 9.1543 10.9307 9.21289C11.0713 9.27148 11.1914 9.35352 11.291 9.45898C11.3965 9.55859 11.4785 9.67871 11.5371 9.81934C11.5957 9.9541 11.625 10.0977 11.625 10.25C11.625 10.4082 11.5957 10.5547 11.5371 10.6895C11.4785 10.8242 11.3965 10.9443 11.291 11.0498C11.1914 11.1494 11.0742 11.2285 10.9395 11.2871C10.8047 11.3457 10.6582 11.375 10.5 11.375C10.3418 11.375 10.1924 11.3457 10.0518 11.2871C9.91699 11.2285 9.7998 11.1494 9.7002 11.0498C9.60059 10.9502 9.52148 10.833 9.46289 10.6982C9.4043 10.5576 9.375 10.4082 9.375 10.25ZM4.875 14.75C4.875 14.5918 4.9043 14.4453 4.96289 14.3105C5.02148 14.1758 5.10059 14.0586 5.2002 13.959C5.30566 13.8535 5.42578 13.7715 5.56055 13.7129C5.69531 13.6543 5.8418 13.625 6 13.625C6.15234 13.625 6.2959 13.6543 6.43066 13.7129C6.57129 13.7715 6.69141 13.8535 6.79102 13.959C6.89648 14.0586 6.97852 14.1787 7.03711 14.3193C7.0957 14.4541 7.125 14.5977 7.125 14.75C7.125 14.9082 7.0957 15.0547 7.03711 15.1895C6.97852 15.3242 6.89648 15.4443 6.79102 15.5498C6.69141 15.6494 6.57422 15.7285 6.43945 15.7871C6.30469 15.8457 6.1582 15.875 6 15.875C5.8418 15.875 5.69238 15.8457 5.55176 15.7871C5.41699 15.7285 5.2998 15.6494 5.2002 15.5498C5.10059 15.4502 5.02148 15.333 4.96289 15.1982C4.9043 15.0576 4.875 14.9082 4.875 14.75Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/sc.svg b/windows/security/images/icons/sc.svg
deleted file mode 100644
index d1924ffebb..0000000000
--- a/windows/security/images/icons/sc.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="18" height="14" viewBox="0 0 18 14" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M14.6953 0.25C15.1348 0.25 15.5537 0.34082 15.9521 0.522461C16.3564 0.698242 16.708 0.938477 17.0068 1.24316C17.3115 1.54199 17.5518 1.89355 17.7275 2.29785C17.9092 2.69629 18 3.11523 18 3.55469V10.4453C18 10.8848 17.9092 11.3066 17.7275 11.7109C17.5518 12.1094 17.3115 12.4609 17.0068 12.7656C16.708 13.0645 16.3564 13.3047 15.9521 13.4863C15.5537 13.6621 15.1348 13.75 14.6953 13.75H3.30469C2.86523 13.75 2.44336 13.6621 2.03906 13.4863C1.64062 13.3047 1.28906 13.0645 0.984375 12.7656C0.685547 12.4609 0.445312 12.1094 0.263672 11.7109C0.0878906 11.3066 0 10.8848 0 10.4453V3.55469C0 3.11523 0.0878906 2.69629 0.263672 2.29785C0.445312 1.89355 0.685547 1.54199 0.984375 1.24316C1.28906 0.938477 1.64062 0.698242 2.03906 0.522461C2.44336 0.34082 2.86523 0.25 3.30469 0.25H14.6953ZM16.875 3.58105C16.875 3.28809 16.8135 3.00977 16.6904 2.74609C16.5732 2.47656 16.4121 2.24219 16.207 2.04297C16.0078 1.83789 15.7734 1.67676 15.5039 1.55957C15.2402 1.43652 14.9619 1.375 14.6689 1.375H3.33105C3.03809 1.375 2.75684 1.43652 2.4873 1.55957C2.22363 1.67676 1.98926 1.83789 1.78418 2.04297C1.58496 2.24219 1.42383 2.47656 1.30078 2.74609C1.18359 3.00977 1.125 3.28809 1.125 3.58105V10.4189C1.125 10.7119 1.18359 10.9932 1.30078 11.2627C1.42383 11.5264 1.58496 11.7607 1.78418 11.9658C1.98926 12.165 2.22363 12.3262 2.4873 12.4492C2.75684 12.5664 3.03809 12.625 3.33105 12.625H14.6689C14.9619 12.625 15.2402 12.5664 15.5039 12.4492C15.7734 12.3262 16.0078 12.165 16.207 11.9658C16.4121 11.7607 16.5732 11.5264 16.6904 11.2627C16.8135 10.9932 16.875 10.7119 16.875 10.4189V3.58105ZM12.9375 3.625C13.166 3.625 13.3828 3.66895 13.5879 3.75684C13.793 3.84473 13.9717 3.96777 14.124 4.12598C14.2822 4.27832 14.4053 4.45703 14.4932 4.66211C14.5811 4.86719 14.625 5.08398 14.625 5.3125V8.6875C14.625 8.91602 14.5811 9.13281 14.4932 9.33789C14.4053 9.54297 14.2822 9.72461 14.124 9.88281C13.9717 10.0352 13.793 10.1553 13.5879 10.2432C13.3828 10.3311 13.166 10.375 12.9375 10.375H9.5625C9.33398 10.375 9.11719 10.3311 8.91211 10.2432C8.70703 10.1553 8.52539 10.0352 8.36719 9.88281C8.21484 9.72461 8.09473 9.54297 8.00684 9.33789C7.91895 9.13281 7.875 8.91602 7.875 8.6875V5.3125C7.875 5.08398 7.91895 4.86719 8.00684 4.66211C8.09473 4.45703 8.21484 4.27832 8.36719 4.12598C8.52539 3.96777 8.70703 3.84473 8.91211 3.75684C9.11719 3.66895 9.33398 3.625 9.5625 3.625H12.9375ZM9.5625 4.75C9.41016 4.75 9.27832 4.80566 9.16699 4.91699C9.05566 5.02832 9 5.16016 9 5.3125V5.875H13.5V5.3125C13.5 5.16016 13.4443 5.02832 13.333 4.91699C13.2217 4.80566 13.0898 4.75 12.9375 4.75H9.5625ZM9 8.6875C9 8.83984 9.05566 8.97168 9.16699 9.08301C9.27832 9.19434 9.41016 9.25 9.5625 9.25H10.125V7H9V8.6875ZM12.9375 9.25C13.0898 9.25 13.2217 9.19434 13.333 9.08301C13.4443 8.97168 13.5 8.83984 13.5 8.6875V7H11.25V9.25H12.9375Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/subscription.svg b/windows/security/images/icons/subscription.svg
deleted file mode 100644
index ce4771b082..0000000000
--- a/windows/security/images/icons/subscription.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M16.875 15.1875C16.875 15.3398 16.8193 15.4717 16.708 15.583L14.458 17.833C14.3467 17.9443 14.2148 18 14.0625 18C13.9102 18 13.7783 17.9443 13.667 17.833C13.5557 17.7217 13.5 17.5898 13.5 17.4375C13.5 17.2852 13.5557 17.1533 13.667 17.042L14.959 15.75H3.87598C3.50684 15.75 3.15527 15.6768 2.82129 15.5303C2.4873 15.3838 2.19727 15.1846 1.95117 14.9326C1.70508 14.6807 1.50586 14.3877 1.35352 14.0537C1.20117 13.7197 1.125 13.3682 1.125 12.999V3.87598C1.125 3.50684 1.19824 3.15527 1.34473 2.82129C1.49121 2.4873 1.69043 2.19727 1.94238 1.95117C2.19434 1.70508 2.4873 1.50586 2.82129 1.35352C3.15527 1.20117 3.50684 1.125 3.87598 1.125H12.999C13.3682 1.125 13.7197 1.19824 14.0537 1.34473C14.3877 1.49121 14.6777 1.69043 14.9238 1.94238C15.1699 2.19434 15.3691 2.4873 15.5215 2.82129C15.6738 3.15527 15.75 3.50684 15.75 3.87598V10.6875C15.75 10.8398 15.6943 10.9717 15.583 11.083C15.4717 11.1943 15.3398 11.25 15.1875 11.25C15.0352 11.25 14.9033 11.1943 14.792 11.083C14.6807 10.9717 14.625 10.8398 14.625 10.6875V3.9375C14.625 3.70898 14.5811 3.49219 14.4932 3.28711C14.4053 3.08203 14.2852 2.90332 14.1328 2.75098C13.9805 2.59863 13.7988 2.47559 13.5879 2.38184C13.377 2.28809 13.1602 2.24414 12.9375 2.25H3.9375C3.70898 2.25 3.49219 2.29395 3.28711 2.38184C3.08203 2.46973 2.90332 2.58984 2.75098 2.74219C2.59863 2.89453 2.47559 3.07617 2.38184 3.28711C2.28809 3.49805 2.24414 3.71484 2.25 3.9375V12.9375C2.25 13.166 2.29395 13.3828 2.38184 13.5879C2.46973 13.793 2.58984 13.9717 2.74219 14.124C2.89453 14.2764 3.07617 14.3994 3.28711 14.4932C3.49805 14.5869 3.71484 14.6309 3.9375 14.625H14.959L13.667 13.333C13.5557 13.2217 13.5 13.0898 13.5 12.9375C13.5 12.7852 13.5557 12.6533 13.667 12.542C13.7783 12.4307 13.9102 12.375 14.0625 12.375C14.2148 12.375 14.3467 12.4307 14.458 12.542L16.708 14.792C16.8193 14.9033 16.875 15.0352 16.875 15.1875ZM11.8125 4.5C11.9648 4.5 12.0967 4.55566 12.208 4.66699C12.3193 4.77832 12.375 4.91016 12.375 5.0625C12.375 5.21484 12.3193 5.34668 12.208 5.45801C12.0967 5.56934 11.9648 5.625 11.8125 5.625H5.0625C4.91016 5.625 4.77832 5.56934 4.66699 5.45801C4.55566 5.34668 4.5 5.21484 4.5 5.0625C4.5 4.91016 4.55566 4.77832 4.66699 4.66699C4.77832 4.55566 4.91016 4.5 5.0625 4.5H11.8125ZM11.8125 7.875C11.9648 7.875 12.0967 7.93066 12.208 8.04199C12.3193 8.15332 12.375 8.28516 12.375 8.4375C12.375 8.58984 12.3193 8.72168 12.208 8.83301C12.0967 8.94434 11.9648 9 11.8125 9H5.0625C4.91016 9 4.77832 8.94434 4.66699 8.83301C4.55566 8.72168 4.5 8.58984 4.5 8.4375C4.5 8.28516 4.55566 8.15332 4.66699 8.04199C4.77832 7.93066 4.91016 7.875 5.0625 7.875H11.8125Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/images/icons/vsc.svg b/windows/security/images/icons/vsc.svg
deleted file mode 100644
index cbf23de89e..0000000000
--- a/windows/security/images/icons/vsc.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="17" height="14" viewBox="0 0 17 14" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M14.625 1.375H14.6689C14.9619 1.375 15.2402 1.43652 15.5039 1.55957C15.7734 1.67676 16.0078 1.83789 16.207 2.04297C16.4121 2.24219 16.5732 2.47656 16.6904 2.74609C16.8135 3.00977 16.875 3.28809 16.875 3.58105V10.4189C16.875 10.7061 16.8164 10.9844 16.6992 11.2539C16.582 11.5176 16.4209 11.752 16.2158 11.957C16.0166 12.1562 15.7852 12.3174 15.5215 12.4404C15.2578 12.5635 14.9824 12.625 14.6953 12.625H14.625V12.9238C14.625 13.0234 14.6191 13.123 14.6074 13.2227C14.5957 13.3164 14.5693 13.4043 14.5283 13.4863C14.4932 13.5625 14.4375 13.627 14.3613 13.6797C14.291 13.7266 14.1914 13.75 14.0625 13.75C13.9336 13.75 13.8311 13.7266 13.7549 13.6797C13.6787 13.627 13.6201 13.5625 13.5791 13.4863C13.5439 13.4043 13.5205 13.3164 13.5088 13.2227C13.4971 13.123 13.4912 13.0234 13.4912 12.9238C13.4912 12.8711 13.4912 12.8213 13.4912 12.7744C13.4971 12.7217 13.5 12.6719 13.5 12.625H12.375V12.9238C12.375 13.0234 12.3691 13.123 12.3574 13.2227C12.3457 13.3164 12.3193 13.4043 12.2783 13.4863C12.2432 13.5625 12.1875 13.627 12.1113 13.6797C12.041 13.7266 11.9414 13.75 11.8125 13.75C11.6836 13.75 11.5811 13.7266 11.5049 13.6797C11.4287 13.627 11.3701 13.5625 11.3291 13.4863C11.2939 13.4043 11.2705 13.3164 11.2588 13.2227C11.2471 13.123 11.2412 13.0234 11.2412 12.9238C11.2412 12.8711 11.2412 12.8213 11.2412 12.7744C11.2471 12.7217 11.25 12.6719 11.25 12.625H10.125V12.9238C10.125 13.0234 10.1191 13.123 10.1074 13.2227C10.0957 13.3164 10.0693 13.4043 10.0283 13.4863C9.99316 13.5625 9.9375 13.627 9.86133 13.6797C9.79102 13.7266 9.69141 13.75 9.5625 13.75C9.43359 13.75 9.33105 13.7266 9.25488 13.6797C9.17871 13.627 9.12012 13.5625 9.0791 13.4863C9.04395 13.4043 9.02051 13.3164 9.00879 13.2227C8.99707 13.123 8.99121 13.0234 8.99121 12.9238C8.99121 12.8711 8.99121 12.8213 8.99121 12.7744C8.99707 12.7217 9 12.6719 9 12.625H7.875V12.9238C7.875 13.0234 7.86914 13.123 7.85742 13.2227C7.8457 13.3164 7.81934 13.4043 7.77832 13.4863C7.74316 13.5625 7.6875 13.627 7.61133 13.6797C7.54102 13.7266 7.44141 13.75 7.3125 13.75C7.18359 13.75 7.08105 13.7266 7.00488 13.6797C6.92871 13.627 6.87012 13.5625 6.8291 13.4863C6.79395 13.4043 6.77051 13.3164 6.75879 13.2227C6.74707 13.123 6.74121 13.0234 6.74121 12.9238C6.74121 12.8711 6.74121 12.8213 6.74121 12.7744C6.74707 12.7217 6.75 12.6719 6.75 12.625H5.625V12.9238C5.625 13.0234 5.61914 13.123 5.60742 13.2227C5.5957 13.3164 5.56934 13.4043 5.52832 13.4863C5.49316 13.5625 5.4375 13.627 5.36133 13.6797C5.29102 13.7266 5.19141 13.75 5.0625 13.75C4.93359 13.75 4.83105 13.7266 4.75488 13.6797C4.67871 13.627 4.62012 13.5625 4.5791 13.4863C4.54395 13.4043 4.52051 13.3164 4.50879 13.2227C4.49707 13.123 4.49121 13.0234 4.49121 12.9238C4.49121 12.8711 4.49121 12.8213 4.49121 12.7744C4.49707 12.7217 4.5 12.6719 4.5 12.625H3.375V12.9238C3.375 13.0234 3.36914 13.123 3.35742 13.2227C3.3457 13.3164 3.31934 13.4043 3.27832 13.4863C3.24316 13.5625 3.1875 13.627 3.11133 13.6797C3.04102 13.7266 2.94141 13.75 2.8125 13.75C2.68359 13.75 2.58105 13.7266 2.50488 13.6797C2.42871 13.627 2.37012 13.5625 2.3291 13.4863C2.29395 13.4043 2.27051 13.3164 2.25879 13.2227C2.24707 13.123 2.24121 13.0234 2.24121 12.9238C2.24121 12.8711 2.24121 12.8213 2.24121 12.7744C2.24707 12.7217 2.25 12.6719 2.25 12.625H2.20605C1.91309 12.625 1.63184 12.5664 1.3623 12.4492C1.09863 12.3262 0.864258 12.165 0.65918 11.9658C0.459961 11.7607 0.298828 11.5264 0.175781 11.2627C0.0585938 10.9932 0 10.7119 0 10.4189V3.58105C0 3.29395 0.0585938 3.01855 0.175781 2.75488C0.292969 2.49121 0.451172 2.25684 0.650391 2.05176C0.855469 1.84668 1.08691 1.68262 1.34473 1.55957C1.6084 1.43652 1.88672 1.375 2.17969 1.375H2.25C2.25 1.32813 2.24707 1.28125 2.24121 1.23438C2.24121 1.18164 2.24121 1.12891 2.24121 1.07617C2.24121 0.976563 2.24707 0.879883 2.25879 0.786133C2.27051 0.686523 2.29395 0.598633 2.3291 0.522461C2.37012 0.44043 2.42871 0.375977 2.50488 0.329102C2.58105 0.276367 2.68359 0.25 2.8125 0.25C2.94141 0.25 3.04102 0.276367 3.11133 0.329102C3.1875 0.375977 3.24316 0.44043 3.27832 0.522461C3.31934 0.598633 3.3457 0.686523 3.35742 0.786133C3.36914 0.879883 3.375 0.976563 3.375 1.07617V1.375H4.5C4.5 1.32813 4.49707 1.28125 4.49121 1.23438C4.49121 1.18164 4.49121 1.12891 4.49121 1.07617C4.49121 0.976563 4.49707 0.879883 4.50879 0.786133C4.52051 0.686523 4.54395 0.598633 4.5791 0.522461C4.62012 0.44043 4.67871 0.375977 4.75488 0.329102C4.83105 0.276367 4.93359 0.25 5.0625 0.25C5.19141 0.25 5.29102 0.276367 5.36133 0.329102C5.4375 0.375977 5.49316 0.44043 5.52832 0.522461C5.56934 0.598633 5.5957 0.686523 5.60742 0.786133C5.61914 0.879883 5.625 0.976563 5.625 1.07617V1.375H6.75C6.75 1.32813 6.74707 1.28125 6.74121 1.23438C6.74121 1.18164 6.74121 1.12891 6.74121 1.07617C6.74121 0.976563 6.74707 0.879883 6.75879 0.786133C6.77051 0.686523 6.79395 0.598633 6.8291 0.522461C6.87012 0.44043 6.92871 0.375977 7.00488 0.329102C7.08105 0.276367 7.18359 0.25 7.3125 0.25C7.44141 0.25 7.54102 0.276367 7.61133 0.329102C7.6875 0.375977 7.74316 0.44043 7.77832 0.522461C7.81934 0.598633 7.8457 0.686523 7.85742 0.786133C7.86914 0.879883 7.875 0.976563 7.875 1.07617V1.375H9C9 1.32813 8.99707 1.28125 8.99121 1.23438C8.99121 1.18164 8.99121 1.12891 8.99121 1.07617C8.99121 0.976563 8.99707 0.879883 9.00879 0.786133C9.02051 0.686523 9.04395 0.598633 9.0791 0.522461C9.12012 0.44043 9.17871 0.375977 9.25488 0.329102C9.33105 0.276367 9.43359 0.25 9.5625 0.25C9.69141 0.25 9.79102 0.276367 9.86133 0.329102C9.9375 0.375977 9.99316 0.44043 10.0283 0.522461C10.0693 0.598633 10.0957 0.686523 10.1074 0.786133C10.1191 0.879883 10.125 0.976563 10.125 1.07617V1.375H11.25C11.25 1.32813 11.2471 1.28125 11.2412 1.23438C11.2412 1.18164 11.2412 1.12891 11.2412 1.07617C11.2412 0.976563 11.2471 0.879883 11.2588 0.786133C11.2705 0.686523 11.2939 0.598633 11.3291 0.522461C11.3701 0.44043 11.4287 0.375977 11.5049 0.329102C11.5811 0.276367 11.6836 0.25 11.8125 0.25C11.9414 0.25 12.041 0.276367 12.1113 0.329102C12.1875 0.375977 12.2432 0.44043 12.2783 0.522461C12.3193 0.598633 12.3457 0.686523 12.3574 0.786133C12.3691 0.879883 12.375 0.976563 12.375 1.07617V1.375H13.5C13.5 1.32813 13.4971 1.28125 13.4912 1.23438C13.4912 1.18164 13.4912 1.12891 13.4912 1.07617C13.4912 0.976563 13.4971 0.879883 13.5088 0.786133C13.5205 0.686523 13.5439 0.598633 13.5791 0.522461C13.6201 0.44043 13.6787 0.375977 13.7549 0.329102C13.8311 0.276367 13.9336 0.25 14.0625 0.25C14.1914 0.25 14.291 0.276367 14.3613 0.329102C14.4375 0.375977 14.4932 0.44043 14.5283 0.522461C14.5693 0.598633 14.5957 0.686523 14.6074 0.786133C14.6191 0.879883 14.625 0.976563 14.625 1.07617V1.375ZM15.75 3.625C15.75 3.47266 15.7207 3.3291 15.6621 3.19434C15.6035 3.05371 15.5215 2.93359 15.416 2.83398C15.3164 2.72852 15.1963 2.64648 15.0557 2.58789C14.9209 2.5293 14.7773 2.5 14.625 2.5H2.25C2.0918 2.5 1.94531 2.5293 1.81055 2.58789C1.67578 2.64648 1.55566 2.72852 1.4502 2.83398C1.35059 2.93359 1.27148 3.05078 1.21289 3.18555C1.1543 3.32031 1.125 3.4668 1.125 3.625V10.375C1.125 10.5332 1.1543 10.6826 1.21289 10.8232C1.27148 10.958 1.35059 11.0752 1.4502 11.1748C1.5498 11.2744 1.66699 11.3535 1.80176 11.4121C1.94238 11.4707 2.0918 11.5 2.25 11.5H14.625C14.7832 11.5 14.9297 11.4707 15.0645 11.4121C15.1992 11.3535 15.3164 11.2744 15.416 11.1748C15.5215 11.0693 15.6035 10.9492 15.6621 10.8145C15.7207 10.6797 15.75 10.5332 15.75 10.375V3.625ZM14.0625 3.625C14.2148 3.625 14.3467 3.68066 14.458 3.79199C14.5693 3.90332 14.625 4.03516 14.625 4.1875V9.8125C14.625 9.96484 14.5693 10.0967 14.458 10.208C14.3467 10.3193 14.2148 10.375 14.0625 10.375H2.8125C2.66016 10.375 2.52832 10.3193 2.41699 10.208C2.30566 10.0967 2.25 9.96484 2.25 9.8125V4.1875C2.25 4.03516 2.30566 3.90332 2.41699 3.79199C2.52832 3.68066 2.66016 3.625 2.8125 3.625H14.0625ZM3.375 9.25H13.5V4.75H3.375V9.25Z" fill="#0883D9"/>
-</svg>
diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md
index cf4028ac1c..150cffe43f 100644
--- a/windows/security/includes/mdag-edge-deprecation-notice.md
+++ b/windows/security/includes/mdag-edge-deprecation-notice.md
@@ -1,10 +1,10 @@
 ---
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 04/23/2024
+ms.date: 07/11/2024
 ms.topic: include
 ---
 
 > [!NOTE]
 > - Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities.
-> - Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated [Windows Store app](https://apps.microsoft.com/detail/9N8GNLC8Z9C8) will not be available after May 2024. This affects the following browsers: [*Application Guard Extension - Chrome*](https://chromewebstore.google.com/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj) and [*Application Guard Extension - Firefox*](https://addons.mozilla.org/firefox/addon/application-guard-extension/). If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard).<!--8932292--> 
\ No newline at end of file
+> - Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding browser extensions and associated Windows Store app are no longer available. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard).<!--8932292-->
\ No newline at end of file
diff --git a/windows/security/index.yml b/windows/security/index.yml
index afb32d0f77..9553388f93 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -7,7 +7,6 @@ metadata:
   ms.topic: landing-page
   ms.collection:
     - tier1
-    - essentials-navigation
   author: paolomatarazzo
   ms.author: paoloma
   manager: aaroncz
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
deleted file mode 100644
index 3db313bdd3..0000000000
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) 
-description: Learn how unenlightened and enlightened apps might behave, based on Windows Information Protection (WIP) network policies, app configuration, and other criteria
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
-ms.reviewer: 
----
-
-# Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Windows Information Protection (WIP) classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data is encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or people will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default.
-
-To avoid the automatic encryption of data, developers can enlighten apps by adding and compiling code using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that:
-
-- Don't use common controls for saving files.
-- Don't use common controls for text boxes.
-- Simultaneously work on personal and corporate data (for example, contact apps that display personal and corporate data in a single view or a browser that displays personal and corporate web pages on tabs within a single instance).
-
-We strongly suggest that the only unenlightened apps you add to your allowed apps list are Line-of-Business (LOB) apps.
-
-> [!IMPORTANT]
-> After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted. For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center.
-
-## Unenlightened app behavior
-This table includes info about how unenlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames.
-
-|App rule setting|Networking policy configuration|
-|--- |--- |
-|**Not required.** App connects to enterprise cloud resources directly, using an IP address.| **Name-based policies, without the `/*AppCompat*/` string:**<li>App is entirely blocked from both personal and enterprise cloud resources.<li>No encryption is applied.<li>App can't access local Work files.<br/><br/>**Name-based policies, using the `/*AppCompat*/` string or proxy-based policies:**<li>App can access both personal and enterprise cloud resources. However, you might encounter apps using policies that restrict access to enterprise cloud resources.<li>No encryption is applied.<li>App can't access local Work files.|
-|**Not required.** App connects to enterprise cloud resources, using a hostname.|<li>App is blocked from accessing enterprise cloud resources, but can access other network resources.<li>No encryption is applied.<li>App can't access local Work files.|
-|**Allow.** App connects to enterprise cloud resources, using an IP address or a hostname.|<li>App can access both personal and enterprise cloud resources.<li>Auto-encryption is applied.<li>App can access local Work files.|
-|**Exempt.** App connects to enterprise cloud resources, using an IP address or a hostname.|<li>App can access both personal and enterprise cloud resources.<li>No encryption is applied.<li>App can access local Work files.|
-
-## Enlightened app behavior
-This table includes info about how enlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames.
-
-|App rule setting|Networking policy configuration for name-based policies, possibly using the /&#42;AppCompat&#42;/ string, or proxy-based policies|
-|--- |--- |
-|**Not required.** App connects to enterprise cloud resources, using an IP address or a hostname.|<li>App is blocked from accessing enterprise cloud resources, but can access other network resources.<li> No encryption is applied.<li> App can't access local Work files.|
-|**Allow.** App connects to enterprise cloud resources, using an IP address or a hostname.|<li>App can access both personal and enterprise cloud resources.<li> App protects work data and leaves personal data unprotected.<li> App can access local Work files.|
-|**Exempt.** App connects to enterprise cloud resources, using an IP address or a hostname.|<li>App can access both personal and enterprise cloud resources.<li> App protects work data and leaves personal data unprotected.<li> App can access local Work files.|
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
deleted file mode 100644
index 3d7152aa4c..0000000000
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ /dev/null
@@ -1,205 +0,0 @@
----
-title: How to collect Windows Information Protection (WIP) audit event logs 
-description: How to collect & understand Windows Information Protection audit event logs via the Reporting configuration service provider (CSP) or Windows Event Forwarding.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
-ms.reviewer: 
----
-
-# How to collect Windows Information Protection (WIP) audit event logs
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Windows Information Protection (WIP) creates audit events in the following situations:
-
-- If an employee changes the File ownership for a file from **Work** to **Personal**.
-
-- If data is marked as **Work**, but shared to a personal app or webpage. For example, through copying and pasting, dragging and dropping, sharing a contact, uploading to a personal webpage, or if the user grants a personal app provides temporary access to a work file.
-
-- If an app has custom audit events.
-
-## Collect WIP audit logs by using the Reporting configuration service provider (CSP)
-Collect the WIP audit logs from your employee's devices by following the guidance provided by the [Reporting configuration service provider (CSP)](/windows/client-management/mdm/reporting-csp) documentation. This topic provides info about the actual audit events.
-
->[!Note]
->The **Data** element in the response includes the requested audit logs in an XML-encoded format.
-    
-### User element and attributes
-This table includes all available attributes for the **User** element.
-
-|Attribute |Value type |Description |
-|----------|-----------|------------|
-|UserID |String |The security identifier (SID) of the user corresponding to this audit report. |
-|EnterpriseID |String |The enterprise ID corresponding to this audit report. |
-
-### Log element and attributes
-This table includes all available attributes/elements for the **Log** element. The response can contain zero (0) or more **Log** elements. 
-
-|Attribute/Element |Value type |Description |
-|----------|-----------|------------|
-|ProviderType |String |This is always **EDPAudit**. |
-|LogType |String |Includes:<ul><li>**DataCopied.** Work data is copied or shared to a personal location.</li><li>**ProtectionRemoved.** Windows Information Protection is removed from a Work-defined file.</li><li>**ApplicationGenerated.** A custom audit log provided by an app.</li></ul>|
-|TimeStamp |Int |Uses the [FILETIME structure](/windows/win32/api/minwinbase/ns-minwinbase-filetime) to represent the time that the event happened. |
-|Policy |String |How the work data was shared to the personal location:<ul><li>**CopyPaste.** Work data was pasted into a personal location or app.</li><li>**ProtectionRemoved.** Work data was changed to be unprotected.</li><li>**DragDrop.** Work data was dropped into a personal location or app.</li><li>**Share.** Work data was shared with a personal location or app.</li><li>**NULL.** Any other way work data could be made personal beyond the options above. For example, when a work file is opened using a personal application (also known as, temporary access).</li></ul> |
-|Justification |String |Not implemented. This will always be either blank or NULL.<br><br>**Note**<br>Reserved for future use to collect the user justification for changing from **Work** to **Personal**. |
-|Object |String |A description of the shared work data. For example, if an employee opens a work file by using a personal app, this would be the file path. |
-|DataInfo |String |Any additional info about how the work file changed:<ul><li>**A file path.** If an employee uploads a work file to a personal website by using Microsoft Edge or Internet Explorer, the file path is included here.</li><li>**Clipboard data types.** If an employee pastes work data into a personal app, the list of clipboard data types provided by the work app are included here. For more info, see the [Examples](#examples) section of this topic.</li></ul> |
-|Action |Int |Provides info about what happened when the work data was shared to personal, including:<ul><li>**1.** File decrypt.</li><li>**2.** Copy to location.</li><li>**3.** Send to recipient.</li><li>**4.** Other.</li></ul> |
-|FilePath |String |The file path to the file specified in the audit event. For example, the location of a file that's been decrypted by an employee or uploaded to a personal website. |
-|SourceApplicationName |String |The source app or website. For the source app, this is the AppLocker identity. For the source website, this is the hostname. |
-|SourceName |String |A string provided by the app that's logging the event. It's intended to describe the source of the work data. |
-|DestinationEnterpriseID |String |The enterprise ID value for the app or website where the employee is sharing the data.<br><br>**NULL**, **Personal**, or **blank** means there's no enterprise ID because the work data was shared to a personal location. Because we don't currently support multiple enrollments, you'll always see one of these values. |
-|DestinationApplicationName |String |The destination app or website. For the destination app, this is the AppLocker identity. For the destination website, this is the hostname. |
-|DestinationName |String |A string provided by the app that's logging the event. It's intended to describe the destination of the work data. |
-|Application |String |The AppLocker identity for the app where the audit event happened. |
-
-### Examples
-
-Here are a few examples of responses from the Reporting CSP.
-
-#### File ownership on a file is changed from work to personal
-
-```xml
-<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
-<Reporting Version="com.contoso/2.0/MDM/Reporting">
-  <User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
-    <Log ProviderType="EDPAudit" LogType="ProtectionRemoved" TimeStamp="131357166318347527">
-      <Policy>Protection removed</Policy>
-      <Justification>NULL</Justification>
-      <FilePath>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</FilePath>
-    </Log>
-  </User>
-</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
-```
-
-#### A work file is uploaded to a personal webpage in Edge
-
-```xml
-<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
-<Reporting Version="com.contoso/2.0/MDM/Reporting">
-  <User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
-    <Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357192409318534">
-      <Policy>CopyPaste</Policy>
-      <Justification>NULL</Justification>
-      <SourceApplicationName>NULL</SourceApplicationName>
-      <DestinationEnterpriseID>NULL</DestinationEnterpriseID>
-      <DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
-      <DataInfo>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</DataInfo>
-    </Log>
-  </User>
-</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
-```
-
-#### Work data is pasted into a personal webpage
-
-```xml
-<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
-<Reporting Version="com.contoso/2.0/MDM/Reporting">
-  <User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
-    <Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357193734179782">
-      <Policy>CopyPaste</Policy>
-      <Justification>NULL</Justification>
-      <SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
-      <DestinationEnterpriseID>NULL</DestinationEnterpriseID>
-      <DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
-      <DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
-    </Log>
-  </User>
-</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
-```
-
-#### A work file is opened with a personal application
-
-```xml
-<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
-<Reporting Version="com.contoso/2.0/MDM/Reporting">
-  <User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
-    <Log ProviderType="EDPAudit" LogType="ApplicationGenerated" TimeStamp="131357194991209469">
-      <Policy>NULL</Policy>
-      <Justification></Justification>
-      <Object>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</Object>
-      <Action>1</Action>
-      <SourceName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT&reg; WINDOWS&reg; OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</SourceName>
-      <DestinationEnterpriseID>Personal</DestinationEnterpriseID>
-      <DestinationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT&reg; WINDOWS&reg; OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</DestinationName>
-      <Application>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT&reg; WINDOWS&reg; OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</Application>
-    </Log>
-  </User>
-</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
-```
-
-#### Work data is pasted into a personal application
-
-```xml
-<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
-<Reporting Version="com.contoso/2.0/MDM/Reporting">
-  <User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
-    <Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357196076537270">
-      <Policy>CopyPaste</Policy>
-      <Justification>NULL</Justification>
-      <SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
-      <DestinationEnterpriseID>NULL</DestinationEnterpriseID>
-      <DestinationApplicationName></DestinationApplicationName>
-      <DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
-    </Log>
-  </User>
-</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
-```
-
-## Collect WIP audit logs by using Windows Event Forwarding (for Windows desktop domain-joined devices only)
-
-Use Windows Event Forwarding to collect and aggregate your Windows Information Protection audit events. You can view your audit events in the Event Viewer.
-
-**To view the WIP events in the Event Viewer**
-
-1. Open Event Viewer.
-
-2. In the console tree under **Application and Services Logs\Microsoft\Windows**, click **EDP-Audit-Regular** and **EDP-Audit-TCB**.
-
-## Collect WIP audit logs using Azure Monitor
-
-You can collect audit logs using Azure Monitor. See [Windows event log data sources in Azure Monitor.]()
-
-**To view the WIP events in Azure Monitor**
-
-1.  Use an existing or create a new Log Analytics workspace.
-
-2.  In **Log Analytics** > **Advanced Settings**, select **Data**. In Windows Event Logs, add logs to receive:
-
-    ```console
-    Microsoft-Windows-EDP-Application-Learning/Admin
-    Microsoft-Windows-EDP-Audit-TCB/Admin
-    ```
-    >[!NOTE]
-    >If using Windows Events Logs, the event log names can be found under Properties of the event in the Events folder (Application and Services Logs\Microsoft\Windows, click EDP-Audit-Regular and EDP-Audit-TCB).
-
-3.  Download Microsoft [Monitoring Agent](/azure/azure-monitor/platform/agent-windows#install-the-agent-using-dsc-in-azure-automation).
-
-4.  To get MSI for Intune installation as stated in the Azure Monitor article, extract: `MMASetup-.exe /c /t:`
-
-    Install Microsoft Monitoring Agent to WIP devices using Workspace ID and Primary key. More information on Workspace ID and Primary key can be found in **Log Analytics** > **Advanced Settings**.
-
-5.  To deploy MSI via Intune, in installation parameters add: `/q /norestart NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=<WORKSPACE_ID> OPINSIGHTS_WORKSPACE_KEY=<WORKSPACE_KEY> AcceptEndUserLicenseAgreement=1`
-
-    >[!NOTE]
-    >Replace <WORKSPACE_ID> & <WORKSPACE_KEY> received from step 5. In installation parameters, don't place <WORKSPACE_ID> & <WORKSPACE_KEY> in quotes ("" or '').
-
-6. After the agent is deployed, data will be received within approximately 10 minutes.
-
-7. To search for logs, go to **Log Analytics workspace** > **Logs**, and type **Event** in search.
-
-    ***Example***
-
-    ```console
-    Event | where EventLog == "Microsoft-Windows-EDP-Audit-TCB/Admin"
-    ```
-
-## Additional resources
--   [How to deploy app via Intune](/intune/apps-add)
--   [How to create Log workspace](/azure/azure-monitor/learn/quick-create-workspace)
--   [How to use Microsoft Monitoring Agents for Windows](/azure/azure-monitor/platform/agents-overview)
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
deleted file mode 100644
index d730747292..0000000000
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ /dev/null
@@ -1,162 +0,0 @@
----
-title: Create an EFS Data Recovery Agent certificate
-description: Follow these steps to create, verify, and perform a quick recovery by using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: how-to
-ms.date: 07/15/2022
----
-
-# Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
-
-[!INCLUDE [Deprecate Windows Information Protection](includes/wip-deprecation.md)]
-<!-- 6010051 -->
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-If you don't already have an EFS DRA certificate, you'll need to create and extract one from your system before you can use Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your organization. For the purposes of this section, we'll use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.
-
->[!IMPORTANT]
->If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy. For more info about when to use a PKI and the general strategy you should use to deploy DRA certificates, see the [Security Watch Deploying EFS: Part 1](/previous-versions/technet-magazine/cc162507(v=msdn.10)) article on TechNet. For more general info about EFS protection, see [Protecting Data by Using EFS to Encrypt Hard Drives](/previous-versions/tn-archive/cc875821(v=technet.10)).<br><br>If your DRA certificate has expired, you won't be able to encrypt your files with it. To fix this, you'll need to create a new certificate, using the steps in this topic, and then deploy it through policy.
-
-## Manually create an EFS DRA certificate
-
-1. On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
-
-2. Run this command:
-
-    ```cmd
-    cipher /r:EFSRA
-    ```
-
-    Where *EFSRA* is the name of the `.cer` and `.pfx` files that you want to create.
-
-3. When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
-
-    The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1.
-
-    >[!Important]
-    >Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
-
-4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Microsoft Configuration Manager](create-wip-policy-using-configmgr.md).
-
-	> [!NOTE]
-	> This certificate can be used in Intune for policies both _with_ device enrollment (MDM) and _without_ device enrollment (MAM).
-
-## Verify your data recovery certificate is correctly set up on a WIP client computer
-
-1. Find or create a file that's encrypted using Windows Information Protection. For example, you could open an app on your allowed app list, and then create and save a file so it's encrypted by WIP. 
-
-2. Open an app on your protected app list, and then create and save a file so that it's encrypted by WIP.
-
-3. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
-
-    ```cmd
-    cipher /c filename
-    ```
-
-    Where *filename* is the name of the file you created in Step 1.
-
-4. Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
-
-## Recover your data using the EFS DRA certificate in a test environment
-
-1. Copy your WIP-encrypted file to a location where you have admin access.
-
-2. Install the EFSDRA.pfx file, using its password.
-
-3. Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
-
-    ```cmd
-    cipher /d encryptedfile.extension
-    ```
-
-    Where *encryptedfile.extension* is the name of your encrypted file. For example, `corporatedata.docx`.
-
-## Recover WIP-protected after unenrollment
-
-It's possible that you might revoke data from an unenrolled device only to later want to restore it all. This can happen in the case of a missing device being returned or if an unenrolled employee enrolls again. If the employee enrolls again using the original user profile, and the revoked key store is still on the device, all of the revoked data can be restored at once.
-
->[!IMPORTANT]
->To maintain control over your enterprise data, and to be able to revoke again in the future, you must only perform this process after the employee has re-enrolled the device. 
-
-1. Have the employee sign in to the unenrolled device, open an elevated command prompt, and type:
-
-    ```cmd
-    Robocopy "%localappdata%\Microsoft\EDP\Recovery" "new_location" * /EFSRAW
-    ```
-
-   Where "*new_location*" is in a different directory. This can be on the employee's device or on a shared folder on a computer that runs Windows 8 or Windows Server 2012 or newer and can be accessed while you're logged in as a data recovery agent.
-
-   To start Robocopy in S mode, open Task Manager. Click **File** > **Run new task**, type the command, and click **Create this task with administrative privileges**.
-
-   ![Robocopy in S mode.](images/robocopy-s-mode.png)
-
-   If the employee performed a clean installation and there is no user profile, you need to recover the keys from the System Volume folder in each drive. Type: 
-
-    ```cmd
-    Robocopy "drive_letter:\System Volume Information\EDP\Recovery\" "new_location" * /EFSRAW
-    ```
-
-2. Sign in to a different device with administrator credentials that have access to your organization's DRA certificate, and perform the file decryption and recovery by typing:
-
-    ```cmd
-    cipher.exe /D "new_location"
-    ```
-
-3. Have your employee sign in to the unenrolled device, and type:
-
-    ```cmd
-    Robocopy "new_location" "%localappdata%\Microsoft\EDP\Recovery\Input"
-    ```
-
-4. Ask the employee to lock and unlock the device.
-
-   The Windows Credential service automatically recovers the employee's previously revoked keys from the `Recovery\Input` location.
-
-## Auto-recovery of encryption keys
-Starting with Windows 10, version 1709, WIP includes a data recovery feature that lets your employees auto-recover access to work files if the encryption key is lost and the files are no longer accessible. This typically happens if an employee reimages the operating system partition, removing the WIP key info, or if a device is reported as lost and you mistakenly target the wrong device for unenrollment.
-
-To help make sure employees can always access files, WIP creates an auto-recovery key that's backed up to their Microsoft Entra identity.
-
-The employee experience is based on signing in with a Microsoft Entra ID work account. The employee can either:
-
-- Add a work account through the **Windows Settings > Accounts > Access work or school > Connect** menu.
-
-    -OR-
-
-- Open **Windows Settings > Accounts > Access work or school > Connect** and choose the **Join this device to Microsoft Entra ID** link, under **Alternate actions**.
-
-    >[!Note]
-    >To perform a Microsoft Entra Domain Join from the Settings page, the employee must have administrator privileges to the device.
-
-After signing in, the necessary WIP key info is automatically downloaded and employees are able to access the files again.
-
-### To test what the employee sees during the WIP key recovery process
-
-1. Attempt to open a work file on an unenrolled device.
-
-    The **Connect to Work to access work files** box appears.
-
-2. Click **Connect**.
-
-    The **Access work or school settings** page appears.
-
-3. Sign-in to Microsoft Entra ID as the employee and verify that the files now open
-
-## Related topics
-
-- [Security Watch Deploying EFS: Part 1](/previous-versions/technet-magazine/cc162507(v=msdn.10))
-
-- [Protecting Data by Using EFS to Encrypt Hard Drives](/previous-versions/tn-archive/cc875821(v=technet.10))
-
-- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md)
-
-- [Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md)
-
-- [Creating a Domain-Based Recovery Agent](/previous-versions/tn-archive/cc875821(v=technet.10)#EJAA)
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
deleted file mode 100644
index c3badb03b9..0000000000
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune 
-description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
-ms.reviewer: 
----
-
-# Associate and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
- 
-## Associate your WIP policy to your VPN policy using Intune
-
-To associate your WIP policy with your organization's existing VPN policy, use the following steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** > **Configuration profiles** > **Create profile**.
-3. Enter the following properties:
-
-    - **Platform**: Select **Windows 10 and later**
-    - **Profile**: Select **Templates** > **Custom**.
-
-4. Select **Create**.
-5. In **Basics**, enter the following properties:
-
-    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. 
-    - **Description**: Enter a description for the profile. This setting is optional, but recommended.
-
-6. Select **Next**.
-7. In **Configuration settings**, enter the following properties:
-
-    - **Name**: Enter a name for your setting. For example, enter `EDPModeID`.
-    - **OMA-URI**: Enter `./Vendor/MSFT/VPNv2/YourVPNProfileName/EDPModeId`.
-    - **Data type**: Select `String`.
-    - **Value**: Type your fully qualified domain that should be used by the OMA-URI setting. For example, enter `corp.contoso.com`.
-
-    For more information on these settings, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).
-
-8. Select **Next**, and continue configuring the policy. For the specific steps and recommendations, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
-
-## Deploy your VPN policy using Microsoft Intune
-
-After you've created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
-
-1.  On the **App policy** blade, select your newly created policy, select **User groups** from the menu that appears, and then select **Add user group**.
-
-    A list of user groups, made up of all of the security groups in your Microsoft Entra ID, appear in the **Add user group** blade.
-
-2. Choose the group you want your policy to apply to, and then select **Select** to deploy the policy.
-
-    The policy is deployed to the selected users' devices.
-
-    ![Microsoft Intune: Pick your user groups that should get the policy when it's deployed.](images/wip-azure-add-user-groups.png)
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
deleted file mode 100644
index 01f7c3b238..0000000000
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ /dev/null
@@ -1,480 +0,0 @@
----
-title: Create and deploy a WIP policy in Configuration Manager
-description: Use Microsoft Configuration Manager to create and deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: how-to
-ms.date: 07/15/2022
----
-
-# Create and deploy a Windows Information Protection policy in Configuration Manager
-
-[!INCLUDE [Deprecate Windows Information Protection](includes/wip-deprecation.md)]
-<!-- 6010051 -->
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-Microsoft Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy. You can choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
-
-## Add a WIP policy
-After you've installed and set up Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
-
->[!TIP]
-> Review the [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) article before creating a new configuration item to avoid common issues.
-
-**To create a configuration item for WIP**
-
-1.  Open the Configuration Manager console, select the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
-
-    ![Configuration Manager, Configuration Items screen.](images/wip-configmgr-addpolicy.png)
-
-2.  Select the **Create Configuration Item** button.<p>
-The **Create Configuration Item Wizard** starts.
-
-    ![Create Configuration Item wizard, define the configuration item and choose the configuration type.](images/wip-configmgr-generalscreen.png)
-
-3.  On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-
-4.  In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use Configuration Manager for device management, and then select **Next**.
-
-    -   **Settings for devices managed with the Configuration Manager client:** Windows 10
-
-        -OR-
-
-    -   **Settings for devices managed without the Configuration Manager client:** Windows 8.1 and Windows 10
-
-5.  On the **Supported Platforms** screen, select the **Windows 10** box, and then select **Next**.
-
-    ![Create Configuration Item wizard, choose the supported platforms for the policy.](images/wip-configmgr-supportedplat.png)
-
-6.  On the **Device Settings** screen, select **Windows Information Protection**, and then select **Next**.
-
-    ![Create Configuration Item wizard, choose the Windows Information Protection settings.](images/wip-configmgr-devicesettings.png)
-
-The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization.
-
-## Add app rules to your policy
-
-During the policy-creation process in Configuration Manager, you can choose the apps you want to give access to your enterprise data through Windows Information Protection. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
-
-The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file.
-
->[!IMPORTANT]
->Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.<p>Care must be taken to get a support statement from the software provider that their app is safe with Windows Information Protection before adding it to your **App rules** list. If you don't get this statement, it's possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
-
-### Add a store app rule to your policy
-For this example, we're going to add Microsoft OneNote, a store app, to the **App Rules** list.
-
-**To add a store app**
-
-1.  From the **App rules** area, select **Add**.
-
-    The **Add app rule** box appears.
-
-    ![Create Configuration Item wizard, add a universal store app.](images/wip-configmgr-adduniversalapp.png)
-
-2.  Add a friendly name for your app into the **Title** box. In this example, it's *Microsoft OneNote*.
-
-3.  Select **Allow** from the **Windows Information Protection mode** drop-down list.
-
-    Allow turns on WIP, helping to protect that app's corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
-
-4.  Pick **Store App** from the **Rule template** drop-down list.
-
-    The box changes to show the store app rule options.
-
-5.  Type the name of the app and the name of its publisher, and then select **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
-
-If you don't know the publisher or product name, you can find them for both desktop devices by following these steps.
-
-**To find the Publisher and Product Name values for Store apps without installing them**
-
-1. Go to the [Microsoft Store](https://apps.microsoft.com/) website, and find your app. For example, Microsoft OneNote.
-
-   > [!NOTE]
-   > If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in [Add an AppLocker policy file](#add-an-applocker-policy-file) in this article.
-
-2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is `https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl`, and you'd copy the ID value, `9wzdncrfhvjl`.
-
-3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata`, where `9wzdncrfhvjl` is replaced with your ID value.
-
-   The API runs and opens a text editor with the app details.
-
-   ```json
-   {
-       "packageIdentityName": "Microsoft.Office.OneNote",
-       "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
-   }
-   ```
-
-4. Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
-
-   > [!IMPORTANT]
-   > The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that's using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as "CN=" followed by the `windowsPhoneLegacyId`.
-   >
-   > For example:
-   >
-   > ```json
-   > {
-   >     "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-   > }
-   > ```
-
-### Add a desktop app rule to your policy
-
-For this example, we're going to add Internet Explorer, a desktop app, to the **App Rules** list.
-
-**To add a desktop app to your policy**
-
-1.  From the **App rules** area, select **Add**.
-
-    The **Add app rule** box appears.
-
-    ![Create Configuration Item wizard, add a classic desktop app.](images/wip-configmgr-adddesktopapp.png)
-
-2.  Add a friendly name for your app into the **Title** box. In this example, it's *Internet Explorer*.
-
-3.  Select **Allow** from the **Windows Information Protection mode** drop-down list.
-
-    Allow turns on WIP, helping to protect that app's corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
-
-4.  Pick **Desktop App** from the **Rule template** drop-down list.
-
-    The box changes to show the desktop app rule options.
-
-5.  Pick the options you want to include for the app rule (see table), and then select **OK**.
-
-     |Option|Manages|
-     |--- |--- |
-     |All fields left as "*"|All files signed by any publisher. (Not recommended.)|
-     |**Publisher** selected|All files signed by the named publisher. This might be useful if your company is the publisher and signer of internal line-of-business apps.|
-     |**Publisher** and **Product Name** selected|All files for the specified product, signed by the named publisher.|
-     |**Publisher**, **Product Name**, and **Binary name** selected|Any version of the named file or package for the specified product, signed by the named publisher.|
-     |**Publisher**, **Product Name**, **Binary name**, and **File Version, and above**, selected|Specified version or newer releases of the named file or package for the specified product, signed by the named publisher. This option is recommended for enlightened apps that weren't previously enlightened.|
-     |**Publisher**, **Product Name**, **Binary name**, and **File Version, And below** selected|Specified version or older releases of the named file or package for the specified product, signed by the named publisher.|
-     |**Publisher**, **Product Name**, **Binary name**, and **File Version, Exactly** selected|Specified version of the named file or package for the specified product, signed by the named publisher.|
-
-If you're unsure about what to include for the publisher, you can run this PowerShell command:
-
-```powershell
-Get-AppLockerFileInformation -Path "<path of the exe>"
-```
-
-Where `"<path of the exe>"` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe"`.
-
-In this example, you'd get the following info:
-
-```console
-Path                   Publisher
-----                   ---------
-%PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\INTERNET EXPLOR...
-```
-
-Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
-
-### Add an AppLocker policy file
-
-For this example, we're going to add an AppLocker XML file to the **App Rules** list. You'll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](../../application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md) content.
-
-**To create an app rule and xml file using the AppLocker tool**
-
-1.  Open the Local Security Policy snap-in (SecPol.msc).
-
-2.  In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then select **Packaged App Rules**.
-
-    ![Local security snap-in, showing the Packaged app Rules.](images/intune-local-security-snapin.png)
-
-3.  Right-click in the right-hand pane, and then select **Create New Rule**.
-
-    The **Create Packaged app Rules** wizard appears.
-
-4. On the **Before You Begin** page, select **Next**.
-
-    ![Create a Packaged app Rules wizard and showing the Before You Begin page.](images/intune-applocker-before-begin.png)
-
-5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then select **Next**.
-
-    ![Create Packaged app Rules wizard, set action to Allow.](images/intune-applocker-permissions.png)
-
-6.  On the **Publisher** page, select **Select** from the **Use an installed packaged app as a reference** area.
-
-    ![Create Packaged app Rules wizard, select use an installed packaged app.](images/intune-applocker-publisher.png)
-
-7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then select **OK**. For this example, we're using Microsoft Photos.
-
-    ![Create Packaged app Rules wizard, select application and click ok.](images/intune-applocker-select-apps.png)
-
-8. On the updated **Publisher** page, select **Create**.
-
-    ![Create Packaged app Rules wizard, showing the Microsoft Photos on the Publisher page.](images/intune-applocker-publisher-with-app.png)
-
-9. Review the Local Security Policy snap-in to make sure your rule is correct.
-
-    ![Local security snap-in, showing the new rule.](images/intune-local-security-snapin-updated.png)
-
-10. In the left pane, right-click on **AppLocker**, and then select **Export policy**.
-
-    The **Export policy** box opens, letting you export and save your new policy as XML.
-
-    ![Local security snap-in, showing the Export Policy option.](images/intune-local-security-export.png)
-
-11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then select **Save**.
-
-    The policy is saved and you'll see a message that says one rule was exported from the policy.
-
-    **Example XML file**<br>
-    This is the XML file that AppLocker creates for Microsoft Photos.
-
-    ```xml
-     <AppLockerPolicy Version="1">
-        <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Msi" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Script" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Dll" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Appx" EnforcementMode="NotConfigured">
-            <FilePublisherRule Id="5e0c752b-5921-4f72-8146-80ad5f582110" Name="Microsoft.Windows.Photos, version 16.526.0.0 and above, from Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
-                <Conditions>
-                    <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*">
-                        <BinaryVersionRange LowSection="16.526.0.0" HighSection="*" />
-                    </FilePublisherCondition>
-                </Conditions>
-            </FilePublisherRule>
-        </RuleCollection>
-    </AppLockerPolicy>
-    ```
-12. After you've created your XML file, you need to import it by using Configuration Manager.
-
-**To import your Applocker policy file app rule using Configuration Manager**
-
-1.  From the **App rules** area, select **Add**.
-
-    The **Add app rule** box appears.
-
-    ![Create Configuration Item wizard, add an AppLocker policy.](images/wip-configmgr-addapplockerfile.png)
-
-2.  Add a friendly name for your app into the **Title** box. In this example, it's *Allowed app list*.
-
-3.  Select **Allow** from the **Windows Information Protection mode** drop-down list.
-
-    Allow turns on WIP, helping to protect that app's corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
-
-4.  Pick the **AppLocker policy file** from the **Rule template** drop-down list.
-
-    The box changes to let you import your AppLocker XML policy file.
-
-5. Select the ellipsis (...) to browse for your AppLocker XML file, select **Open**, and then select **OK** to close the **Add app rule** box.
-
-    The file is imported and the apps are added to your **App Rules** list.
-
-### Exempt apps from WIP restrictions
-If you're running into compatibility issues where your app is incompatible with Windows Information Protection (WIP), but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak.
-
-**To exempt a store app, a desktop app, or an AppLocker policy file app rule**
-
-1.  From the **App rules** area, select **Add**.
-
-    The **Add app rule** box appears.
-
-2.  Add a friendly name for your app into the **Title** box. In this example, it's *Exempt apps list*.
-
-3.  Select **Exempt** from the **Windows Information Protection mode** drop-down list.
-
-    When you exempt apps, they're allowed to bypass the WIP restrictions and access your corporate data. To allow apps, see [Add app rules to your policy](#add-app-rules-to-your-policy) in this article.
-
-4.  Fill out the rest of the app rule info, based on the type of rule you're adding:
-
-    - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this article.
-
-    - **Desktop app.** Follow the **Publisher**, **Product name**, **Binary name**, and **Version** instructions in the [Add a desktop app rule to your policy](#add-a-desktop-app-rule-to-your-policy) section of this article.
-
-    - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this article, using a list of exempted apps.
-
-5.  Select **OK**.
-
-## Manage the WIP-protection level for your enterprise data
-After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode.
-
-We recommend that you start with **Silent** or **Override** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, either **Override** or **Block**.
-
->[!NOTE]
->For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
-
-|Mode |Description |
-|-----|------------|
-|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log. |
-|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would have been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
-|Off |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn WIP protection back on. For more information, see [How to disable Windows Information Protection](how-to-disable-wip.md).|
-
-:::image type="content" alt-text="Create Configuration Item wizard, choose your WIP-protection level" source="images/wip-configmgr-appmgmt.png":::
-
-## Define your enterprise-managed identity domains
-Corporate identity, usually expressed as your primary internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you've marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies.
-
-You can specify multiple domains owned by your enterprise by separating them with the `|` character. For example, `contoso.com|newcontoso.com`. With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list.
-
-**To add your corporate identity**
-
-- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
-
-    ![Create Configuration Item wizard, Add the primary Internet domain for your enterprise identity.](images/wip-configmgr-corp-identity.png)
-
-## Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
-
-There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise's range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
-
->[!IMPORTANT]
->Every WIP policy should include policy that defines your enterprise network locations.<br>
->Classless Inter-Domain Routing (CIDR) notation isn't supported for WIP configurations.
-
-**To define where your protected apps can find and send enterprise data on your network**
-
-1. Add additional network locations your apps can access by clicking **Add**.
-
-    The **Add or edit corporate network definition** box appears.
-
-2. Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
-
-   ![Add or edit corporate network definition box, Add your enterprise network locations.](images/wip-configmgr-add-network-domain.png)
-
-     - **Enterprise Cloud Resources**: Specify the cloud resources to be treated as corporate and protected by WIP.
-
-         For each cloud resource, you may also optionally specify a proxy server from your internal proxy servers list to route traffic for this cloud resource. All traffic routed through your internal proxy servers is considered enterprise.
-
-         If you have multiple resources, you must separate them using the `|` delimiter. If you don't use proxy servers, you must also include the `,` delimiter just before the `|`. For example: URL `<,proxy>|URL <,proxy>`.
-
-         **Format examples**:
-
-         - **With proxy**: `contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com`
-
-         - **Without proxy**: `contoso.sharepoint.com|contoso.visualstudio.com`
-
-         >[!Important]
-         > In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.
-
-     - **Enterprise Network Domain Names (Required)**: Specify the DNS suffixes used in your environment. All traffic to the fully qualified domains appearing in this list will be protected.
-
-         This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.
-
-         If you have multiple resources, you must separate them using the "," delimiter.
-
-         **Format examples**: `corp.contoso.com,region.contoso.com`
-
-     - **Proxy servers**: Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
-         This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
-
-         If you have multiple resources, you must separate them using the ";" delimiter.
-
-         **Format examples**: `proxy.contoso.com:80;proxy2.contoso.com:443`
-
-     - **Internal proxy servers**: Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
-         This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
-
-         If you have multiple resources, you must separate them using the ";" delimiter.
-
-         **Format examples**: `contoso.internalproxy1.com;contoso.internalproxy2.com`
-
-     - **Enterprise IPv4 Range (Required)**: Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
-
-         If you have multiple ranges, you must separate them using the "," delimiter.
-
-         **Format examples**:
-
-         - **Starting IPv4 Address:** `3.4.0.1`
-         - **Ending IPv4 Address:** `3.4.255.254`
-         - **Custom URI:** `3.4.0.1-3.4.255.254, 10.0.0.1-10.255.255.254`
-
-     - **Enterprise IPv6 Range**: Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
-
-         If you have multiple ranges, you must separate them using the "," delimiter.
-
-         **Format examples**:
-
-         - **Starting IPv6 Address:** `2a01:110::`
-         - **Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff`
-         - **Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff`
-
-     - **Neutral Resources**: Specify your authentication redirection endpoints for your company. These locations are considered enterprise or personal, based on the context of the connection before the redirection.
-
-         If you have multiple resources, you must separate them using the "," delimiter.
-
-         **Format examples**: `sts.contoso.com,sts.contoso2.com`
-
-3. Add as many locations as you need, and then select **OK**.
-
-   The **Add or edit corporate network definition** box closes.
-
-4. Decide if you want to Windows to look for additional network settings and if you want to show the WIP icon on your corporate files while in File Explorer.
-
-   :::image type="content" alt-text="Create Configuration Item wizard, Add whether to search for additional network settings" source="images/wip-configmgr-optsettings.png":::
-
-   - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Select this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. Not configured is the default option.
-
-   - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Select this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
-
-   - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Select this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
-
-5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, select **Browse** to add a data recovery certificate for your policy.
-
-   ![Create Configuration Item wizard, Add a data recovery agent (DRA) certificate.](images/wip-configmgr-dra.png)
-
-   After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees' local device drive. If somehow the employees' local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. 
-
-   For more info about how to find and export your data recovery certificate, see [Data Recovery and Encrypting File System (EFS)](/previous-versions/tn-archive/cc512680(v=technet.10)). For more info about creating and verifying your EFS DRA certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
-
-## Choose your optional WIP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you'll be asked to decide if you want to add any optional WIP settings.
-
-![Create Configuration Item wizard, Choose any additional, optional settings.](images/wip-configmgr-additionalsettings.png)
-
-**To set your optional settings**
-1.  Choose to set any or all of the optional settings:
-
-    - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
-
-        - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
-
-        - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
-
-    - **Revoke local encryption keys during the unenrollment process.** Determines whether to revoke a user's local encryption keys from a device when it's unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
-        - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-
-        - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you're migrating between Mobile Device Management (MDM) solutions.
-
-    - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Create a WIP policy using Intune](create-wip-policy-using-intune-azure.md). To confirm what templates your tenant has, run [Get-AadrmTemplate](/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](/azure/information-protection/administer-powershell). If you don't specify a template, WIP uses a key from a default RMS template that everyone in the tenant will have access to.
-
-2. After you pick all of the settings you want to include, select **Summary**.
-
-## Review your configuration choices in the Summary screen
-After you've finished configuring your policy, you can review all of your info on the **Summary** screen.
-
-**To view the Summary screen**
-- Select the **Summary** button to review your policy choices, and then select **Next** to finish and to save your policy.
-
-    ![Create Configuration Item wizard, Summary screen for all of your policy choices.](images/wip-configmgr-summaryscreen.png)
-
-    A progress bar appears, showing you progress for your policy. After it's done, select **Close** to return to the **Configuration Items** page.
-
-## Deploy the WIP policy
-After you've created your WIP policy, you'll need to deploy it to your organization's devices. For more information about your deployment options, see the following articles:
-
-- [Create configuration baselines in Configuration Manager](/mem/configmgr/compliance/deploy-use/create-configuration-baselines)
-
-- [How to deploy configuration baselines in Configuration Manager](/mem/configmgr/compliance/deploy-use/deploy-configuration-baselines)
-
-## Related articles
-
-- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
-
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
-
-- [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
deleted file mode 100644
index c73eda005f..0000000000
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ /dev/null
@@ -1,605 +0,0 @@
----
-title: Create a WIP policy in Intune
-description: Learn how to use the Microsoft Intune admin center to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: how-to
-ms.date: 07/15/2022
----
-
-# Create a Windows Information Protection policy in Microsoft Intune
-
-[!INCLUDE [Deprecate Windows Information Protection](includes/wip-deprecation.md)]
-<!-- 6010051 -->
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
-
-## Differences between MDM and MAM for WIP
-
-You can create an app protection policy in Intune either with device enrollment for MDM or without device enrollment for MAM. The process to create either policy is similar, but there are important differences: 
-
-- MAM has more **Access** settings for Windows Hello for Business.
-- MAM can [selectively wipe company data](/intune/apps-selective-wipe) from a user's personal device.
-- MAM requires an [Microsoft Entra ID P1 or P2 license](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).
-- A Microsoft Entra ID P1 or P2 license is also required for WIP auto-recovery, where a device can re-enroll and regain access to protected data. WIP auto-recovery depends on Microsoft Entra registration to back up the encryption keys, which requires device auto-enrollment with MDM.
-- MAM supports only one user per device.  
-- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
-- Only MDM can use [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) policies.
-- If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Microsoft Entra ID. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. 
-
-
-## Prerequisites
-
-Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Microsoft Entra ID. MAM requires an [Microsoft Entra ID P1 or P2 license](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). A Microsoft Entra ID P1 or P2 license is also required for WIP auto-recovery, where a device can re-enroll and regain access to protected data. WIP auto-recovery relies on Microsoft Entra registration to back up the encryption keys, which requires device auto-enrollment with MDM. 
-
-## Configure the MDM or MAM provider
-
-1. Sign in to the Azure portal.
-
-2. Select **Microsoft Entra ID** > **Mobility (MDM and MAM)** > **Microsoft Intune**.
-
-3. Select **Restore Default URLs** or enter the settings for MDM or MAM user scope and select **Save**:
-
-   ![Configure MDM or MAM provider.](images/mobility-provider.png)
-
-## Create a WIP policy
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-2. Open Microsoft Intune and select **Apps** > **App protection policies** > **Create policy**.
-
-   ![Open Client apps.](images/create-app-protection-policy.png)
-
-3. In the **App policy** screen, select **Add a policy**, and then fill out the fields:
-
-   - **Name.** Type a name (required) for your new policy.
-
-   - **Description.** Type an optional description.
-
-   - **Platform.** Choose **Windows 10**.
-
-   - **Enrollment state.** Choose **Without enrollment** for MAM or **With enrollment** for MDM.
-
-   ![Add a mobile app policy.](images/add-a-mobile-app-policy.png)
-
-4. Select **Protected apps** and then select **Add apps**.
-
-   ![Add protected apps.](images/add-protected-apps.png)
-
-   You can add these types of apps:
-
-   - [Recommended apps](#add-recommended-apps)
-   - [Store apps](#add-store-apps)
-   - [Desktop apps](#add-desktop-apps)
-
->[!NOTE]
->An application might return access denied errors after removing it from the list of protected apps. Rather than remove it from the list, uninstall and reinstall the application or exempt it from WIP policy.    
-    
-### Add recommended apps 
-
-Select **Recommended apps** and select each app you want to access your enterprise data or select them all, and select **OK**.
-
-![Microsoft Intune management console: Recommended apps.](images/recommended-apps.png)    
-
-### Add Store apps 
-
-Select **Store apps**, type the app product name and publisher, and select **OK**. For example, to add the Power BI Mobile App from the Store, type the following: 
-
-- **Name**: Microsoft Power BI
-- **Publisher**: `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
-- **Product Name**: `Microsoft.MicrosoftPowerBIForWindows`
-
-![Add Store app.](images/add-a-protected-store-app.png)
-
-To add multiple Store apps, select the ellipsis `…`.
-
-If you don't know the Store app publisher or product name, you can find them by following these steps.
-
-1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Power BI Mobile App*.
-
-2. Copy the ID value from the app URL. For example, the Power BI Mobile App ID URL is `https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1`, and you'd copy the ID value, `9nblgggzlxn1`.
-
-3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata`, where `9nblgggzlxn1` is replaced with your ID value.
-    
-    The API runs and opens a text editor with the app details.
-
-    ```json
-	{
-		"packageIdentityName": "Microsoft.MicrosoftPowerBIForWindows",
-		"publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
-	}
-    ```
-
-4.  Copy the `publisherCertificateName` value into the **Publisher** box and copy the `packageIdentityName` value into the **Name** box of Intune.
-
-    >[!Important]
-    >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that's using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.
-	>
-	> For example:
-	>
-	> ```json
-	> {
-	>     "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-	> }
-
-<!-- 01.06.2022 mandia: Commenting out, as these events are specific to Windows Phone.
-
-> [!NOTE]
-> Your PC and phone must be on the same wireless network.
-
-1. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
-
-2. In the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
-
-3. Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
-
-4. In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
-
-6. On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
-
-7. Start the app for which you're looking for the publisher and product name values.
-
-8. Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
-
-    >[!Important]
-    >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that's using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.
-	>
-	> For example:
-	>
-	> ```json
-	> {
-	>     "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-	> }
-
--->
-
-### Add Desktop apps
-
-To add **Desktop apps**, complete the following fields, based on what results you want returned.
-
-|Field|Manages|
-|--- |--- |
-|All fields marked as `*`|All files signed by any publisher. (Not recommended and may not work)|
-|Publisher only|If you only fill out this field, you'll get all files signed by the named publisher. This might be useful if your company is the publisher and signer of internal line-of-business apps.|
-|Publisher and Name only|If you only fill out these fields, you'll get all files for the specified product, signed by the named publisher.|
-|Publisher, Name, and File only|If you only fill out these fields, you'll get any version of the named file or package for the specified product, signed by the named publisher.|
-|Publisher, Name, File, and Min version only|If you only fill out these fields, you'll get the specified version or newer releases of the named file or package for the specified product, signed by the named publisher. This option is recommended for enlightened apps that weren't previously enlightened.|
-|Publisher, Name, File, and Max version only|If you only fill out these fields, you'll get the specified version or older releases of the named file or package for the specified product, signed by the named publisher.|
-|All fields completed|If you fill out all fields, you'll get the specified version of the named file or package for the specified product, signed by the named publisher.|
-
-To add another Desktop app, select the ellipsis `…`. After you've entered the info into the fields, select **OK**.
-
-![Microsoft Intune management console: Adding Desktop app info.](images/wip-azure-add-desktop-apps.png)
- 
-If you're unsure about what to include for the publisher, you can run this PowerShell command:
-
-```powershell
-Get-AppLockerFileInformation -Path "<path_of_the_exe>"
-```
-
-Where `"<path_of_the_exe>"` goes to the location of the app on the device. For example:
-
-```powershell
-Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"
-```
-
-In this example, you'd get the following info:
-
-```console
-Path                   Publisher
-----                   ---------
-%PROGRAMFILES%\WINDOWS NT\ACCESSORIES\WORDPAD.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
-```
-
-Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name.
-
-Regarding to how to get the Product Name for the Apps you wish to Add, contact the Windows Support Team to request the guidelines
-
-### Import a list of apps 
-
-This section covers two examples of using an AppLocker XML file to the **Protected apps** list. You'll use this option if you want to add multiple apps at the same time. 
-
-- [Create a Packaged App rule for Store apps](#create-a-packaged-app-rule-for-store-apps)
-- [Create an Executable rule for unsigned apps](#create-an-executable-rule-for-unsigned-apps)
-
-For more info about AppLocker, see the [AppLocker](../../application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md) content.
-
-#### Create a Packaged App rule for Store apps
-
-1. Open the Local Security Policy snap-in (SecPol.msc).
-    
-2. Expand **Application Control Policies**, expand **AppLocker**, and then select **Packaged App Rules**.
-
-    ![Local security snap-in, showing the Packaged app Rules.](images/wip-applocker-secpol-1.png)
-
-3. Right-click in the right side, and then select **Create New Rule**.
-
-    The **Create Packaged app Rules** wizard appears.
-
-4.  On the **Before You Begin** page, select **Next**.
-
-    ![Screenshot of the Before You Begin tab.](images/wip-applocker-secpol-wizard-1.png)
-
-5.  On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then select **Next**.
-
-    ![Screenshot of the Permissions tab with "Allow" and "Everyone" selected](images/wip-applocker-secpol-wizard-2.png)
-
-6. On the **Publisher** page, choose **Select** from the **Use an installed packaged app as a reference** area.
-
-    ![Screenshot of the "Use an installed package app as a reference" radio button selected and the Select button highlighted](images/wip-applocker-secpol-wizard-3.png)
-
-7.  In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then select **OK**. For this example, we're using Microsoft Dynamics 365.
-
-    ![Screenshot of the Select applications list.](images/wip-applocker-secpol-wizard-4.png)
-
-8.  On the updated **Publisher** page, select **Create**.
-
-    ![Screenshot of the Publisher tab.](images/wip-applocker-secpol-wizard-5.png)
-
-9.  Select **No** in the dialog box that appears, asking if you want to create the default rules. Don't create default rules for your WIP policy.
-
-    ![Screenshot of AppLocker warning.](images/wip-applocker-default-rule-warning.png)
-
-9.  Review the Local Security Policy snap-in to make sure your rule is correct.
-
-    ![Local security snap-in, showing the new rule.](images/wip-applocker-secpol-create.png)
-
-10. On the left, right-click on **AppLocker**, and then select **Export policy**.
-
-    The **Export policy** box opens, letting you export and save your new policy as XML.
-
-    ![Local security snap-in, showing the Export Policy option.](images/wip-applocker-secpol-export.png)
-
-11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then select **Save**.
-
-    The policy is saved and you'll see a message that says one rule was exported from the policy.
-
-    **Example XML file**<br>
-    This is the XML file that AppLocker creates for Microsoft Dynamics 365.
-
-    ```xml
-    <?xml version="1.0"?>
-    <AppLockerPolicy Version="1">
-        <RuleCollection EnforcementMode="NotConfigured" Type="Appx">
-            <FilePublisherRule Action="Allow" UserOrGroupSid="S-1-1-0" Description="" Name="Microsoft.MicrosoftDynamicsCRMforWindows10, version 3.2.0.0 and above, from Microsoft Corporation" Id="3da34ed9-aec6-4239-88ba-0afdce252ab4">
-                <Conditions>
-                    <FilePublisherCondition BinaryName="*" ProductName="Microsoft.MicrosoftDynamicsCRMforWindows10" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US">
-                        <BinaryVersionRange HighSection="*" LowSection="3.2.0.0"/>
-                    </FilePublisherCondition>
-                </Conditions>
-            </FilePublisherRule>
-        </RuleCollection>
-        <RuleCollection EnforcementMode="NotConfigured" Type="Dll"/>
-        <RuleCollection EnforcementMode="NotConfigured" Type="Exe"/>
-        <RuleCollection EnforcementMode="NotConfigured" Type="Msi"/>
-        <RuleCollection EnforcementMode="NotConfigured" Type="Script"/>
-    </AppLockerPolicy>
-    ```
-
-12. After you've created your XML file, you need to import it by using Microsoft Intune.
-
-## Create an Executable rule for unsigned apps
-
-The executable rule helps to create an AppLocker rule to sign any unsigned apps. It enables adding the file path or the app publisher contained in the file's digital signature needed for the WIP policy to be applied. 
-
-1. Open the Local Security Policy snap-in (SecPol.msc).
-    
-2. In the left pane, select **Application Control Policies** > **AppLocker** > **Executable Rules**.
-
-3. Right-click **Executable Rules** > **Create New Rule**.
-
-   ![Local security snap-in, showing the Executable Rules.](images/create-new-path-rule.png)
-
-4. On the **Before You Begin** page, select **Next**.
-
-5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then select **Next**.
-
-6. On the **Conditions** page, select **Path** and then select **Next**.
-
-    ![Screenshot with Path conditions selected in the Create Executable Rules wizard.](images/path-condition.png)
-
-7. Select **Browse Folders...** and select the path for the unsigned apps. For this example, we're using "C:\Program Files".
-
-    ![Screenshot of the Path field of the Create Executable Rules wizard.](images/select-path.png)
-
-8. On the **Exceptions** page, add any exceptions and then select **Next**.
-
-9. On the **Name** page, type a name and description for the rule and then select **Create**.
-
-10. In the left pane, right-click **AppLocker** > **Export policy**.
-
-11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then select **Save**.
-
-    The policy is saved and you'll see a message that says one rule was exported from the policy.
-
-12. After you've created your XML file, you need to import it by using Microsoft Intune.
-
-
-**To import a list of protected apps using Microsoft Intune**
-
-1. In **Protected apps**, select **Import apps**.
-
-    ![Import protected apps.](images/import-protected-apps.png)
-    
-    Then import your file.
-    
-    ![Microsoft Intune, Importing your AppLocker policy file using Intune.](images/wip-azure-import-apps.png)
-
-2. Browse to your exported AppLocker policy file, and then select **Open**.
-
-    The file imports and the apps are added to your **Protected apps** list.
-
-### Exempt apps from a WIP policy
-If your app is incompatible with WIP, but still needs to be used with enterprise data, then you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak.
-
-1. In **Client apps - App protection policies**, select **Exempt apps**.
-    
-    ![Exempt apps.](images/exempt-apps.png)
-
-2. In **Exempt apps**, select **Add apps**.
-
-    When you exempt apps, they're allowed to bypass the WIP restrictions and access your corporate data. 
-    
-3. Fill out the rest of the app info, based on the type of app you're adding:
-
-    - [Add Recommended apps](#add-recommended-apps)
-
-    - [Add Store apps](#add-store-apps)
-
-    - [Add Desktop apps](#add-desktop-apps)
-
-    - [Import apps](#import-a-list-of-apps)
-
-4.  Select **OK**.
-
-## Manage the WIP protection mode for your enterprise data
-After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode.
-
-We recommend that you start with **Silent** or **Allow Overrides** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, **Block**.
-
-1. From **App protection policy**, select the name of your policy, and then select **Required settings**.
-
-    ![Microsoft Intune, Required settings shows Windows Information Protection mode.](images/wip-azure-required-settings-protection-mode.png)
-
-    |Mode |Description |
-    |-----|------------|
-    |Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-    |Allow Overrides |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
-    |Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would have been prompted for employee interaction while in Allow Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.|
-    |Off |WIP is turned off and doesn't help to protect or audit your data.<br><br>After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn WIP protection back on. For more information, see [How to disable Windows Information Protection](how-to-disable-wip.md).|
-
-2. Select **Save**.
-
-## Define your enterprise-managed corporate identity
-Corporate identity, typically expressed as your primary Internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you've marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies.
-
-Starting with Windows 10, version 1703, Intune automatically determines your corporate identity and adds it to the **Corporate identity** field.
-
-**To change your corporate identity**
-
-1. From **App policy**, select the name of your policy, and then select **Required settings**.
-
-2. If the auto-defined identity isn't correct, you can change the info in the **Corporate identity** field. 
-
-   ![Microsoft Intune, Set your corporate identity for your organization.](images/wip-azure-required-settings-corp-identity.png)
-
-3. To add domains, such your email domain names, select **Configure Advanced settings** > **Add network boundary** and select **Protected domains**.
-
-   ![Add protected domains.](images/add-protected-domains.png)
-
-## Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include your enterprise network locations. 
-
-There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise's range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
-
-To define the network boundaries, select **App policy** > the name of your policy > **Advanced settings** > **Add network boundary**.
-
-![Microsoft Intune, Set where your apps can access enterprise data on your network.](images/wip-azure-advanced-settings-network.png)
-
-Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the options covered in the following subsections, and then select **OK**.
-
-### Cloud resources
-
-Specify the cloud resources to be treated as corporate and protected by WIP. 
-For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource.
-All traffic routed through your Internal proxy servers is considered enterprise.
-
-Separate multiple resources with the "|" delimiter. 
-For example: 
-
-```console
-URL <,proxy>|URL <,proxy>
-```
-
-Personal applications can access a cloud resource that has a blank space or an invalid character, such as a trailing dot in the URL.
-
-To add a subdomain for a cloud resource, use a period (.) instead of an asterisk (*). For example, to add all subdomains within Office.com, use ".office.com" (without the quotation marks).
-
-In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. 
-In this case, Windows blocks the connection by default. 
-To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting. 
-For example: 
-
-```console
-URL <,proxy>|URL <,proxy>|/*AppCompat*/
-```
-
-When you use this string, we recommend that you also turn on [Microsoft Entra Conditional Access](/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.
-
-Value format with proxy:
-
-```console
-contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com
-```
-
-Value format without proxy:
-
-```console
-contoso.sharepoint.com|contoso.visualstudio.com|contoso.onedrive.com,
-```
-
-### Protected domains
-
-Specify the domains used for identities in your environment. 
-All traffic to the fully qualified domains appearing in this list will be protected.
-Separate multiple domains with the "|" delimiter.
-
-```console
-exchange.contoso.com|contoso.com|region.contoso.com
-```
-
-### Network domains
-
-Specify the DNS suffixes used in your environment. 
-All traffic to the fully qualified domains appearing in this list will be protected.
-Separate multiple resources with the "," delimiter.
-
-```console
-corp.contoso.com,region.contoso.com
-```
-
-### Proxy servers
-
-Specify the proxy servers your devices will go through to reach your cloud resources. 
-Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
-This list shouldn't include any servers listed in your Internal proxy servers list. 
-Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
-Separate multiple resources with the ";" delimiter.
-
-```console
-proxy.contoso.com:80;proxy2.contoso.com:443
-```
-
-### Internal proxy servers
-
-Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
-This list shouldn't include any servers listed in your Proxy servers list.
-Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
-Separate multiple resources with the ";" delimiter.
-
-```console
-contoso.internalproxy1.com;contoso.internalproxy2.com
-```
-
-### IPv4 ranges
-
-Specify the addresses for a valid IPv4 value range within your intranet. 
-These addresses, used with your Network domain names, define your corporate network boundaries.
-Classless Inter-Domain Routing (CIDR) notation isn't supported.
-
-Separate multiple ranges with the "," delimiter. 
-
-**Starting IPv4 Address:** 3.4.0.1<br/>
-**Ending IPv4 Address:** 3.4.255.254<br/>
-**Custom URI:** 3.4.0.1-3.4.255.254,<br/>
-10.0.0.1-10.255.255.254
-
-### IPv6 ranges
-
-Starting with Windows 10, version 1703, this field is optional.
-
-Specify the addresses for a valid IPv6 value range within your intranet. 
-These addresses, used with your network domain names, define your corporate network boundaries.
-Classless Inter-Domain Routing (CIDR) notation isn't supported.
-
-Separate multiple ranges with the "," delimiter.
-
-**Starting IPv6 Address:** `2a01:110::`</br>
-**Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff`<br>
-**Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,'<br>'fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff`
-
-### Neutral resources
-
-Specify your authentication redirection endpoints for your company.
-These locations are considered enterprise or personal, based on the context of the connection before the redirection.
-Separate multiple resources with the "," delimiter.
-
-```console
-sts.contoso.com,sts.contoso2.com
-```
-
-Decide if you want Windows to look for more network settings:
-
-- **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Turn on if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you turn this off, Windows will search for more proxy servers in your immediate network.
-
-- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Turn on if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you turn this off, Windows will search for more IP ranges on any domain-joined devices connected to your network.
-
-![Microsoft Intune, Choose if you want Windows to search for more proxy servers or IP ranges in your enterprise.](images/wip-azure-advanced-settings-network-autodetect.png)
-
-## Upload your Data Recovery Agent (DRA) certificate
-After you create and deploy your WIP policy to your employees, Windows begins to encrypt your corporate data on the employees' local device drive. If somehow the employees' local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the Data Recovery Agent (DRA) certificate lets Windows use an included public key to encrypt the local data while you maintain the private key that can unencrypt the data.
-
->[!Important]
->Using a DRA certificate isn't mandatory. However, we strongly recommend it. For more info about how to find and export your data recovery certificate, see [Data Recovery and Encrypting File System (EFS)](/previous-versions/tn-archive/cc512680(v=technet.10)). For more info about creating and verifying your EFS DRA certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
-
-**To upload your DRA certificate**
-1. From **App policy**, select the name of your policy, and then select **Advanced settings** from the menu that appears.
-
-    **Advanced settings** shows.
-
-2.  In the **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, select **Browse** to add a data recovery certificate for your policy.
-
-    ![Microsoft Intune, Upload your Data Recovery Agent (DRA) certificate.](images/wip-azure-advanced-settings-efsdra.png)
-
-## Choose your optional WIP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you can choose optional settings.
-
-![Advanced optional settings.](images/wip-azure-advanced-settings-optional.png)
-   
-**Revoke encryption keys on unenroll.** Determines whether to revoke a user's local encryption keys from a device when it's unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-    
-- **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-        
-- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you're migrating between Mobile Device Management (MDM) solutions.
-        
-**Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
-    
-- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Also, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
-        
-- **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. 
-        
-**Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](/azure/information-protection/what-is-azure-rms) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared with employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they're copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template's license. Only users with permission to that template can read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](/windows/client-management/mdm/enterprisedataprotection-csp). 
-    
-- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn't actually apply Azure Information Protection to the files. 
-        
-  If you don't specify an [RMS template](/information-protection/deploy-use/configure-custom-templates), it's a regular EFS file using a default RMS template that all users can access.
-        
-- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
-
-  > [!NOTE]
-  > Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
-
-**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
-    
-- **On.** Starts Windows Search Indexer to index encrypted files.
-    
-- **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
-
-## Encrypted file extensions
-
-You can restrict which files are protected by WIP when they're downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. 
-
-![WIP encrypted file extensions.](images/wip-encrypted-file-extensions.png)
-
-## Related articles
-
-- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
- 
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
-
-- [What is Azure Rights Management?](/information-protection/understand-explore/what-is-azure-rms)
-
-- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](overview-create-wip-policy.md)
-
-- [Intune MAM Without Enrollment](/archive/blogs/configmgrdogs/intune-mam-without-enrollment)
-
-- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
deleted file mode 100644
index 0269f73fe5..0000000000
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune 
-description: After you've created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/05/2019
-ms.reviewer: 
----
-
-# Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-After you've created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. Enrollment can be done for business or personal devices, allowing the devices to use your managed apps and to sync with your managed content and information.
-
-## To deploy your WIP policy
-
-1. On the **App protection policies** pane, click your newly created policy, click **Assignments**, and then select groups to include or exclude from the policy.
-
-2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
-
-   The policy is deployed to the selected users' devices.
-
-   ![Microsoft Intune: Pick your user groups that should get the policy when it's deployed.](images/wip-azure-add-user-groups.png)
-
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
-
-## Related topics
-
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
deleted file mode 100644
index 1660b49f10..0000000000
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ /dev/null
@@ -1,111 +0,0 @@
----
-title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) 
-description: Learn the difference between enlightened and unenlightened apps. Find out which enlightened apps are provided by Microsoft. Learn how to allow-list them.
-ms.reviewer: 
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 05/02/2019
----
-
-# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.
-
-## Enlightened versus unenlightened apps
-Apps can be enlightened or unenlightened:
-
--   **Enlightened apps** can differentiate between corporate and personal data, correctly determining which to protect, based on your policies.
-
--   **Unenlightened apps** consider all data corporate and encrypt everything. Typically, you can tell an unenlightened app because:
-
-    -   Windows Desktop shows it as always running in enterprise mode.
-
-    -   Windows **Save As** experiences only allow you to save your files as enterprise.
-
-- **Windows Information Protection-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode. 
-
-## List of enlightened Microsoft apps
-Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
-
-- Microsoft 3D Viewer
-
-- Microsoft Edge
-
-- Internet Explorer 11
-
-- Microsoft People
-
-- Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
-
-- Microsoft 365 Apps for enterprise apps, including Word, Excel, PowerPoint, OneNote, and Outlook
-
-- OneDrive app
-
-- OneDrive sync client (OneDrive.exe, the next generation sync client)
-
-- Microsoft Photos
-
-- Groove Music
-
-- Notepad
-
-- Microsoft Paint
-
-- Microsoft Movies & TV
-
-- Microsoft Messaging
-
-- Microsoft Remote Desktop 
-
-- Microsoft To Do
-
-> [!NOTE]
-> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from Windows Information Protection policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning.
-
-## List of WIP-work only apps from Microsoft
-Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with Windows Information Protection and MAM solutions.
-
-- Skype for Business
-
-- Microsoft Teams (build 1.3.00.12058 and later)
-
-## Adding enlightened Microsoft apps to the allowed apps list
-
-> [!NOTE]
-> As of January 2019 it is no longer necessary to add Intune Company Portal as an exempt app since it is now included in the default list of protected apps.
-
-You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and Microsoft Configuration Manager.
-
-
-|                     Product name                     |                                                                                                                                                                                                                        App info                                                                                                                                                                                                                        |
-|------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                    Microsoft 3D Viewer                    |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Microsoft3DViewer<br>**App Type:** Universal app                                                                                                                                      |
-|                    Microsoft Edge                    |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.MicrosoftEdge<br>**App Type:** Universal app                                                                                                                                      |
-|                   Microsoft People                   |                                                                                                                                         **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.People<br>**App Type:** Universal app                                                                                                                                         |
-|                     Word Mobile                      |                                                                                                                                      **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Word<br>**App Type:** Universal app                                                                                                                                       |
-|                     Excel Mobile                     |                                                                                                                                      **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Excel<br>**App Type:** Universal app                                                                                                                                      |
-|                  PowerPoint Mobile                   |                                                                                                                                   **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.PowerPoint<br>**App Type:** Universal app                                                                                                                                    |
-|                       OneNote                        |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.OneNote<br>**App Type:** Universal app                                                                                                                                     |
-|              Outlook Mail and Calendar               |                                                                                                                               **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.windowscommunicationsapps<br>**App Type:** Universal app                                                                                                                                |
-| Microsoft 365 Apps for enterprise and Office 2019 Professional Plus | Microsoft 365 Apps for enterprise and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for Windows Information Protection.<br>We don't recommend setting up Office by using individual paths or publisher rules. |
-|                   Microsoft Photos                   |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Windows.Photos<br>**App Type:** Universal app                                                                                                                                     |
-|                     Groove Music                     |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneMusic<br>**App Type:** Universal app                                                                                                                                        |
-|                Microsoft Movies & TV                 |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneVideo<br>**App Type:** Universal app                                                                                                                                        |
-|                 Microsoft Messaging                  |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Messaging<br>**App Type:** Universal app                                                                                                                                        |
-|                         IE11                         |                                                                                                                                                         **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** iexplore.exe<br>**App Type:** Desktop app                                                                                                                                                          |
-|                 OneDrive Sync Client                 |                                                                                                                                                         **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** onedrive.exe<br>**App Type:** Desktop app                                                                                                                                                          |
-|                     OneDrive app                     |                                                                                              **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Microsoftskydrive<br><b>Product Version:</b>Product version: 17.21.0.0 (and later)<br>**App Type:** Universal app                                                                                              |
-|                       Notepad                        |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** notepad.exe<br>**App Type:** Desktop app                                                                                                                                                          |
-|                   Microsoft Paint                    |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mspaint.exe<br>**App Type:** Desktop app                                                                                                                                                          |
-|               Microsoft Remote Desktop               |                                                                                                                                                           **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mstsc.exe<br>**App Type:** Desktop app                                                                                                                                                           |
-|              Microsoft MAPI Repair Tool              |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** fixmapi.exe<br>**App Type:** Desktop app                                                                                                                                                          |
-|              Microsoft To Do                         |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Todos<br>**App Type:** Store app                                                                                                                                                          |
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
deleted file mode 100644
index f98f1a7125..0000000000
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: General guidance and best practices for Windows Information Protection (WIP) 
-description: Find resources about apps that can work with Windows Information Protection (WIP) to protect data. Enlightened apps can tell corporate and personal data apart.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# General guidance and best practices for Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-This section includes info about the enlightened Microsoft apps, including how to add them to your allowed apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP).
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. | 
-|[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |Learn the difference between enlightened and unenlightened app behaviors. |
-|[Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](recommended-network-definitions-for-wip.md) |Recommended additions for the Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP). |
-|[Using Outlook on the web with Windows Information Protection (WIP)](using-owa-with-wip.md) |Options for using Outlook on the web with Windows Information Protection (WIP). |
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
deleted file mode 100644
index f30aaac954..0000000000
--- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
+++ /dev/null
@@ -1,124 +0,0 @@
----
-title: How to disable Windows Information Protection (WIP)
-description: How to disable Windows Information Protection (WIP) in Microsoft Intune or Microsoft Configuration Manager.
-ms.date: 07/21/2022
-ms.topic: how-to
-author: lizgt2000
-ms.author: lizlong
-ms.reviewer: aaroncz
-manager: aaroncz
----
-
-# How to disable Windows Information Protection (WIP)
-
-[!INCLUDE [wip-deprecation](includes/wip-deprecation.md)]
-<!-- 6010051 -->
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-## Use Intune to disable WIP
-
-To disable Windows Information Protection (WIP) using Intune, you have the following options:
-
-### Option 1 - Unassign the WIP policy (preferred)
-
-When you unassign an existing policy, it removes the intent to deploy WIP from those devices. When that intent is removed, the device removes protection for files and the configuration for WIP. For more information, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
-
-### Option 2 - Change current WIP policy to off
-
-If you're currently deploying a WIP policy for enrolled or unenrolled devices, you switch the WIP policy to Off. When devices check in after this change, the devices will proceed to unprotect files previously protected by WIP.
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Open Microsoft Intune and select **Apps** > **App protection policies**.
-1. Select the existing policy to turn off, and then select the **Properties**.
-1. Edit **Required settings**.
-    :::image type="content" alt-text="Intune App Protection policy properties, required settings, with WIP mode Off." source="images/intune-edit-app-protection-policy-mode-off.png":::
-1. Set **Windows Information Protection mode** to off.
-1. After making this change, select **Review and Save**.
-1. Select **Save**.
-
-> [!NOTE]
-> **Another option is to create a disable policy that sets WIP to Off.**
->
-> You can create a separate disable policy for WIP (both enrolled and unenrolled) and deploy that to a new group. You then can stage the transition to this disabled state. Move devices from the existing group to the new group. This process slowly migrates devices instead of all at once.
-
-### Revoke local encryption keys during the unenrollment process
-
-Determine whether to revoke a user's local encryption keys from a device when it's unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
-- Yes, or not configured. Revokes local encryption keys from a device during unenrollment.
-- No (recommended). Stop local encryption keys from being revoked from a device during unenrollment.
-
-## Use Configuration Manager to disable WIP
-
-To disable Windows Information Protection (WIP) using Configuration Manager, create a new configuration item that turns off WIP. Configure that new object for your environment to match the existing policy, except for disabling WIP. Then deploy the new policy, and move devices into the new collection.
-
-> [!WARNING]
-> Don't just delete your existing WIP policy. If you delete the old policy, Configuration Manager stops sending further WIP policy updates, but also leaves WIP enforced on the devices. To remove WIP from your managed devices, follow the steps in this section to create a new policy to turn off WIP.
-
-### Create a WIP policy
-
-To disable WIP for your organization, first create a configuration item.
-
-1. Open the Configuration Manager console, select the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
-
-2. Select the **Create Configuration Item** button.
-    The **Create Configuration Item Wizard** starts.
-
-    ![Create Configuration Item wizard, define the configuration item and choose the configuration type.](images/wip-configmgr-generalscreen-off.png)
-
-3. On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-
-4. In the **Specify the type of configuration item you want to create** area, select **Windows 10 or later** for devices managed with the Configuration Manager client, and then select **Next**.
-
-5. On the **Supported Platforms** screen, select the **Windows 10** box, and then select **Next**.
-
-6. On the **Device Settings** screen, select **Windows Information Protection**, and then select **Next**.
-
-The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization. The following sections provide details on the required settings on this page.
-
-> [!TIP]
-> For more information on filling out the required fields, see [Create and deploy a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr).
-
-#### Turn off WIP
-
-Of the four options to specify the restriction mode, select **Off** to turn off Windows Information Protection.
-
-:::image type="content" alt-text="Create Configuration Item wizard, choose your WIP-protection level." source="images/wip-configmgr-disable-wip.png":::
-
-#### Specify the corporate identity
-
-Paste the value of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
-
-![Create Configuration Item wizard, Add the primary Internet domain for your enterprise identity.](images/wip-configmgr-corp-identity.png)
-
-> [!IMPORTANT]
-> This corporate identity value must match the string in the original policy. Copy and paste the string from your original policy that enables WIP.
-
-#### Specify the corporate network definition
-
-For the **Corporate network definition**, select **Add** to specify the necessary network locations. The **Add or edit corporate network definition** box appears. Add the required fields.
-
-> [!IMPORTANT]
-> These corporate network definitions must match the original policy. Copy and paste the strings from your original policy that enables WIP.
-
-#### Specify the data recovery agent certificate
-
-In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, select **Browse** to add a data recovery certificate for your policy. This certificate should be the same as the original policy that enables WIP.
-
-![Create Configuration Item wizard, Add a data recovery agent (DRA) certificate.](images/wip-configmgr-dra.png)
-
-### Deploy the WIP policy
-
-After you've created the new policy to turn off WIP, deploy it to your organization's devices. For more information about deployment options, see the following articles:
-
-- [Create a configuration baseline that includes the new configuration item](/mem/configmgr/compliance/deploy-use/create-configuration-baselines).
-
-- [Create a new collection](/mem/configmgr/core/clients/manage/collections/create-collections).
-
-- [Deploy the baseline to the collection](/mem/configmgr/compliance/deploy-use/deploy-configuration-baselines).
-
-- Move devices from the old collection to new collection.
diff --git a/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png b/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png
deleted file mode 100644
index 12d4f6eefd..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-a-mobile-app-policy.png b/windows/security/information-protection/windows-information-protection/images/add-a-mobile-app-policy.png
deleted file mode 100644
index 31f979f9f1..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-a-mobile-app-policy.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-a-protected-store-app.png b/windows/security/information-protection/windows-information-protection/images/add-a-protected-store-app.png
deleted file mode 100644
index 8522b463a7..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-a-protected-store-app.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-protected-apps.png b/windows/security/information-protection/windows-information-protection/images/add-protected-apps.png
deleted file mode 100644
index c702a0acff..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-protected-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png b/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png
deleted file mode 100644
index 848ff120a2..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png b/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png
deleted file mode 100644
index 345093afc8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png b/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png
deleted file mode 100644
index b33322202c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/exempt-apps.png b/windows/security/information-protection/windows-information-protection/images/exempt-apps.png
deleted file mode 100644
index 59b0ebd268..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/exempt-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/import-protected-apps.png b/windows/security/information-protection/windows-information-protection/images/import-protected-apps.png
deleted file mode 100644
index eefe2c57d4..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/import-protected-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-before-begin.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-before-begin.png
deleted file mode 100644
index 3f6a79c8d6..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-before-begin.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-permissions.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-permissions.png
deleted file mode 100644
index 901c861793..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-permissions.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher-with-app.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher-with-app.png
deleted file mode 100644
index 29f08e03f0..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher-with-app.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher.png
deleted file mode 100644
index 42da98610a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-select-apps.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-select-apps.png
deleted file mode 100644
index 38ba06d474..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-select-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-edit-app-protection-policy-mode-off.png b/windows/security/information-protection/windows-information-protection/images/intune-edit-app-protection-policy-mode-off.png
deleted file mode 100644
index e5cb84a44e..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-edit-app-protection-policy-mode-off.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-local-security-export.png b/windows/security/information-protection/windows-information-protection/images/intune-local-security-export.png
deleted file mode 100644
index 56b27c2387..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-local-security-export.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin-updated.png b/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin-updated.png
deleted file mode 100644
index d794b8976c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin-updated.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin.png b/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin.png
deleted file mode 100644
index 492f3fc50a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/mobility-provider.png b/windows/security/information-protection/windows-information-protection/images/mobility-provider.png
deleted file mode 100644
index 280a0531dc..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/mobility-provider.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/path-condition.png b/windows/security/information-protection/windows-information-protection/images/path-condition.png
deleted file mode 100644
index 6aaf295bcc..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/path-condition.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/recommended-apps.png b/windows/security/information-protection/windows-information-protection/images/recommended-apps.png
deleted file mode 100644
index 658cbb343b..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/recommended-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png
deleted file mode 100644
index 141e7a1819..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/select-path.png b/windows/security/information-protection/windows-information-protection/images/select-path.png
deleted file mode 100644
index 0fd5274d45..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/select-path.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-default-rule-warning.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-default-rule-warning.png
deleted file mode 100644
index 50440a4fc8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-default-rule-warning.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-1.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-1.png
deleted file mode 100644
index 709ff73d25..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-1.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-create.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-create.png
deleted file mode 100644
index 74497fd6ab..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-create.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-export.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-export.png
deleted file mode 100644
index 1f5d20dffa..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-export.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-1.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-1.png
deleted file mode 100644
index 0ced278421..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-1.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-2.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-2.png
deleted file mode 100644
index e399d8aa66..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-2.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-3.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-3.png
deleted file mode 100644
index 0ac48ca032..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-3.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-4.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-4.png
deleted file mode 100644
index c924430a97..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-4.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-5.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-5.png
deleted file mode 100644
index 4b5e707aec..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-5.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-desktop-apps.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-add-desktop-apps.png
deleted file mode 100644
index 1d1aff1a0c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-desktop-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png
deleted file mode 100644
index 34c89b37a9..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-efsdra.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-efsdra.png
deleted file mode 100644
index 59e2071bd8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-efsdra.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png
deleted file mode 100644
index 7fff387ab2..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png
deleted file mode 100644
index 9fbe37d56d..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png
deleted file mode 100644
index 785925efdf..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-import-apps.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-import-apps.png
deleted file mode 100644
index 01489c8059..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-import-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png
deleted file mode 100644
index 752ea852ce..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png
deleted file mode 100644
index 734f23b46c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-add-network-domain.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-add-network-domain.png
deleted file mode 100644
index 6f5e80d670..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-add-network-domain.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addapplockerfile.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addapplockerfile.png
deleted file mode 100644
index 6cd571b404..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addapplockerfile.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adddesktopapp.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adddesktopapp.png
deleted file mode 100644
index 5da4686e3f..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adddesktopapp.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-additionalsettings.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-additionalsettings.png
deleted file mode 100644
index 89c1eae2a8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-additionalsettings.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addpolicy.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addpolicy.png
deleted file mode 100644
index 49613b5587..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addpolicy.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adduniversalapp.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adduniversalapp.png
deleted file mode 100644
index b2fc9ee966..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adduniversalapp.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-appmgmt.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-appmgmt.png
deleted file mode 100644
index 8af8967001..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-appmgmt.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-corp-identity.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-corp-identity.png
deleted file mode 100644
index 940d60acf1..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-corp-identity.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-devicesettings.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-devicesettings.png
deleted file mode 100644
index bee8ddfb1a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-devicesettings.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-disable-wip.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-disable-wip.png
deleted file mode 100644
index f1cf7c107d..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-disable-wip.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-dra.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-dra.png
deleted file mode 100644
index cc58cdb34a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-dra.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen-off.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen-off.png
deleted file mode 100644
index ab05d9607a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen-off.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen.png
deleted file mode 100644
index 2d6cadb5c6..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-optsettings.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-optsettings.png
deleted file mode 100644
index f3d12e7f2f..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-optsettings.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-summaryscreen.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-summaryscreen.png
deleted file mode 100644
index 5cae0416bd..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-summaryscreen.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-supportedplat.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-supportedplat.png
deleted file mode 100644
index c09ff3cfc3..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-supportedplat.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png
deleted file mode 100644
index 8ec000d2a7..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-app-info.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-app-info.png
deleted file mode 100644
index 09539d6773..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-app-info.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-choose-store-or-desktop-app.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-choose-store-or-desktop-app.png
deleted file mode 100644
index 2393cc7eca..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-choose-store-or-desktop-app.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png
deleted file mode 100644
index 926a3c4473..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-select-column.png b/windows/security/information-protection/windows-information-protection/images/wip-select-column.png
deleted file mode 100644
index d4e8a9e7a0..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-select-column.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-taskmgr.png b/windows/security/information-protection/windows-information-protection/images/wip-taskmgr.png
deleted file mode 100644
index d69e829d65..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-taskmgr.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
deleted file mode 100644
index 783f627a5c..0000000000
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-title: Limitations while using Windows Information Protection (WIP)
-description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP).
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: conceptual
-ms.date: 04/05/2019
----
-
-# Limitations while using Windows Information Protection (WIP)
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-This following list provides info about the most common problems you might encounter while running Windows Information Protection in your organization.
-
-- **Limitation**: Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.
-  - **How it appears**:
-    - If you're using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.
-    - If you're not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.
-
-  - **Workaround**: Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.
-
-    We strongly recommend educating employees about how to limit or eliminate the need for this decryption.
-
-- **Limitation**: Direct Access is incompatible with Windows Information Protection.
-  - **How it appears**: Direct Access might experience problems with how Windows Information Protection enforces app behavior and data movement because of how WIP determines what is and isn't a corporate network resource.
-  - **Workaround**: We recommend that you use VPN for client access to your intranet resources.
-
-    > [!NOTE]
-    > VPN is optional and isn't required by Windows Information Protection.
-
-- **Limitation**: **NetworkIsolation** Group Policy setting takes precedence over MDM Policy settings.
-  - **How it appears**: The **NetworkIsolation** Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.
-  - **Workaround**: If you use both Group Policy and MDM to configure your **NetworkIsolation** settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.
-
-- **Limitation**: Cortana can potentially allow data leakage if it's on the allowed apps list.
-  - **How it appears**: If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.
-  - **Workaround**: We don't recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.
-
-    <a name="single-user"></a>
-
-- **Limitation**: Windows Information Protection is designed for use by a single user per device.
-  - **How it appears**: A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user's content can be revoked during the unenrollment process.
-  - **Workaround**: Have only one user per managed device.
-  - If this scenario occurs, it may be possible to mitigate. Once protection is disabled, a second user can remove protection by changing the file ownership. Although the protection is in place, the file remains accessible to the user.
-
-- **Limitation**: Installers copied from an enterprise network file share might not work properly.
-  - **How it appears**: An app might fail to properly install because it can't read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action.
-  - **Workaround**: To fix this, you can:
-    - Start the installer directly from the file share.
-
-      OR
-
-    - Decrypt the locally copied files needed by the installer.
-
-      OR
-
-    - Mark the file share with the installation media as "personal". To do this, you'll need to set the Enterprise IP ranges as **Authoritative** and then exclude the IP address of the file server, or you'll need to put the file server on the Enterprise Proxy Server list.
-
-- **Limitation**: Changing your primary Corporate Identity isn't supported.
-  - **How it appears**: You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access.
-  - **Workaround**: Turn off Windows Information Protection for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying.
-
-- **Limitation**: Redirected folders with Client-Side Caching are not compatible with Windows Information Protection.
-  - **How it appears**: Apps might encounter access errors while attempting to read a cached, offline file.
-  - **Workaround**: Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.
-
-    > [!NOTE]
-    > For more info about Work Folders and Offline Files, see the [Work Folders and Offline Files support for Windows Information Protection blog](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and Windows Information Protection, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip).
-
-- **Limitation**: An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.
-  - **How it appears**: 
-    - Data copied from the WIP-managed device is marked as **Work**.
-    - Data copied to the WIP-managed device is not marked as **Work**.
-    - Local **Work** data copied to the WIP-managed device remains **Work** data.
-    - **Work** data that is copied between two apps in the same session remains ** data.
-
-  - **Workaround**: Disable RDP to prevent access because there is no way to restrict access to only devices managed by Windows Information Protection. RDP is disabled by default.
-
-- **Limitation**: You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.
-  - **How it appears**: A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**.
-  - **Workaround**: Open File Explorer and change the file ownership to **Personal** before you upload.
-
-- **Limitation**: ActiveX controls should be used with caution.
-  - **How it appears**: Webpages that use ActiveX controls can potentially communicate with other outside processes that aren't protected by using Windows Information Protection.
-  - **Workaround**: We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.
-
-    For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).
-
-- **Limitation**: Resilient File System (ReFS) isn't currently supported with Windows Information Protection.
-  - **How it appears**:Trying to save or transfer Windows Information Protection files to ReFS will fail.
-  - **Workaround**: Format drive for NTFS, or use a different drive.
-
-- **Limitation**: Windows Information Protection isn't turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**:
-  - AppDataRoaming
-  - Desktop
-  - StartMenu
-  - Documents
-  - Pictures
-  - Music
-  - Videos
-  - Favorites
-  - Contacts
-  - Downloads
-  - Links
-  - Searches
-  - SavedGames
-
-  <br/>
-
-  - **How it appears**: Windows Information Protection isn't turned on for employees in your organization. Error code 0x807c0008 will result if Windows Information Protection is deployed by using Microsoft Configuration Manager.
-  - **Workaround**: Don't set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders.  You can configure this parameter, as described [Disable Offline Files on individual redirected folders](/windows-server/storage/folder-redirection/disable-offline-files-on-folders).
-
-    If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports Windows Information Protection, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after Windows Information Protection is already in place, you might be unable to open your files offline.
-
-    For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip).
-
-- **Limitation**: Only enlightened apps can be managed without device enrollment
-  - **How it appears**: If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps.
-
-    Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.
-
-  - **Workaround**: If all apps need to be managed, enroll the device for MDM.
-
-- **Limitation**: By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.
-  - **How it appears**: Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.
-  - **Workaround**: If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.
-
-- **Limitation**: OneNote notebooks on OneDrive for Business must be properly configured to work with Windows Information Protection.
-  - **How it appears**: OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it.
-  - **Workaround**: OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps:
-
-    1. Close the notebook in OneNote.
-    2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop.
-    3. Copy the notebook folder and Paste it back into the OneDrive for Business folder.
-
-    Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the "Open in app" button.
-
-- **Limitation**: Microsoft Office Outlook offline data files (PST and OST files) are not marked as **Work** files, and are therefore not protected.
-  - **How it appears**: If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected.
-  - **Workaround**: It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually.
-
-> [!NOTE]
->
-> - When corporate data is written to disk, Windows Information Protection uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. 
-> 
-> - Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
deleted file mode 100644
index c849026e4b..0000000000
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) 
-description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 05/25/2022
----
-
-# Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise.
-
-|Task|Description|
-|----|-----------|
-|Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. |
-|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
-|Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it's incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
-|Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|
-|Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.|
-|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.<br><br>This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) topic.|
-
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
deleted file mode 100644
index 25099e224a..0000000000
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager 
-description: Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy. It lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-
-## In this section
-
-|Article |Description |
-|------|------------|
-|[Create and deploy a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md) |Microsoft Configuration Manager helps you create and deploy your WIP policy. And, lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
-|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
deleted file mode 100644
index 794a46361f..0000000000
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Create a Windows Information Protection (WIP) policy using Microsoft Intune 
-description: Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/11/2019
----
-
-# Create a Windows Information Protection (WIP) policy using Microsoft Intune
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy. It also lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-
-## In this section
-
-|Article |Description |
-|------|------------|
-|[Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md)|Details about how to use Microsoft Intune to create and deploy your WIP policy with MDM (Mobile Device Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
-|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
deleted file mode 100644
index 4135a203b8..0000000000
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ /dev/null
@@ -1,151 +0,0 @@
----
-title: Protect your enterprise data using Windows Information Protection
-description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: overview
-ms.date: 07/15/2022
----
-
-# Protect your enterprise data using Windows Information Protection (WIP)
-
-[!INCLUDE [Deprecate Windows Information Protection](includes/wip-deprecation.md)]
-<!-- 6010051 -->
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise's control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
-
-Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Azure Rights Management, another data protection technology, also works alongside WIP. It extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
-
->[!IMPORTANT]
->While Windows Information Protection can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data. For more information about the benefits WIP provides, see [Why use WIP?](#why-use-wip) later in this topic.
-
-## Video: Protect enterprise data from being accidentally copied to the wrong place
-
-> [!Video https://www.microsoft.com/videoplayer/embed/RE2IGhh]
-
-## Prerequisites
-You'll need this software to run Windows Information Protection in your enterprise:
-
-|Operating system | Management solution |
-|-----------------|---------------------|
-|Windows 10, version 1607 or later | Microsoft Intune<br><br>-OR-<br><br>Microsoft Configuration Manager<br><br>-OR-<br><br>Your current company-wide third party mobile device management (MDM) solution. For info about third party MDM solutions, see the documentation that came with your product. If your third party MDM doesn't have UI support for the policies, refer to the [EnterpriseDataProtection CSP](/windows/client-management/mdm/enterprisedataprotection-csp) documentation.|
-
-## What is enterprise data control?
-Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security. Another extreme is when people can't share anything and it's all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure.
-
-As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn't guarantee that the data will remain within the secured locations of the enterprise. So, access controls are a great start, they're not enough.
-
-In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don't allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls.
-
-### Using data loss prevention systems
-To help address this security insufficiency, companies developed data loss prevention (also known as DLP) systems. Data loss prevention systems require:
-- **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers.
-
-- **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries.
-
-- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft Purview Data Loss Prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
-
-Unfortunately, data loss prevention systems have their own problems. For example, the less detailed the rule set, the more false positives are created. This behavior can lead employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. Perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees' natural workflow. It can stop some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn't see and can't understand.
-
-### Using information rights management systems
-To help address the potential data loss prevention system problems, companies developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. 
-
-After the type of protection is set, the creating app encrypts the document so that only authorized people can open it, and even then, only in compatible apps. After an employee opens the document, the app becomes responsible for enforcing the specified protections. Because protection travels with the document, if an authorized person sends it to an unauthorized person, the unauthorized person won't be able to read or change it. However, for this to work effectively information rights management systems require you to deploy and set up both a server and client environment. And, because only compatible clients can work with protected documents, an employees' work might be unexpectedly interrupted if he or she attempts to use a non-compatible app.
-
-### And what about when an employee leaves the company or unenrolls a device?
-Finally, there's the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would erase all of the corporate data from the device, along with any other personal data on the device.
-
-## Benefits of WIP
-Windows Information Protection provides:
-- Obvious separation between personal and corporate data, without requiring employees to switch environments or apps.
-
-- Additional data protection for existing line-of-business apps without a need to update the apps.
-
-- Ability to wipe corporate data from Intune MDM enrolled devices while leaving personal data alone.
-
-- Use of audit reports for tracking issues and remedial actions.
-
-- Integration with your existing management system (Microsoft Intune, Microsoft Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage Windows Information Protection for your company.
-
-## Why use WIP?
-Windows Information Protection is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
-
--   **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. Windows Information Protection helps protect enterprise on both corporate and employee-owned devices, even when the employee isn't using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally maintained as enterprise data.
-
--   **Manage your enterprise documents, apps, and encryption modes.**
-
-    -   **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using a WIP-protected device, WIP encrypts the data on the device.
-
-    - **Using protected apps.** Managed apps (apps that you've included on the **Protected apps** list in your WIP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but makes a mistake and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn't paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
-
-    -   **Managed apps and restrictions.** With WIP you can control which apps can access and use your enterprise data. After adding an app to your protected apps list, the app is trusted with enterprise data. All apps not on this list are stopped from accessing your enterprise data, depending on your WIP management-mode.
-    
-        You don't have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in the protected apps list.
-
-    -   **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Hiding overrides stops the action immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without stopping anything that the employee could have overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
-
-
-    -   **Data encryption at rest.** Windows Information Protection helps protect enterprise data on local files and on removable media.
-    
-        Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies Windows Information Protection to the new document.
-
-    -   **Helping prevent accidental data disclosure to public spaces.** Windows Information Protection helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn't on your protected apps list, employees won't be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your protected apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally.
-
-    -   **Helping prevent accidental data disclosure to removable media.** Windows Information Protection helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn't.
-
--   **Remove access to enterprise data from enterprise-protected devices.** Windows Information Protection gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or if a device is stolen. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
-
-    >[!NOTE]
-    >For management of Surface devices it is recommended that you use the Current Branch of Microsoft Configuration Manager.<br>Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
-
-## How WIP works
-Windows Information Protection helps address your everyday challenges in the enterprise. Including:
-
-- Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down.
-
-- Reducing employee frustrations because of restrictive data management policies on enterprise-owned devices.
-
-- Helping to maintain the ownership and control of your enterprise data.
-
-- Helping control the network and data access and data sharing for apps that aren't enterprise aware
-
-### Enterprise scenarios
-Windows Information Protection currently addresses these enterprise scenarios:
-- You can encrypt enterprise data on employee-owned and corporate-owned devices.
-
-- You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data.
-
-- You can protect specific apps that can access enterprise data that are clearly recognizable to employees. You can also stop non-protected apps from accessing enterprise data.
-
-- Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn't required.
-
-### <a href="" id="bkmk-modes"></a>WIP-protection modes
-Enterprise data is automatically encrypted after it's loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, Windows Information Protection uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity.
-
-Your Windows Information Protection policy includes a list of trusted apps that are protected to access and process corporate data. This list of apps is implemented through the [AppLocker](/windows/device-security/applocker/applocker-overview) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don't have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it's personally owned.
-
->[!NOTE]
->For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
-
-You can set your Windows Information Protection policy to use 1 of 4 protection and management modes:
-
-|Mode|Description|
-|----|-----------|
-|Block |Windows Information Protection looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization's network.|
-|Allow overrides |Windows Information Protection looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log.|
-|Silent |Windows Information Protection runs silently, logging inappropriate data sharing, without stopping anything that would have been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.|
-|Off |Windows Information Protection is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn Windows Information Protection back on. |
-
-## Turn off WIP
-You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn't recommended. If you choose to turn off WIP, you can always turn it back on, but your decryption and policy info won't be automatically reapplied.
-
-## Next steps
-
-After you decide to use WIP in your environment, [create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md).
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
deleted file mode 100644
index fc9dfc237c..0000000000
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Recommended URLs for Windows Information Protection 
-description: Recommended URLs to add to your Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP).
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/25/2019
----
-
-# Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
-We recommend that you add the following URLs to the Enterprise Cloud Resources and Neutral Resources network settings when you create a Windows Information Protection policy. If you are using Intune, the SharePoint entries may be added automatically. 
-
-## Recommended Enterprise Cloud Resources
-
-This table includes the recommended URLs to add to your Enterprise Cloud Resources network setting, based on the apps you use in your organization.
-
-|If your organization uses... |Add these entries to your Enterprise Cloud Resources network setting<br>(Replace "contoso" with your domain name(s)|
-|-----------------------------|---------------------------------------------------------------------|
-|Sharepoint Online |- `contoso.sharepoint.com`<br/>- `contoso-my.sharepoint.com`<br/>- `contoso-files.sharepoint.com` |
-|Viva Engage |- `www.yammer.com`<br/>- `yammer.com`<br/>- `persona.yammer.com` |
-|Outlook Web Access (OWA) |- `outlook.office.com`<br/>- `outlook.office365.com`<br/>- `attachments.office.net` |
-|Microsoft Dynamics |`contoso.crm.dynamics.com` |
-|Visual Studio Online |`contoso.visualstudio.com` |
-|Power BI |`contoso.powerbi.com` |
-|Microsoft Teams |`teams.microsoft.com` |
-|Other Office 365 services |- `tasks.office.com`<br/>- `protection.office.com`<br/>- `meet.lync.com`<br/>- `project.microsoft.com` |
-
-You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.
-
-For Office 365 endpoints, see [Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges). 
-Office 365 endpoints are updated monthly. 
-Allow the domains listed in section number 46 "Allow Required" and add also add the apps. 
-Note that apps from officeapps.live.com can also store personal data. 
-
-When multiple files are selected from SharePoint Online or OneDrive, the files are aggregated and the URL can change. In this case, add an entry for a second-level domain and use a wildcard such as .svc.ms. 
-
-
-## Recommended Neutral Resources
-We recommended adding these URLs if you use the Neutral Resources network setting with Windows Information Protection (WIP).
-
-- `login.microsoftonline.com`
-- `login.windows.net`
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
deleted file mode 100644
index 30c94d76be..0000000000
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ /dev/null
@@ -1,149 +0,0 @@
----
-title: Testing scenarios for Windows Information Protection (WIP) 
-description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
-ms.reviewer: 
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/05/2019
----
-
-# Testing scenarios for Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
-
-## Testing scenarios
-You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
-
->[!IMPORTANT]
->If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
-
-- **Encrypt and decrypt files using File Explorer**:
-
-  1. Open File Explorer, right-click a work document, and then click **Work** from the **File Ownership** menu.
-
-      Make sure the file is encrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then clicking **Details** from the **Compress or Encrypt attributes** area. The file should show up under the heading, **This enterprise domain can remove or revoke access:** `*<your_enterprise_identity>*`. For example, `contoso.com`.
-
-  2. In File Explorer, right-click the same document, and then click **Personal** from the **File Ownership** menu.
-
-      Make sure the file is decrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then verifying that the **Details** button is unavailable.
-
-- **Create work documents in enterprise-allowed apps**: Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
-
-  Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.
-
-  > [!IMPORTANT]
-  > Certain file types like `.exe` and `.dll`, along with certain file paths, such as `%windir%` and `%programfiles%` are excluded from automatic encryption.
-
-  For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md), based on your deployment system.
-
-- **Block enterprise data from non-enterprise apps**:
-
-  1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
-
-      The app shouldn't be able to access the file.
-
-  2. Try double-clicking or tapping on the work-encrypted file. If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message.
-
-- **Copy and paste from enterprise apps to non-enterprise apps**:
-
-  1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
-
-      You should see a WIP-related warning box, asking you to click either **Change to personal** or **Keep at work**.
-
-  2. Click **Keep at work**. The content isn't pasted into the non-enterprise app.
-  3. Repeat Step 1, but this time select **Change to personal** and try to paste the content again.
-
-      The content is pasted into the non-enterprise app.
-
-  4. Try copying and pasting content between apps on your allowed apps list. The content should copy and paste between apps without any warning messages.
-
-- **Drag and drop from enterprise apps to non-enterprise apps**:
-
-  1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
-
-      You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**.
-
-  2. Click **Keep at work**. The content isn't dropped into the non-enterprise app.
-  3. Repeat Step 1, but this time select **Change to personal** and try to drop the content again.
-
-      The content is dropped into the non-enterprise app.
-
-  4. Try dragging and dropping content between apps on your allowed apps list. The content should move between the apps without any warning messages.
-
-- **Share between enterprise apps and non-enterprise apps**: 
-
-  1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
-
-      You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**.
-
-  2. Click **Keep at work**. The content isn't shared into Facebook.
-  3. Repeat Step 1, but this time select **Change to personal** and try to share the content again.
-
-      The content is shared into Facebook.
-
-  4. Try sharing content between apps on your allowed apps list. The content should share between the apps without any warning messages.
-
-- **Verify that Windows system components can use WIP**:
-
-  1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
-
-      Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
-
-  2. Open File Explorer and make sure your modified files are appearing with a **Lock** icon.
-  3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.
-
-      > [!NOTE]
-      > Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.
-      > 
-      > A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
-
-- **Use WIP on NTFS, FAT, and exFAT systems**:
-
-  1. Start an app that uses the FAT or exFAT file system (for example an SD card or USB flash drive), and appears on your allowed apps list.
-  2. Create, edit, write, save, copy, and move files. Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.
-
-- **Verify your shared files can use WIP**:
-
-  1. Download a file from a protected file share, making sure the file is encrypted by locating the **Briefcase** icon next to the file name.
-  2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
-  3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
-
-      The app shouldn't be able to access the file share.
-
-- **Verify your cloud resources can use WIP**:
-
-  1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
-  2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
-
-      Both browsers should respect the enterprise and personal boundary.
-
-  3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
-
-      IE11 shouldn't be able to access the sites.
-
-      > [!NOTE]
-      > Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as **Work**.
-
-- **Verify your Virtual Private Network (VPN) can be auto-triggered**:
-
-  1. Set up your VPN network to start based on the **WIPModeID** setting. For specific info, see [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md).
-  2. Start an app from your allowed apps list. The VPN network should automatically start.
-  3. Disconnect from your network and then start an app that isn't on your allowed apps list.
-
-      The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
-
-- **Unenroll client devices from WIP**: Unenroll a device from WIP by going to **Settings**, click **Accounts**, click **Work**, click the name of the device you want to unenroll, and then click **Remove**.
-
-  The device should be removed and all of the enterprise content for that managed account should be gone.
-
-  > [!IMPORTANT]
-  > On client devices, the data isn't removed and can be recovered. So, you must make sure the content is marked as **Revoked** and that access is denied for the employee.
-
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
deleted file mode 100644
index 43f6497a22..0000000000
--- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Using Outlook on the web with WIP 
-description: Options for using Outlook on the web with Windows Information Protection (WIP).
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# Using Outlook on the web with Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
-Because Outlook on the web can be used both personally and as part of your organization, you have the following options to configure it with Windows Information Protection (WIP):
-
-|Option |Outlook on the web behavior |
-|-------|-------------|
-|Disable Outlook on the web. Employees can only use Microsoft Outlook 2016 or the Mail for Windows 10 app. | Disabled. |
-|Don't configure outlook.office.com in any of your networking settings. |All mailboxes are automatically marked as personal. This means employees attempting to copy work content into Outlook on the web receive prompts and that files downloaded from Outlook on the web aren't automatically protected as corporate data. |
-|Add outlook.office.com and outlook.office365.com to the Cloud resources network element in your WIP policy. |All mailboxes are automatically marked as corporate. This means any personal inboxes hosted on Office 365 are also automatically marked as corporate data. |
-
->[!NOTE]
->These limitations don't apply to Outlook 2016, the Mail for Windows 10 app, or the Calendar for Windows 10 app. These apps will work properly, marking an employee's mailbox as corporate data, regardless of how you've configured outlook.office.com in your network settings. 
diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
deleted file mode 100644
index 02730fbed2..0000000000
--- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Determine the Enterprise Context of an app running in Windows Information Protection (WIP) 
-description: Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP).
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# Determine the Enterprise Context of an app running in Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
-Use Task Manager to check the context of your apps while running in Windows Information Protection (WIP) to make sure that your organization's policies are applied and running correctly.
-
-## Viewing the Enterprise Context column in Task Manager
-You need to add the Enterprise Context column to the **Details** tab of the Task Manager.
-
-1. Make sure that you have an active Windows Information Protection policy deployed and turned on in your organization.
-
-2. Open the Task Manager (taskmgr.exe), click the **Details** tab, right-click in the column heading area, and click **Select columns**.
-
-    The **Select columns** box appears.
-
-    ![Task Manager, Select column box with Enterprise Context option selected.](images/wip-select-column.png)
-
-3. Scroll down and check the **Enterprise Context** option, and then click **OK** to close the box.
-
-    The **Enterprise Context** column should now be available in Task Manager.
-
-    ![Task Manager, Enterprise Context column highlighted.](images/wip-taskmgr.png)
-
-## Review the Enterprise Context
-The **Enterprise Context** column shows you what each app can do with your enterprise data:
-
-- **Domain.** Shows the employee's work domain (such as, corp.contoso.com). This app is considered work-related and can freely touch and open work data and resources.
-
-- **Personal.** Shows the text, *Personal*. This app is considered non-work-related and can't touch any work data or resources.
-
-- **Exempt.** Shows the text, *Exempt*. Windows Information Protection policies don't apply to these apps (such as, system components).
-
-  > [!Important]
-  > Enlightened apps can change between Work and Personal, depending on the data being touched. For example, Microsoft Word 2016 shows as **Personal** when an employee opens a personal letter, but changes to **Work** when that same employee opens the company financials.
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
deleted file mode 100644
index 08963510aa..0000000000
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Fine-tune Windows Information Policy (WIP) with WIP Learning
-description: How to access the WIP Learning report to monitor and apply Windows Information Protection in your company.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# Fine-tune Windows Information Protection (WIP) with WIP Learning
-**Applies to:**
-
-- Windows 10, version 1703 and later
-
-With WIP Learning, you can intelligently tune which apps and websites are included in your WIP policy to help reduce disruptive prompts and keep it accurate and relevant. WIP Learning generates two reports: The **App learning report** and the **Website learning report**. Both reports can be accessed from Microsoft Azure Intune.
-
-The **App learning report** monitors your apps, not in policy, that attempt to access work data. You can identify these apps using the report and add them to your WIP policies to avoid productivity disruption before fully enforcing WIP with ["Block"](protect-enterprise-data-using-wip.md#bkmk-modes) mode. Frequent monitoring of the report will help you continuously identify access attempts so you can update your policy accordingly.
-
-In the **Website learning report**, you can view a summary of the devices that have shared work data with websites. You can use this information to determine which websites should be added to group and user WIP policies. The summary shows which website URLs are accessed by WIP-enabled apps so you can decide which ones are cloud or personal, and add them to the resource list.
-
-## Access the WIP Learning reports
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. Select **Apps** > **Monitor** > **App protection status** > **Reports**.
-
-   ![Image showing the UI path to the WIP report.](images/access-wip-learning-report.png) 
-
-1. Select either **App learning report for Windows Information Protection** or **Website learning report for Windows Information Protection**. 
-
-   ![Image showing the UI with for app and website learning reports.](images/wip-learning-select-report.png) 
-
-Once you have the apps and websites showing up in the WIP Learning logging reports, you can decide whether to add them to your app protection policies. 
-
-## Use the WIP section of Device Health
-
-You can use Device Health to adjust your WIP protection policy. See [Using Device Health](/windows/deployment/update/device-health-using#windows-information-protection) to learn more.
-
-If you want to configure your environment for Windows Analytics: Device Health, see [Get Started with Device Health](/windows/deployment/update/device-health-get-started) for more information.
-
-Once you have WIP policies in place, by using the WIP section of Device Health, you can:
-
-- Reduce disruptive prompts by adding rules to allow data sharing from approved apps.
-- Tune WIP rules by confirming that certain apps are allowed or denied by current policy.
-
-## Use Device Health and Intune to adjust WIP protection policy
-
-The information needed for the following steps can be found using Device Health, which you will first have to set up. Learn more about how you can  [Monitor the health of devices with Device Health](/windows/deployment/update/device-health-monitor).
-
-1. In **Device Health** click the app you want to add to your policy and copy the **WipAppId**.
-
-    For example, if the app is Google Chrome, the WipAppId is:
-
-    `O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US\GOOGLE CHROME\CHROME.EXE\74.0.3729.108`
-    
-    In the steps below, you separate the WipAppId by back slashes into the **PUBLISHER**, **PRODUCT NAME**, and **FILE** fields.
-
-2. In Intune, click **App protection policies** and then choose the app policy you want to add an application to.
-
-3. Click **Protected apps**, and then click **Add Apps**.
-
-4. In the **Recommended apps** drop down menu, choose either **Store apps** or **Desktop apps**, depending on the app you've chosen (for example, an executable (EXE) is a desktop app). 
-
-    ![View of drop down menu for Store or desktop apps.](images/wip-learning-choose-store-or-desktop-app.png)
-
-5. In **NAME** (optional), type the name of the app, and then in **PUBLISHER** (required), paste the publisher information that you copied in step 1 above.
-
-    For example, if the WipAppId is
-
-    `O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US\GOOGLE CHROME\CHROME.EXE\74.0.3729.108`
-
-    the text before the first back slash is the publisher:
-
-    `O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US`
-
-    ![View of Add Apps app info entry boxes.](images/wip-learning-app-info.png)
-
-6. Type the name of the product in **PRODUCT NAME** (required)  (this will probably be the same as what you typed for **NAME**).
-
-    For example, if the WipAppId is
-
-    `O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US\GOOGLE CHROME\CHROME.EXE\74.0.3729.108`
-
-    the text between the first and second back slashes is the product name:
-
-    `GOOGLE CHROME`
-
-7. Copy the name of the executable (for example, snippingtool.exe) and paste it in **FILE** (required).
-
-    For example, if the WipAppId is
-
-    `O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US\GOOGLE CHROME\CHROME.EXE\74.0.3729.108`
-
-    the text between the second and third back slashes is the file:
-
-    `CHROME.EXE`
-
-8. Type the version number of the app into **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny**
-
-When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes)
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/introduction.md b/windows/security/introduction.md
index 7b90b57e21..53edc2cc2c 100644
--- a/windows/security/introduction.md
+++ b/windows/security/introduction.md
@@ -1,25 +1,17 @@
 ---
 title: Introduction to Windows security
 description: System security book.
-ms.date: 09/01/2023
-ms.topic: tutorial
+ms.date: 07/22/2024
+ms.topic: overview
 ms.author: paoloma
-ms.collection:
-  - essentials-security
-  - essentials-overview
-content_well_notification:
-  - AI-contribution
 author: paolomatarazzo
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-ai-usage: ai-assisted
 ---
 
 # Introduction to Windows security
 
 The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks.
 
-Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud.
+Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the security baselines with new requirements for advanced hardware and software protection that extends from chip to cloud.
 
 ## How Windows 11 enables Zero Trust protection
 
@@ -45,11 +37,11 @@ In Windows 11, hardware and software work together to protect the operating syst
 
 To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
 
-In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
+In Windows 11, [Microsoft Defender Application Guard](application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
 
 ### Secured identities
 
-Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
+Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) and [passkeys](identity-protection/passkeys/index.md) for passwordless authentication.
 
 ### Connecting to cloud services
 
@@ -59,4 +51,4 @@ Microsoft offers comprehensive cloud services for identity, storage, and access
 
 To learn more about the security features included in Windows 11, read the [Windows 11 Security Book](book/index.md).
 
-<!--(https://aka.ms/Windows11SecurityBook).-->
+<!--(https://aka.ms/Windows11SecurityBook) PDF version-->
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
index 13b8fb7c50..3eda5bed37 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
@@ -92,9 +92,9 @@ Therefore, organizations that use BitLocker might want to use Hibernate instead
 
 ### Tricking BitLocker to pass the key to a rogue operating system
 
-An attacker might modify the boot manager configuration database (BCD), which is stored on a nonencrypted partition and add an entry point to a rogue operating system on a different partition. During the boot process, BitLocker code makes sure that the operating system that the encryption key obtained from the TPM is given to, is cryptographically verified to be the intended recipient. Because this strong cryptographic verification already exists, we don't recommend storing a hash of a disk partition table in Platform Configuration Register (PCR) 5.
+An attacker might modify the boot manager configuration database (BCD), which is stored on a nonencrypted partition and add an entry point to a rogue operating system on a different partition. During the boot process, BitLocker code makes sure that the operating system that the encryption key obtained from the TPM is given to, is cryptographically verified to be the intended recipient. Because this strong cryptographic verification already exists, we don't recommend storing a hash of a disk partition table in PCR 5.
 
-An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This can't succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0. To successfully unseal the blob, PCR 11 in the TPM must have a value of 0. However, when the boot manager passes the control to any boot loader (legitimate or rogue) it always changes PCR 11 to a value of 1. Since the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can't unlock the BitLocker key.
+An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware, and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This can't succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0. To successfully unseal the blob, PCR 11 in the TPM must have a value of 0. However, when the boot manager passes the control to any boot loader (legitimate or rogue), it always changes PCR 11 to a value of 1. Since the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can't unlock the BitLocker key.
 
 ## Attacker countermeasures
 
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-multiple-passwords-multiple-backups.png b/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-multiple-passwords-multiple-backups.png
index 10229caf37..6dd45ec322 100644
Binary files a/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-multiple-passwords-multiple-backups.png and b/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-multiple-passwords-multiple-backups.png differ
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
index 853270403b..e3130a2695 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 10/30/2023
+ms.date: 07/18/2024
 ms.topic: include
 ---
 
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
index 29452a46ea..7bf6e12c5a 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
@@ -610,7 +610,37 @@ Once decryption is complete, the drive updates its status in the Control Panel a
 
 ---
 
+## Unlock a drive
+
+If you connect a drive as a secondary drive to a device, and you have your BitLocker recovery key, you can unlock a BitLocker-enabled drive by using the following instructions.
+
+In the next example, the `D` drive is the one to unlock. Select the option that best suits your needs.
+
+#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
+
+```powershell
+Unlock-BitLocker -MountPoint D -RecoveryPassword xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx
+```
+
+For more information, see [Unlock-BitLocker][PS-2]
+
+#### [:::image type="icon" source="images/cmd.svg"::: **Command Prompt**](#tab/cmd)
+
+```cmd
+manage-bde.exe -unlock D: -recoverypassword xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx
+```
+
+For more information, see [manage-bde unlock][WINS-1]
+
+#### [:::image type="icon" source="images/controlpanel.svg"::: **Control Panel**](#tab/controlpanel)
+
+You can unlock the drive from the Control Panel or from Explorer. After opening the BitLocker Control Panel applet, select the **Unlock drive** option to begin the process. When prompted, enter the 48-digit recovery key.
+
+---
+
 <!--links-->
 
 [PREV-1]: /previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829849(v=ws.11)
 [PS-1]: /powershell/module/bitlocker
+[PS-2]: /powershell/module/bitlocker/unlock-bitlocker
+[WINS-1]: /windows-server/administration/windows-commands/manage-bde-unlock
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
index ea2fd91338..4b1498edf5 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
@@ -2,7 +2,7 @@
 title: BitLocker recovery process
 description: Learn how to obtain BitLocker recovery information for Microsoft Entra joined, Microsoft Entra hybrid joined, and Active Directory joined devices, and how to restore access to a locked drive.
 ms.topic: how-to
-ms.date: 06/18/2024
+ms.date: 07/18/2024
 ---
 
 # BitLocker recovery process
@@ -26,12 +26,19 @@ A recovery key can't be stored in any of the following locations:
 - The root directory of a nonremovable drive
 - An encrypted volume
 
+### Self-recovery with recovery password
+
+If you have access to the recovery key, enter the 48-digits in the preboot recovery screen.
+
+- If you are having issues entering the recovery password in the preboot recovery screen, or you can no longer boot your device, you can connect the drive to another device as a secondary drive. For more information about the unlock process, see [Unlock a drive](operations-guide.md#unlock-a-drive)
+- If unlocking with recovery password doesn't work you can use the [BitLocker Repair tool](#bitlocker-repair-tool) to regain access yo your drive
+
 ### Self-recovery in Microsoft Entra ID
 
 If BitLocker recovery keys are stored in Microsoft Entra ID, users can access them using the following URL: https://myaccount.microsoft.com. From the **Devices** tab, users can select a Windows device that they own, and select the option **View BitLocker Keys**.
 
 > [!NOTE]
-> By default, users can retrieve their BitLocker reecovery keys from Microsoft Entra ID. This behavior can be modified with the option **Restrict users from recovering the BitLocker key(s) for their owned devices**. For more information, see [Restrict member users' default permissions][ENTRA-1].
+> By default, users can retrieve their BitLocker recovery keys from Microsoft Entra ID. This behavior can be modified with the option **Restrict users from recovering the BitLocker key(s) for their owned devices**. For more information, see [Restrict member users' default permissions][ENTRA-1].
 
 ### Self-recovery with USB flash drive
 
@@ -64,6 +71,9 @@ The following list can be used as a template for creating a recovery process for
 
 There are a few Microsoft Entra ID roles that allow a delegated administrator to read BitLocker recovery passwords from the devices in the tenant. While it's common for organizations to use the existing Microsoft Entra ID *[Cloud Device Administrator][ENTRA-2]* or *[Helpdesk Administrator][ENTRA-3]* built-in roles, you can also [create a custom role][ENTRA-5], delegating access to BitLocker keys using the `microsoft.directory/bitlockerKeys/key/read` permission. Roles can be delegated to access BitLocker recovery passwords for devices in specific Administrative Units.
 
+> [!NOTE]
+> When devices that utilize [Windows Autopilot](/mem/autopilot/windows-autopilot) are reused to join to Entra, **and there is a new device owner**, that new device owner must contact an administrator to acquire the BitLocker recovery key for that device. Custom role or administrative unit scoped administrators will lose access to BitLocker recovery keys for those devices that have undergone device ownership changes. These scoped administrators will need to contact a non-scoped administrator for the recovery keys. For more information, see the article [Find the primary user of an Intune device](/mem/intune/remote-actions/find-primary-user#change-a-devices-primary-user).
+
 The [Microsoft Entra admin center][ENTRA] allows administrators to retrieve BitLocker recovery passwords. To learn more about the process, see [View or copy BitLocker keys][ENTRA-4]. Another option to access BitLocker recovery passwords is to use the Microsoft Graph API, which might be useful for integrated or scripted solutions. For more information about this option, see [Get bitlockerRecoveryKey][GRAPH-1].
 
 In the following example, we use Microsoft Graph PowerShell cmdlet [`Get-MgInformationProtectionBitlockerRecoveryKey`][PS-1] to build a PowerShell function that retrieves recovery passwords from Microsoft Entra ID:
diff --git a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
index 368b0d1c10..61a6b9a820 100644
--- a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
+++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 title: Encrypted hard drives
 description: Learn how encrypted hard drives use the rapid encryption that is provided by BitLocker to enhance data security and management.
-ms.date: 10/18/2023
+ms.date: 07/22/2024
 ms.topic: concept-article
 ---
 
@@ -75,7 +75,7 @@ To configure encrypted hard drives as startup drives, use the same methods as st
 
 There are three policy settings to manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:
 
-- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives)  
+- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives)
 - [Configure use of hardware-based encryption for removable data drives](bitlocker/configure.md?tabs=removable#configure-use-of-hardware-based-encryption-for-removable-data-drives)
 - [Configure use of hardware-based encryption for operating system drives](bitlocker/configure.md?tabs=os#configure-use-of-hardware-based-encryption-for-operating-system-drives)
 
diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index decdd162a6..81f918fba2 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -8,51 +8,4 @@ items:
 - name: Email Encryption (S/MIME)
   href: configure-s-mime.md
 - name: Windows Information Protection (WIP)
-  href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
-  items:
-    - name: Create a WIP policy using Microsoft Intune
-      href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md
-      items:
-      - name: Create a WIP policy in Microsoft Intune
-        href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
-        items:
-          - name: Deploy your WIP policy in Microsoft Intune
-            href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
-          - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
-            href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
-      - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-        href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-      - name: Determine the enterprise context of an app running in WIP
-        href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
-    - name: Create a WIP policy using Microsoft Configuration Manager
-      href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-      items:
-      - name: Create and deploy a WIP policy in Configuration Manager
-        href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
-      - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-        href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-      - name: Determine the enterprise context of an app running in WIP
-        href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
-    - name: Mandatory tasks and settings required to turn on WIP
-      href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md
-    - name: Testing scenarios for WIP
-      href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md
-    - name: Limitations while using WIP
-      href: ../../information-protection/windows-information-protection/limitations-with-wip.md
-    - name: How to collect WIP audit event logs
-      href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-    - name: General guidance and best practices for WIP
-      href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-      items:
-      - name: Enlightened apps for use with WIP
-        href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
-      - name: Unenlightened and enlightened app behavior while using WIP
-        href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md
-      - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-        href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
-      - name: Using Outlook Web Access with WIP
-        href: ../../information-protection/windows-information-protection/using-owa-with-wip.md
-    - name: Fine-tune WIP Learning
-      href: ../../information-protection/windows-information-protection/wip-learning.md
-    - name: Disable WIP
-      href: ../../information-protection/windows-information-protection/how-to-disable-wip.md
\ No newline at end of file
+  href: /previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip
diff --git a/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise.md b/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise.md
index 75a3f08635..fc6df9c4a9 100644
--- a/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise.md
@@ -3,12 +3,12 @@ title: Block untrusted fonts in an enterprise
 description: To help protect your company from attacks that may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature.
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.date: 12/22/2023
+ms.date: 07/10/2024
 ---
 
 # Block untrusted fonts in an enterprise
 
-To help protect your company from attacks that may originate from untrusted or attacker-controlled font files, we've created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%\Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
+To help protect your company from attacks that may originate from untrusted or attacker-controlled font files, you can block untrusted fonts. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%\Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
 
 ## What does this mean for me?
 
@@ -44,11 +44,11 @@ Use Group Policy or the registry to turn this feature on, off, or to use audit m
 **To turn on and use the Blocking Untrusted Fonts feature through Group Policy**
 
 1. Open the Group Policy editor (gpedit.msc) and go to `Computer Configuration\Administrative Templates\System\Mitigation Options\Untrusted Font Blocking`.
-2. Click **Enabled** to turn on the feature, and then click one of the following **Mitigation Options**:
+2. Select **Enabled** to turn on the feature, and then select one of the following **Mitigation Options**:
     - **Block untrusted fonts and log events.** Turns on the feature, blocking untrusted fonts and logging installation attempts to the event log.
     - **Do not block untrusted fonts.** Turns on the feature, but doesn't block untrusted fonts nor does it log installation attempts to the event log.
     - **Log events without blocking untrusted fonts**. Turns on the feature, logging installation attempts to the event log, but not blocking untrusted fonts.
-3. Click **OK**.
+3. Select **OK**.
 
 **To turn on and use the Blocking Untrusted Fonts feature through the registry**
 
@@ -56,7 +56,7 @@ To turn this feature on, off, or to use audit mode:
 
 1. Open the registry editor (regedit.exe) and go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\`.
 2. If the **MitigationOptions** key isn't there, right-click and add a new **QWORD (64-bit) Value**, renaming it to **MitigationOptions**.
-3. Right click on the **MitigationOptions** key, and then click **Modify**. The **Edit QWORD (64-bit) Value** box opens.
+3. Right select on the **MitigationOptions** key, and then select **Modify**. The **Edit QWORD (64-bit) Value** box opens.
 4. Make sure the **Base** option is **Hexadecimal**, and then update the **Value data**, making sure you keep your existing value, like in the important note below:
    - **To turn this feature on.** Type **1000000000000**.
    - **To turn this feature off.** Type **2000000000000**.
@@ -114,7 +114,7 @@ After you figure out the problematic fonts, you can try to fix your apps in two
 
 **To fix your apps by installing the problematic fonts (recommended)**
 
-On each computer with the app installed, right-click on the font name and click **Install**. The font should automatically install into your `%windir%\Fonts` directory. If it doesn't, you'll need to manually copy the font files into the **Fonts** directory and run the installation from there.
+On each computer with the app installed, right-click on the font name and select **Install**. The font should automatically install into your `%windir%\Fonts` directory. If it doesn't, you need to manually copy the font files into the **Fonts** directory and run the installation from there.
 
 **To fix your apps by excluding processes**
 
diff --git a/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies.md b/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies.md
index ada9f32a4e..6ebc5f4369 100644
--- a/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies.md
+++ b/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies.md
@@ -3,7 +3,7 @@ title: Override Process Mitigation Options
 description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies.
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.date: 12/22/2023
+ms.date: 07/10/2024
 ---
 
 # Override Process Mitigation Options to help enforce app-related security policies
@@ -13,10 +13,10 @@ Windows includes group policy-configurable "Process Mitigation Options" that add
 > [!IMPORTANT]
 > We recommend trying these mitigations in a test lab before deploying to your organization, to determine if they interfere with your organization's required apps.
 
-The Group Policy settings in this topic are related to three types of process mitigations. All three types are on by default for 64-bit applications, but by using the Group Policy settings described in this topic, you can configure more protections. The types of process mitigations are:
+The Group Policy settings in this article are related to three types of process mitigations. All three types are on by default for 64-bit applications, but by using the Group Policy settings described in this article, you can configure more protections. The types of process mitigations are:
 
-- **Data Execution Prevention (DEP)** is a system-level memory protection feature that enables the operating system to mark one or more pages of memory as non-executable, preventing code from being run from that region of memory, to help prevent exploitation of buffer overruns. DEP helps prevent code from being run from data pages such as the default heap, stacks, and memory pools. For more information, see [Data Execution Prevention](../../threat-protection/overview-of-threat-mitigations-in-windows-10.md#data-execution-prevention).
-- **Structured Exception Handling Overwrite Protection (SEHOP)** is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. Because this protection mechanism is provided at run-time, it helps to protect apps regardless of whether they've been compiled with the latest improvements. For more information, see [Structured Exception Handling Overwrite Protection](../../threat-protection/overview-of-threat-mitigations-in-windows-10.md#structured-exception-handling-overwrite-protection).
+- **Data Execution Prevention (DEP)** is a system-level memory protection feature that enables the operating system to mark one or more pages of memory as nonexecutable, preventing code from being run from that region of memory, to help prevent exploitation of buffer overruns. DEP helps prevent code from being run from data pages such as the default heap, stacks, and memory pools. For more information, see [Data Execution Prevention](../../threat-protection/overview-of-threat-mitigations-in-windows-10.md#data-execution-prevention).
+- **Structured Exception Handling Overwrite Protection (SEHOP)** is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. Because this protection mechanism is provided at run-time, it helps to protect apps regardless of whether they're compiled with the latest improvements. For more information, see [Structured Exception Handling Overwrite Protection](../../threat-protection/overview-of-threat-mitigations-in-windows-10.md#structured-exception-handling-overwrite-protection).
 - **Address Space Layout Randomization (ASLR)** loads DLLs into random memory addresses at boot time to mitigate against malware that's designed to attack specific memory locations, where specific DLLs are expected to be loaded. For more information, see [Address Space Layout Randomization](../../threat-protection/overview-of-threat-mitigations-in-windows-10.md#address-space-layout-randomization). To find more ASLR protections in the table below, look for `IMAGES` or `ASLR`.
 
 The following procedure describes how to use Group Policy to override individual **Process Mitigation Options** settings.
@@ -27,7 +27,7 @@ The following procedure describes how to use Group Policy to override individual
 
     ![Screenshot of the Group Policy editor: Process Mitigation Options with setting enabled and Show button active.](images/gp-process-mitigation-options.png)
 
-2. Click **Enabled**, and then in the **Options** area, click **Show** to open the **Show Contents** box, where you'll be able to add your apps and the appropriate bit flag values, as shown in the [Setting the bit field](#setting-the-bit-field) and [Example](#example) sections of this topic.
+2. Select **Enabled**, and then in the **Options** area, select **Show** to open the **Show Contents** box, where you can add your apps and the appropriate bit flag values, as shown in the [Setting the bit field](#setting-the-bit-field) and [Example](#example) sections of this article.
 
     > [!IMPORTANT]
     > For each app you want to include, you must include:
@@ -45,14 +45,14 @@ Here's a visual representation of the bit flag locations for the various Process
 
 Where the bit flags are read from right to left and are defined as:
 
-| Flag | Bit location | Setting                                                                           | Details                                                                                                                                                                                                                                                                                |
-|------|--------------|-----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| A    | 0            | `PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)`                      | Turns on Data Execution Prevention (DEP) for child processes.                                                                                                                                                                                                                          |
-| B    | 1            | `PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)`            | Turns on DEP-ATL thunk emulation for child processes. DEP-ATL thunk emulation lets the system intercept non-executable (NX) faults that originate from the Active Template Library (ATL) thunk layer, and then emulate and handle the instructions so the process can continue to run. |
-| C    | 2            | `PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)`                    | Turns on Structured Exception Handler Overwrite Protection (SEHOP) for child processes. SEHOP helps to block exploits that use the Structured Exception Handler (SEH) overwrite technique.                                                                                             |
-| D    | 8            | `PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)` | Uses the force Address Space Layout Randomization (ASLR) setting to act as though an image base collision happened at load time, forcibly rebasing images that aren't dynamic base compatible. Images without the base relocation section won't be loaded if relocations are required. |
-| E    | 15           | `PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)`        | Turns on the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address.                                                                                                                            |
-| F    | 16           | `PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)`       | Turns off the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address.                                                                                                                           |
+| Flag | Bit location | Setting | Details |
+|--|--|--|--|
+| A | 0 | `PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)` | Turns on Data Execution Prevention (DEP) for child processes. |
+| B | 1 | `PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)` | Turns on DEP-ATL thunk emulation for child processes. DEP-ATL thunk emulation lets the system intercept nonexecutable (NX) faults that originate from the Active Template Library (ATL) thunk layer, and then emulate and handle the instructions so the process can continue to run. |
+| C | 2 | `PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)` | Turns on Structured Exception Handler Overwrite Protection (SEHOP) for child processes. SEHOP helps to block exploits that use the Structured Exception Handler (SEH) overwrite technique. |
+| D | 8 | `PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)` | Uses the force Address Space Layout Randomization (ASLR) setting to act as though an image base collision happened at load time, forcibly rebasing images that aren't dynamic base compatible. Images without the base relocation section aren't loaded if relocations are required. |
+| E | 15 | `PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)` | Turns on the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address. |
+| F | 16 | `PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)` | Turns off the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address. |
 
 ### Example
 
diff --git a/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index 100c5b8c1f..370ae5677a 100644
--- a/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -3,14 +3,14 @@ title: Use Windows Event Forwarding to help with intrusion detection
 description: Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected.
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.date: 12/22/2023
+ms.date: 07/10/2024
 ---
 
 # Use Windows Event Forwarding to help with intrusion detection
 
 Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected.
 
-Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server.
+Windows Event Forwarding (WEF) reads any operational or administrative event logged on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server.
 
 To accomplish this functionality, there are two different subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The Suspect subscription collects more events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations.
 
@@ -35,12 +35,12 @@ For the minimum recommended audit policy and registry system ACL settings, see [
 > [!NOTE]
 > These are only minimum values need to meet what the WEF subscription selects.
 
-From a WEF subscription management perspective, the event queries provided should be used in two separate subscriptions for ease of maintenance; only machines meeting specific criteria would be allowed access to the targeted subscription, this access would be determined by an algorithm or an analysts' direction. All devices should have access to the Baseline subscription.
+From a WEF subscription management perspective, the event queries provided should be used in two separate subscriptions for ease of maintenance; only machines meeting specific criteria would be allowed access to the targeted subscription. This access would be determined by an algorithm or an analysts' direction. All devices should have access to the Baseline subscription.
 
 This system of dual subscription means you would create two base subscriptions:
 
--   **Baseline WEF subscription**. Events collected from all hosts; these events include some role-specific events, which will only be emitted by those machines.
--   **Targeted WEF subscription**. Events collected from a limited set of hosts due to unusual activity and/or heightened awareness for those systems.
+- **Baseline WEF subscription**. Events collected from all hosts; these events include some role-specific events, which will only be emitted by those machines.
+- **Targeted WEF subscription**. Events collected from a limited set of hosts due to unusual activity and/or heightened awareness for those systems.
 
 Each using the respective event query below. For the Targeted subscription, enabling the "read existing events" option should be set to true to allow collection of existing events from systems. By default, WEF subscriptions will only forward events generated after the WEF subscription was received by the client.
 
@@ -58,7 +58,7 @@ The longer answer is: The **Eventlog-forwardingPlugin/Operational** event channe
 
 ### Is WEF Push or Pull?
 
-A WEF subscription can be configured to be pushed or pulled, but not both. The simplest, most flexible IT deployment with the greatest scalability can be achieved by using a push, or source initiated, subscription. WEF clients are configured by using a GPO and the built-in forwarding client is activated. For pull, collector initiated, the subscription on the WEC server is pre-configured with the names of the WEF Client devices from which events are to be selected. Those clients are to be configured ahead of time to allow the credentials used in the subscription to access their event logs remotely (normally by adding the credential to the **Event Log Readers** built-in local security group.) A useful scenario: closely monitoring a specific set of machines.
+A WEF subscription can be configured to be pushed or pulled, but not both. The simplest, most flexible IT deployment with the greatest scalability can be achieved by using a push, or source initiated, subscription. WEF clients are configured by using a GPO and the built-in forwarding client is activated. For pull, collector initiated, the subscription on the WEC server is preconfigured with the names of the WEF Client devices from which events are to be selected. Those clients are to be configured ahead of time to allow the credentials used in the subscription to access their event logs remotely (normally by adding the credential to the **Event Log Readers** built-in local security group.) A useful scenario: closely monitoring a specific set of machines.
 
 ### Will WEF work over VPN or RAS?
 
@@ -67,7 +67,7 @@ WEF handles VPN, RAS, and DirectAccess scenarios well and will reconnect and sen
 ### How is client progress tracked?
 
 The WEC server maintains in its registry the bookmark information and last heartbeat time for each event source for each WEF subscription. When an event source reconnects to a WEC server, the last bookmark position is sent to the device to use as a starting point to resume forwarding events. If a
-WEF client has no events to send, the WEF client will connect periodically to send a Heartbeat to the WEC server to indicate it's active. This heartbeat value can be individually configured for each subscription.
+WEF client has no events to send, the WEF client connects periodically to send a Heartbeat to the WEC server to indicate it's active. This heartbeat value can be individually configured for each subscription.
 
 ### Will WEF work in an IPv4, IPv6, or mixed IPv4/IPv6 environment?
 
@@ -130,19 +130,19 @@ For collector initiated subscriptions: The subscription contains the list of mac
 
 ### Can a client communicate to multiple WEF Event Collectors?
 
-Yes. If you desire a High-Availability environment, configure multiple WEC servers with the same subscription configuration and publish both WEC Server URIs to WEF clients. WEF Clients will forward events simultaneously to the configured subscriptions on the WEC servers, if they have the appropriate access.
+Yes. If you desire a High-Availability environment, configure multiple WEC servers with the same subscription configuration and publish both WEC Server URIs to WEF clients. WEF Clients forward events simultaneously to the configured subscriptions on the WEC servers, if they have the appropriate access.
 
 ### What are the WEC server's limitations?
 
 There are three factors that limit the scalability of WEC servers. The general rule for a stable WEC server on commodity hardware is planning for a total of 3,000 events per second on average for all configured subscriptions.
 
--   **Disk I/O**. The WEC server doesn't process or validate the received event, but rather buffers the received event and then logs it to a local event log file (EVTX file). The speed of logging to the EVTX file is limited by the disk write speed. Isolating the EVTX file to its own array or using high speed disks can increase the number of events per second that a single WEC server can receive.
--   **Network Connections**. While a WEF source doesn't maintain a permanent, persistent connection to the WEC server, it doesn't immediately disconnect after sending its events. This leniency means that the number of WEF sources that can simultaneously connect to the WEC server is limited to the open TCP ports available on the WEC server.
--   **Registry size**. For each unique device that connects to a WEF subscription, there's a registry key (corresponding to the FQDN of the WEF Client) created to store bookmark and source heartbeat information. If this information isn't pruned to remove inactive clients, this set of registry keys can grow to an unmanageable size over time.
+- **Disk I/O**. The WEC server doesn't process or validate the received event, but rather buffers the received event and then logs it to a local event log file (EVTX file). The speed of logging to the EVTX file is limited by the disk write speed. Isolating the EVTX file to its own array or using high speed disks can increase the number of events per second that a single WEC server can receive.
+- **Network Connections**. While a WEF source doesn't maintain a permanent, persistent connection to the WEC server, it doesn't immediately disconnect after sending its events. This leniency means that the number of WEF sources that can simultaneously connect to the WEC server is limited to the open TCP ports available on the WEC server.
+- **Registry size**. For each unique device that connects to a WEF subscription, there's a registry key (corresponding to the FQDN of the WEF Client) created to store bookmark and source heartbeat information. If this information isn't pruned to remove inactive clients, this set of registry keys can grow to an unmanageable size over time.
 
-    -   When a subscription has &gt;1000 WEF sources connect to it over its operational lifetime, also known as lifetime WEF sources, Event Viewer can become unresponsive for a few minutes when selecting the **Subscriptions** node in the left-navigation, but will function normally afterwards.
-    -   At &gt;50,000 lifetime WEF sources, Event Viewer is no longer an option and wecutil.exe (included with Windows) must be used to configure and manage subscriptions.
-    -   At &gt;100,000 lifetime WEF sources, the registry won't be readable and the WEC server will likely have to be rebuilt.
+    - When a subscription has &gt;1000 WEF sources connect to it over its operational lifetime, also known as lifetime WEF sources, Event Viewer can become unresponsive for a few minutes when selecting the **Subscriptions** node in the left-navigation, but will function normally afterwards.
+    - At &gt;50,000 lifetime WEF sources, Event Viewer is no longer an option and wecutil.exe (included with Windows) must be used to configure and manage subscriptions.
+    - At &gt;100,000 lifetime WEF sources, the registry won't be readable and the WEC server will likely have to be rebuilt.
 
 ## Subscription information
 
@@ -158,56 +158,56 @@ The subscription is essentially a collection of query statements applied to the
 
 To gain the most value out of the baseline subscription, we recommend having the following requirements set on the device to ensure that the clients are already generating the required events to be forwarded off the system.
 
--   Apply a security audit policy that is a super-set of the recommended minimum audit policy. For more info, see [Appendix A - Minimum Recommended minimum Audit Policy](#bkmk-appendixa). This policy ensures that the security event log is generating the required events.
--   Apply at least an Audit-Only AppLocker policy to devices.
+- Apply a security audit policy that is a super-set of the recommended minimum audit policy. For more info, see [Appendix A - Minimum Recommended minimum Audit Policy](#bkmk-appendixa). This policy ensures that the security event log is generating the required events.
+- Apply at least an Audit-Only AppLocker policy to devices.
 
-    -   If you're already allowing or restricting events by using AppLocker, then this requirement is met.
-    -   AppLocker events contain useful information, such as file hash and digital signature information for executables and scripts.
+    - If you're already allowing or restricting events by using AppLocker, then this requirement is met.
+    - AppLocker events contain useful information, such as file hash and digital signature information for executables and scripts.
 
--   Enable disabled event channels and set the minimum size for modern event files.
--   Currently, there's no GPO template for enabling or setting the maximum size for the modern event files. This threshold must be defined by using a GPO. For more info, see [Appendix C - Event Channel Settings (enable and Channel Access) methods](#bkmk-appendixc).
+- Enable disabled event channels and set the minimum size for modern event files.
+- Currently, there's no GPO template for enabling or setting the maximum size for the modern event files. This threshold must be defined by using a GPO. For more info, see [Appendix C - Event Channel Settings (enable and Channel Access) methods](#bkmk-appendixc).
 
 The annotated event query can be found in the following. For more info, see [Appendix F - Annotated Suspect Subscription Event Query](#bkmk-appendixf).
 
-- Anti-malware events from Microsoft Antimalware or Windows Defender. These events can be configured for any given anti-malware product easily if it writes to the Windows event log.
+- Anti-malware events from Windows Security. These events can be configured for any given anti-malware product easily if it writes to the Windows event log.
 - Security event log Process Create events.
 - AppLocker Process Create events (EXE, script, packaged App installation and execution).
 - Registry modification events. For more info, see [Appendix B - Recommended minimum Registry System ACL Policy](#bkmk-appendixb).
 - OS startup and shutdown
 
-  -   Startup events include operating system version, service pack level, QFE version, and boot mode.
+  - Startup events include operating system version, service pack level, QFE version, and boot mode.
 
 - Service install
 
-  -   Includes what the name of the service, the image path, and who installed the service.
+  - Includes what the name of the service, the image path, and who installed the service.
 
 - Certificate Authority audit events
 
-  -   These events are only applicable on systems with the Certificate Authority role installed.
-  -   Logs certificate requests and responses.
+  - These events are only applicable on systems with the Certificate Authority role installed.
+  - Logs certificate requests and responses.
 
 - User profile events
 
-  -   Use of a temporary profile or unable to create a user profile may indicate an intruder is interactively logging into a device but not wanting to leave a persistent profile behind.
+  - Use of a temporary profile or unable to create a user profile may indicate an intruder is interactively logging into a device but not wanting to leave a persistent profile behind.
 
 - Service start failure
 
-  -   Failure codes are localized, so you have to check the message DLL for values.
+  - Failure codes are localized, so you have to check the message DLL for values.
 
 - Network share access events
 
-  -   Filter out IPC$ and /NetLogon file shares, which are expected and noisy.
+  - Filter out IPC$ and /NetLogon file shares, which are expected and noisy.
 
 - System shutdown initiate requests
 
-  -   Find out what initiated the restart of a device.
+  - Find out what initiated the restart of a device.
 
-- User-initiated interactive sign-out event
+- User-initiated interactive sign out event
 - Remote Desktop Services sessions connect, reconnect, or disconnect.
 - EMET events, if EMET is installed.
 - Event forwarding plugin events
 
-  -   For monitoring WEF subscription operations, such as Partial Success events. This event is useful for diagnosing deployment issues.
+  - For monitoring WEF subscription operations, such as Partial Success events. This event is useful for diagnosing deployment issues.
 
 - Network share creation and deletion
 
@@ -217,111 +217,111 @@ The annotated event query can be found in the following. For more info, see [App
 
 - Sign-in sessions
 
-  -   Sign-in success for interactive (local and Remote Interactive/Remote Desktop)
-  -   Sign-in success for services for non-built-in accounts, such as LocalSystem, LocalNetwork, and so on.
-  -   Sign-in success for batch sessions
-  -   Sign-in session close, which is sign-out events for non-network sessions.
+  - Sign-in success for interactive (local and Remote Interactive/Remote Desktop)
+  - Sign-in success for services for non-built-in accounts, such as LocalSystem, LocalNetwork, and so on.
+  - Sign-in success for batch sessions
+  - Sign-in session close, which is sign out events for non-network sessions.
 
 - Windows Error Reporting (Application crash events only)
 
-  -   This session can help detect early signs of intruder not familiar with enterprise environment using targeted malware.
+  - This session can help detect early signs of intruder not familiar with enterprise environment using targeted malware.
 
 - Event log service events
 
-  -   Errors, start events, and stop events for the Windows Event Log service.
+  - Errors, start events, and stop events for the Windows Event Log service.
 
 - Event log cleared (including the Security Event Log)
 
-  -   This event could indicate an intruder that is covering their tracks.
+  - This event could indicate an intruder that is covering their tracks.
 
 - Special privileges assigned to new sign in
 
-  -   This assignation indicates that at the time of signing in, a user is either an Administrator or has the sufficient access to make themselves Administrator.
+  - This assignation indicates that at the time of signing in, a user is either an Administrator or has the sufficient access to make themselves Administrator.
 
 - Outbound Remote Desktop Services session attempts
 
-  -   Visibility into potential beachhead for intruder
+  - Visibility into potential beachhead for intruder
 
 - System time changed
 - SMB Client (mapped drive connections)
 - Account credential validation
 
-  -   Local accounts or domain accounts on domain controllers
+  - Local accounts or domain accounts on domain controllers
 
 - A user was added or removed from the local Administrators security group.
 - Crypto API private key accessed
 
-  -   Associated with signing objects using the locally stored private key.
+  - Associated with signing objects using the locally stored private key.
 
 - Task Scheduler task creation and delete
 
-  -   Task Scheduler allows intruders to run code at specified times as LocalSystem.
+  - Task Scheduler allows intruders to run code at specified times as LocalSystem.
 
 - Sign-in with explicit credentials
 
-  -   Detect credential use changes by intruders to access more resources.
+  - Detect credential use changes by intruders to access more resources.
 
 - Smartcard card holder verification events
 
-  -   This event detects when a smartcard is being used.
+  - This event detects when a smartcard is being used.
 
 ### Suspect subscription
 
 This subscription adds some possible intruder-related activity to help analyst further refine their determinations about the state of the device.
 
--   Sign-in session creation for network sessions
+- Sign-in session creation for network sessions
 
-    -   Enables time-series analysis of network graphs.
+    - Enables time-series analysis of network graphs.
 
--   RADIUS and VPN events
+- RADIUS and VPN events
 
-    -   Useful if you use a Microsoft IAS RADIUS/VPN implementation. It shows user-&gt; IP address assignment with remote IP address connecting to the enterprise.
+    - Useful if you use a Microsoft IAS RADIUS/VPN implementation. It shows user-&gt; IP address assignment with remote IP address connecting to the enterprise.
 
--   Crypto API X509 object and build chain events
+- Crypto API X509 object and build chain events
 
-    -   Detects known bad certificate, CA, or sub-CA
-    -   Detects unusual process use of CAPI
+    - Detects known bad certificate, CA, or sub-CA
+    - Detects unusual process use of CAPI
 
--   Groups assigned to local sign in
+- Groups assigned to local sign in
 
-    -   Gives visibility to groups that enable account-wide access
-    -   Allows better planning for remediation efforts
-    -   Excludes well known, built-in system accounts.
+    - Gives visibility to groups that enable account-wide access
+    - Allows better planning for remediation efforts
+    - Excludes well known, built-in system accounts.
 
--   Sign-in session exit
+- Sign-in session exit
 
-    -   Specific for network sign-in sessions.
+    - Specific for network sign-in sessions.
 
--   Client DNS lookup events
+- Client DNS lookup events
 
-    -   Returns what process performed a DNS query and the results returned from the DNS server.
+    - Returns what process performed a DNS query and the results returned from the DNS server.
 
--   Process exit
+- Process exit
 
-    -   Enables checking for processes terminating unexpectedly.
+    - Enables checking for processes terminating unexpectedly.
 
--   Local credential validation or signing in with explicit credentials
+- Local credential validation or signing in with explicit credentials
 
-    -   Generated when the local SAM is authoritative for the account credentials being authenticated.
-    -   Noisy on domain controllers
-    -   On client devices, it's only generated when local accounts sign in.
+    - Generated when the local SAM is authoritative for the account credentials being authenticated.
+    - Noisy on domain controllers
+    - On client devices, it's only generated when local accounts sign in.
 
--   Registry modification audit events
+- Registry modification audit events
 
-    -   Only when a registry value is being created, modified, or deleted.
+    - Only when a registry value is being created, modified, or deleted.
 
--   Wireless 802.1x authentication
+- Wireless 802.1x authentication
 
-    -   Detect wireless connection with a peer MAC address
+    - Detect wireless connection with a peer MAC address
 
--   Windows PowerShell logging
+- Windows PowerShell logging
 
-    -   Covers Windows PowerShell 2.0 and later and includes the Windows PowerShell 5.0 logging improvements for in-memory attacks using Windows PowerShell.
-    -   Includes Windows PowerShell remoting logging
+    - Covers Windows PowerShell 2.0 and later and includes the Windows PowerShell 5.0 logging improvements for in-memory attacks using Windows PowerShell.
+    - Includes Windows PowerShell remoting logging
 
--   User Mode Driver Framework "Driver Loaded" event
+- User Mode Driver Framework "Driver Loaded" event
 
-    -   Can possibly detect a USB device loading multiple device drivers. For example, a USB\_STOR device loading the keyboard or network driver.
+    - Can possibly detect a USB device loading multiple device drivers. For example, a USB\_STOR device loading the keyboard or network driver.
 
 ## <a href="" id="bkmk-appendixa"></a>Appendix A - Minimum recommended minimum audit policy
 
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
index 7325710e0c..c652900182 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -3,7 +3,7 @@ title: Get support for security baselines
 description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 10/31/2023
+ms.date: 07/10/2024
 ---
 
 # Get Support
@@ -65,7 +65,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
 | Name | Details | Security Tools |
 |--|--|--|
 | Microsoft 365 Apps for enterprise, version 2306 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2306/ba-p/3858702) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Microsoft Edge, version 117 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Microsoft Edge, version 128 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-128/ba-p/4237524) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
 ## Related articles
 
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
index e68c6df87a..08bb94eda4 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
@@ -2,7 +2,7 @@
 title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
 description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
 ms.localizationpriority: medium
-ms.date: 07/11/2023
+ms.date: 07/10/2024
 ms.topic: conceptual
 ---
 
@@ -28,7 +28,7 @@ For example:
 [![Screenshot that shows the PowerShell script.](images/powershell-example.png)](https://www.powershellgallery.com/packages/Scan-UpdatesOffline/1.0)
 
 The preceding scripts use the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
-The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it doesn't contain any information on non-security updates, tools or drivers.
+The wsusscn2.cab file contains the metadata of only security updates, update rollups, and service packs available from Microsoft Update; it doesn't contain any information on non-security updates, tools, or drivers.
 
 ## More information
 
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
index fa66e1ee5c..a1a1d93059 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -2,7 +2,7 @@
 title: Microsoft Security Compliance Toolkit Guide
 description: This article describes how to use Security Compliance Toolkit in your organization.
 ms.topic: conceptual
-ms.date: 10/31/2023
+ms.date: 07/10/2024
 ---
 
 # Microsoft Security Compliance Toolkit - How to use
@@ -35,7 +35,7 @@ The Security Compliance Toolkit consists of:
   - Office 2016
   - Microsoft 365 Apps for Enterprise Version 2206
 - Microsoft Edge security baseline
-  - Microsoft Edge version 114
+  - Microsoft Edge version 128
 - Tools
   - Policy Analyzer
   - Local Group Policy Object (LGPO)
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
index 851c7a72c1..436a88a7a3 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
@@ -2,7 +2,7 @@
 title: Security baselines guide
 description: Learn how to use security baselines in your organization.
 ms.topic: conceptual
-ms.date: 07/11/2023
+ms.date: 07/10/2024
 ---
 
 # Security baselines
@@ -19,7 +19,7 @@ For more information, see the following blog post: [Sticking with well-known and
 
 ## What are security baselines?
 
-Every organization faces security threats. However, the types of security threats that are of most concern to one organization can be different from another organization. For example, an e-commerce company may focus on protecting its internet-facing web apps, while a hospital may focus on protecting confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
+Every organization faces security threats. However, the types of security threats that are of most concern to one organization can be different from another organization. For example, an e-commerce company might focus on protecting its internet-facing web apps, while a hospital might focus on protecting confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
 
 A security baseline is a group of Microsoft-recommended configuration settings that explains their security implication. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
 
diff --git a/windows/security/operating-system-security/index.md b/windows/security/operating-system-security/index.md
index 4b093fe6f8..e8c0197c75 100644
--- a/windows/security/operating-system-security/index.md
+++ b/windows/security/operating-system-security/index.md
@@ -1,7 +1,7 @@
 ---
 title: Windows operating system security
 description: Securing the operating system includes system security, encryption, network security, and threat protection.
-ms.date: 08/02/2023
+ms.date: 07/10/2024
 ms.topic: overview
 ---
 
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
index 367749a97c..1696c770a0 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
@@ -1,8 +1,8 @@
 ---
-title: Configure Windows Firewall logging 
+title: Configure Windows Firewall logging
 description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Configure Windows Firewall logging
@@ -137,7 +137,7 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and
 
 ```PowerShell
 $LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
-$NewAcl = Get-Acl -Path $LogPath 
+$NewAcl = Get-Acl -Path $LogPath
 
 $identity = "NT SERVICE\mpssvc"
 $fileSystemRights = "FullControl"
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
index 5abfd7f976..b1b37ca008 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
@@ -2,7 +2,7 @@
 title: Manage Windows Firewall with the command line
 description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Manage Windows Firewall with the command line
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure.md b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
index 8d1b33190c..b8e9d793fc 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
@@ -2,7 +2,7 @@
 title: Configure firewall rules with group policy
 description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Configure rules with group policy
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
index 275f7adfa9..55844489b4 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
@@ -2,7 +2,7 @@
 title: Windows Firewall dynamic keywords
 description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
 ms.topic: how-to
-ms.date: 01/16/2024
+ms.date: 09/06/2024
 ---
 
 # Windows Firewall dynamic keywords
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
index 6c5bd21b4d..3b126e154b 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
@@ -2,7 +2,7 @@
 title: Filter origin audit log
 description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
 ms.topic: troubleshooting
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Filter origin audit log
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
index fcae3df1e9..c0f1b76b53 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
@@ -1,8 +1,8 @@
 ---
-title: Hyper-V firewall 
+title: Hyper-V firewall
 description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -21,18 +21,18 @@ This section describes the steps to manage Hyper-V firewall using PowerShell.
 
 ### Obtain the WSL GUID
 
-Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:  
+Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
 
 ```powershell
-Get-NetFirewallHyperVVMCreator 
+Get-NetFirewallHyperVVMCreator
 ```
 
 The output contains a VmCreator object type, which has unique identifier `VMCreatorId` and `friendly name` properties. For example, the following output shows the properties of WSL:
 
 ```powershell
 PS C:\> Get-NetFirewallHyperVVMCreator
-VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90} 
-FriendlyName : WSL 
+VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
+FriendlyName : WSL
 ```
 
 > [!NOTE]
@@ -63,7 +63,7 @@ The output contains the following values:
 To configure Hyper-V firewall, use the [Set-NetFirewallHyperVVMSetting][PS-2] command. For example, the following command sets the default inbound connection to *Allow*:
 
 ```powershell
-Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow 
+Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
 ```
 
 ### Firewall Rules
@@ -76,10 +76,10 @@ Get-NetFirewallHyperVRule -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
 
 To configure specific rules, use the [Set-NetFirewallHyperVRule][PS-4] cmdlet.
 
-For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:  
+For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
 
 ```powershell
-New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80 
+New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
 ```
 
 ### Target Hyper-V firewall rules and settings to specific profiles
@@ -95,7 +95,7 @@ The policy options are similar to the ones already described, but are applied to
 To view the settings per profile, use the following command:
 
 ```powershell
-Get-NetFirewallHyperVProfile -PolicyStore ActiveStore 
+Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
 ```
 
 > [!NOTE]
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/index.md b/windows/security/operating-system-security/network-security/windows-firewall/index.md
index 856de36d53..8952b535cf 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/index.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/index.md
@@ -1,8 +1,8 @@
 ---
-title: Windows Firewall overview 
+title: Windows Firewall overview
 description: Learn overview information about the Windows Firewall security feature.
 ms.topic: overview
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Windows Firewall overview
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
index 83f92a658f..66d7f05f80 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
@@ -2,7 +2,7 @@
 title: Quarantine behavior
 description: Learn about Windows Firewall and the quarantine feature behavior.
 ms.topic: concept-article
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Quarantine behavior
@@ -77,7 +77,7 @@ Inside the wfpdiag.xml, search for `netEvents` that have `FWPM_NET_EVENT_TYPE_CL
 The characters in the application ID name are separated by periods:
 
 ```XML
- <asString>         \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString> 
+ <asString>         \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString>
 ```
 
 The `netEvent` contains more information about the dropped packet, including information about its capabilities, the filter that dropped the packet, and much more.
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
index 10231bc2a6..4729ae6e10 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Firewall rules
 description: Learn about Windows Firewall rules and design recommendations.
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ms.topic: concept-article
 ---
 
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/tools.md b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
index f77a0e77df..bd17b1a53c 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/tools.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Firewall tools
 description: Learn about the available tools to configure Windows Firewall and firewall rules.
-ms.date: 11/20/2023
+ms.date: 09/06/2024
 ms.topic: best-practice
 ---
 
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
index 36ec68be9d..07a5074ab6 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
@@ -2,7 +2,7 @@
 title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 ms.topic: troubleshooting
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 ---
 
 # Troubleshooting UWP App Connectivity Issues
@@ -83,7 +83,7 @@ package SID, or application ID name. The characters in the application ID name
 will be separated by periods:
 
 ```XML
-(ex)                     
+(ex)
 
 <asString>
 \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
@@ -118,18 +118,18 @@ remote address, capabilities, etc.
         <item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
         <item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
         <item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
-        <item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>    
+        <item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
         <item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
         <item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
     </flags>
     <ipVersion>FWP_IP_VERSION_V6</ipVersion>
-    <ipProtocol>6</ipProtocol>                
-    <localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>    
+    <ipProtocol>6</ipProtocol>
+    <localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>
     <remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
 <localPort>52127</localPort>
 <remotePort>443</remotePort>
 <scopeId>0</scopeId>
-<appId>                
+<appId>
     <data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
     <asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
        .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
@@ -152,7 +152,7 @@ remote address, capabilities, etc.
 <internalFields>
 <internalFlags/>
 <remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
-<capabilities numItems="3">                
+<capabilities numItems="3">
     <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
     <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
     <item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
@@ -195,7 +195,7 @@ allowed by Filter #125918, from the InternetClient Default Rule.
     <asString>.+......</asString>
     </providerData>
     <layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
-    <subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey     
+    <subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey
     <weight>
     <type>FWP_EMPTY</type>
     </weight>
@@ -284,7 +284,7 @@ The important part of this condition is **S-1-15-3-1**, which is the capability
 From the **netEvent** capabilities section, capabilities from netEvent, Wfpdiag-Case-1.xml.
 
 ```xml
-<capabilities numItems="3">                
+<capabilities numItems="3">
     <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
     <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
     <item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
@@ -575,7 +575,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
     <localPort>52998</localPort>
     <remotePort>53</remotePort>
     <scopeId>0</scopeId>
-    <appId>                
+    <appId>
     <data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
     <asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
     .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
@@ -653,7 +653,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
     <localPort>52956</localPort>
     <remotePort>53</remotePort>
     <scopeId>0</scopeId>
-    <appId>    
+    <appId>
     <data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
     <asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
     .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
diff --git a/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
index 3dab6e2b51..5cff1aedaa 100644
--- a/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
+++ b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
@@ -2,7 +2,7 @@
 title: Cryptography and Certificate Management
 description: Get an overview of cryptography and certificate management in Windows
 ms.topic: conceptual
-ms.date: 08/11/2023
+ms.date: 07/10/2024
 ms.reviewer: skhadeer, raverma
 ---
 
@@ -12,7 +12,7 @@ ms.reviewer: skhadeer, raverma
 
 Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets.
 
-Cryptography in Windows is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
+Cryptography in Windows is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering occurred and proves the randomness for entropy sources.
 
 Windows cryptographic modules provide low-level primitives such as:
 
diff --git a/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index c30f214bdb..1c997805c4 100644
--- a/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -1,7 +1,7 @@
 ---
 title: Control the health of Windows devices
 description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
-ms.date: 08/11/2023
+ms.date: 07/10/2024
 ms.topic: conceptual
 ---
 
@@ -11,7 +11,7 @@ This article details an end-to-end solution that helps you protect high-value as
 
 ## Introduction
 
-For Bring Your Own Device (BYOD) scenarios, employees bring commercially available devices to access both work-related resources and their personal data. Users want to use the device of their choice to access the organization's applications, data, and resources not only from the internal network but also from anywhere. This phenomenon is also known as the consumerization of IT.
+For Bring Your Own Device (BYOD) scenarios, users bring commercially available devices to access both work-related resources and their personal data. Users want to use the device of their choice to access the organization's applications, data, and resources not only from the internal network but also from anywhere. This phenomenon is also known as the consumerization of IT.
 
 Users want to have the best productivity experience when accessing corporate applications and working on organization data from their devices. That means they don't tolerate being prompted to enter their work credentials each time they access an application or a file server. From a security perspective, it also means that users manipulate corporate credentials and corporate data on unmanaged devices.
 
@@ -27,7 +27,7 @@ Windows is an important component of an end-to-end security solution that focuse
 
 Today's computing threat landscape is increasing at a speed never encountered before. The sophistication of criminal attacks is growing, and there's no doubt that malware now targets both consumers and professionals in all industries.
 
-During recent years, one particular category of threat has become prevalent: advanced persistent threats (APTs). The term APT is commonly used to describe any attack that seems to target individual organizations on an on-going basis. In fact, this type of attack typically involves determined adversaries who may use any methods or techniques necessary.
+During recent years, one particular category of threat has become prevalent: advanced persistent threats (APTs). The term APT is commonly used to describe any attack that seems to target individual organizations on an ongoing basis. In fact, this type of attack typically involves determined adversaries who may use any methods or techniques necessary.
 
 With the BYOD phenomena, a poorly maintained device represents a target of choice. For an attacker, it's an easy way to breach the security network perimeter, gain access to, and then steal high-value assets.
 
@@ -97,7 +97,7 @@ This section describes what Windows offers in terms of security defenses and wha
 
 ### Windows hardware-based security defenses
 
-The most aggressive forms of malware try to insert themselves into the boot process as early as possible so that they can take control of the operating system early and prevent protection mechanisms and antimalware software from working. This type of malicious code is often called a rootkit or bootkit. The best way to avoid having to deal with low-level malware is to secure the boot process so that the device is protected from the very start. Windows supports multiple layers of boot protection. Some of these features are available only if specific types of hardware are installed. For more information, see the [Hardware requirements](#hardware-requirements) section.
+The most aggressive forms of malware try to insert themselves into the boot process as early as possible so that they can take control of the operating system early and prevent protection mechanisms and anti-malware software from working. This type of malicious code is often called a rootkit or bootkit. The best way to avoid having to deal with low-level malware is to secure the boot process so that the device is protected from the very start. Windows supports multiple layers of boot protection. Some of these features are available only if specific types of hardware are installed. For more information, see the [Hardware requirements](#hardware-requirements) section.
 
 :::image type="content" alt-text="figure 4." source="images/hva-fig4-hardware.png":::
 
@@ -153,14 +153,14 @@ Windows supports features to help prevent sophisticated low-level malware like r
 
 - **Early Launch Antimalware (ELAM).** ELAM tests all drivers before they load and prevents unapproved drivers from loading.
 
-    Traditional antimalware apps don't start until after the boot drivers have been loaded, which gives a rootkit that is disguised as a driver the opportunity to work. ELAM is a Windows mechanism introduced in a previous version of Windows that allows antimalware software to run early in the boot sequence. Thus, the antimalware component is the first third-party component to run and control the initialization of other boot drivers until the Windows operating system is operational. When the system is started with a complete runtime environment (network access, storage, and so on), then a full-featured antimalware is loaded.
+    Traditional anti-malware apps don't start until after the boot drivers have been loaded, which gives a rootkit that is disguised as a driver the opportunity to work. ELAM is a Windows mechanism introduced in a previous version of Windows that allows anti-malware software to run early in the boot sequence. Thus, the anti-malware component is the first third-party component to run and control the initialization of other boot drivers until the Windows operating system is operational. When the system is started with a complete runtime environment (network access, storage, and so on), then a full-featured anti-malware is loaded.
 
-    ELAM can load a Microsoft or non-Microsoft antimalware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: Examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows won't load it.
+    ELAM can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: Examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows won't load it.
 
     > [!NOTE]
     > Windows Defender, Microsoft's antimalware included by default in Windows, supports ELAM; it can be replaced with a third-party antimalware compatible solution. The name of the Windows Defender ELAM driver is WdBoot.sys. Windows Defender uses its ELAM driver to roll back any malicious changes made to the Windows Defender driver at the next reboot. This prevents kernel mode malware making lasting changes to Windows Defender's mini-filter driver before shutdown or reboot.
 
-    The ELAM signed driver is loaded before any other third-party drivers or applications, which allows the antimalware software to detect and block any attempts to tamper with the boot process by trying to load unsigned or untrusted code.
+    The ELAM signed driver is loaded before any other third-party drivers or applications, which allows the anti-malware software to detect and block any attempts to tamper with the boot process by trying to load unsigned or untrusted code.
 
     The ELAM driver is a small driver with a small policy database that has a narrow scope, focused on drivers that are loaded early at system launch. The policy database is stored in a registry hive that is also measured to the TPM, to record the operational parameters of the ELAM driver. An ELAM driver must be signed by Microsoft and the associated certificate must contain the complementary EKU (1.3.6.1.4.1.311.61.4.1).
 
@@ -170,9 +170,9 @@ Windows supports features to help prevent sophisticated low-level malware like r
 
 - **Hypervisor-protected Code Integrity (HVCI).** Hypervisor-protected Code Integrity is a feature of Device Guard that ensures only drivers, executables, and DLLs that comply with the Device Guard Code Integrity policy are allowed to run.
 
-    When enabled and configured, Windows can start the Hyper-V virtualization-based security services. HVCI helps protect the system core (kernel), privileged drivers, and system defenses, like antimalware solutions, by preventing malware from running early in the boot process, or after startup.
+    When enabled and configured, Windows can start the Hyper-V Virtualization-based security services. HVCI helps protect the system core (kernel), privileged drivers, and system defenses, like anti-malware solutions, by preventing malware from running early in the boot process, or after startup.
 
-    HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This dependency on verification means that kernel memory pages can never be Writable and Executable (W+X) and executable code can't be directly modified.
+    HVCI uses Virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This dependency on verification means that kernel memory pages can never be Writable and Executable (W+X) and executable code can't be directly modified.
 
     > [!NOTE]
     > Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) blog post.
@@ -184,17 +184,17 @@ Windows supports features to help prevent sophisticated low-level malware like r
 
     In Windows, Credential Guard aims to protect domain corporate credentials from theft and reuse by malware. With Credential Guard, Windows implemented an architectural change that fundamentally prevents the current forms of the pass-the-hash (PtH) attack.
 
-    This attack-free state is accomplished by using Hyper-V and the new virtualization-based security feature to create a protected container where trusted code and secrets are isolated from the Windows kernel. This accomplishment means that even if the Windows kernel is compromised, an attacker has no way to read and extract the data required to initiate a PtH attack. Credential Guard prevents this unauthorized access because the memory where secrets are stored is no longer accessible from the regular OS, even in kernel mode - the hypervisor controls who can access the memory.
+    This attack-free state is accomplished by using Hyper-V and the new Virtualization-based security feature to create a protected container where trusted code and secrets are isolated from the Windows kernel. This accomplishment means that even if the Windows kernel is compromised, an attacker has no way to read and extract the data required to initiate a PtH attack. Credential Guard prevents this unauthorized access because the memory where secrets are stored is no longer accessible from the regular OS, even in kernel mode - the hypervisor controls who can access the memory.
 
 - **Health attestation.** The device's firmware logs the boot process, and Windows can send it to a trusted server that can check and assess the device's health.
 
-    Windows takes measurements of the UEFI firmware and each of the Windows and antimalware components are made as they load during the boot process. Additionally, they're taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and can't be changed unless the system is reset.
+    Windows takes measurements of the UEFI firmware and each of the Windows and anti-malware components are made as they load during the boot process. Additionally, they're taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and can't be changed unless the system is reset.
 
     For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](/previous-versions/windows/hardware/design/dn653311(v=vs.85)).
 
     During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For more security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device.
 
-    Although Secure Boot is a proactive form of protection, health attestation is a reactive form of boot protection. Health attestation ships disabled in Windows and is enabled by an antimalware or an MDM vendor. Unlike Secure Boot, health attestation won't stop the boot process and enter remediation when a measurement doesn't work. But with conditional access control, health attestation will help to prevent access to high-value assets.
+    Although Secure Boot is a proactive form of protection, health attestation is a reactive form of boot protection. Health attestation ships disabled in Windows and is enabled by an anti-malware or an MDM vendor. Unlike Secure Boot, health attestation won't stop the boot process and enter remediation when a measurement doesn't work. But with conditional access control, health attestation helps to prevent access to high-value assets.
 
 ### Virtualization-based security
 
@@ -202,16 +202,16 @@ Virtualization-based security provides a new trust boundary for Windows and uses
 
 Virtualization-based security helps to protect against a compromised kernel or a malicious user with Administrator privileges. Virtualization-based security isn't trying to protect against a physical attacker.
 
-The following Windows services are protected with virtualization-based security:
+The following Windows services are protected with Virtualization-based security:
 
 - **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory
-- **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
+- **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new Virtualization-based security in Windows to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
 - **Other isolated services**: for example, on Windows Server 2016, there's the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
 
 > [!NOTE]
 > Virtualization-based security is only available with Enterprise edition. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.
 
-The schema below is a high-level view of Windows with virtualization-based security.
+The schema below is a high-level view of Windows with Virtualization-based security.
 
 :::image type="content" alt-text="figure 5." source="images/hva-fig5-virtualbasedsecurity.png":::
 
@@ -231,7 +231,7 @@ credential isolation is enabled, it then spawns LsaIso.exe as an isolated proces
 
 Device Guard is a feature of Windows Enterprise that allows organizations to lock down a device to help protect it from running untrusted software. In this configuration, the only applications allowed to run are those applications that are trusted by the organization.
 
-The trust decision to execute code is performed by using Hyper-V Code Integrity, which runs in virtualization-based security, a Hyper-V protected container that runs alongside regular Windows.
+The trust decision to execute code is performed by using Hyper-V Code Integrity, which runs in Virtualization-based security, a Hyper-V protected container that runs alongside regular Windows.
 
 Hyper-V Code Integrity is a feature that validates the integrity of a driver or system file each time it's loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with Administrator privileges. On x64-based versions of Windows, kernel-mode drivers must be digitally signed.
 
@@ -252,7 +252,7 @@ Device Guard needs to be planned and configured to be truly effective. It isn't
 There are three different parts that make up the Device Guard solution in Windows:
 
 - The first part is a base **set of hardware security features** introduced with the previous version of Windows. TPM for hardware cryptographic operations and UEFI with modern firmware, along with Secure Boot, allows you to control what the device is running when the systems start.
-- After the hardware security feature, there's the code integrity engine. In Windows, **Code Integrity is now fully configurable** and now resides in Isolated user mode, a part of the memory that is protected by virtualization-based security.
+- After the hardware security feature, there's the code integrity engine. In Windows, **Code Integrity is now fully configurable** and now resides in Isolated user mode, a part of the memory that is protected by Virtualization-based security.
 - The last part of Device Guard is **manageability**. Code Integrity configuration is exposed through specific Group Policy Objects, PowerShell cmdlets, and MDM configuration service providers (CSPs).
 
 For more information on how to deploy Device Guard in an enterprise, see the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
@@ -270,7 +270,7 @@ To protect high-value assets, SAWs are used to make secure connections to those
 
 Similarly, on corporate fully managed workstations, where applications are installed by using a distribution tool like Microsoft Configuration Manager, Intune, or any third-party device management, then Device Guard is applicable. In that type of scenario, the organization has a good idea of the software that an average user is running.
 
-It could be challenging to use Device Guard on corporate, lightly managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it's difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log will contain a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run.
+It could be challenging to use Device Guard on corporate, lightly managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it's difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log contains a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run.
 
 Before you can benefit from the protection included in Device Guard, Code Integrity policy must be created by using tools provided by Microsoft, but the policy can be deployed with common management tools, like Group Policy. The Code Integrity policy is a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows, along with restrictions on Windows script hosts. Device Guard Code Integrity policy restricts what code can run on a device.
 
@@ -286,14 +286,14 @@ Device Guard policy into the UpdateSigner section.
 
 On computers with Device Guard, Microsoft proposes to move from a world where unsigned apps can be run without restriction to a world where only signed and trusted code is allowed to run on Windows.
 
-With Windows, organizations will make line-of-business (LOB) apps available to members of the organization through the Microsoft Store infrastructure. More specifically, LOB apps will be available in a private store within the public Microsoft Store. Microsoft Store signs and distributes Universal
+With Windows, organizations make line-of-business (LOB) apps available to members of the organization through the Microsoft Store infrastructure. More specifically, LOB apps are available in a private store within the public Microsoft Store. Microsoft Store signs and distributes Universal
 Windows apps and Classic Windows apps. All apps downloaded from the Microsoft Store are signed.
 
 In organizations today, many LOB applications are unsigned. Code signing is frequently viewed as a tough problem to solve for various reasons, like the lack of code signing expertise. Even if code signing is a best practice, many internal applications aren't signed.
 
 Windows includes tools that allow IT pros to take applications that have been already packaged and run them through a process to create more signatures that can be distributed along with existing applications.
 
-### Why are antimalware and device management solutions still necessary?
+### Why are anti-malware and device management solutions still necessary?
 
 Although allowlist mechanisms are efficient at ensuring that only trusted applications can be run, they can't prevent the compromise of a trusted (but vulnerable) application by malicious content designed to exploit a known vulnerability. Device Guard doesn't protect against user mode malicious code run by exploiting vulnerabilities.
 
@@ -301,7 +301,7 @@ Vulnerabilities are weaknesses in software that could allow an attacker to compr
 
 It's common to see attackers distributing specially crafted content in an attempt to exploit known vulnerabilities in user mode software like web browsers (and their plug-ins), Java virtual machines, PDF readers, or document editors. As of today, 90 percent of discovered vulnerabilities affect user mode applications compared to the operating system and kernel mode drivers that host them.
 
-To combat these threats, patching is the single most effective control, with antimalware software forming complementary layers of defense.
+To combat these threats, patching is the single most effective control, with anti-malware software forming complementary layers of defense.
 
 Most application software has no facility for updating itself, so even if the software vendor publishes an update that fixes the vulnerability, the user may not know that the update is available or how to obtain it, and therefore remains vulnerable to attack. Organizations still need to manage devices and to patch vulnerabilities.
 
@@ -319,23 +319,23 @@ For more information on device health attestation, see the [Detect an unhealthy
 
 ### Hardware requirements
 
-The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview).
+The following table details the hardware requirements for both Virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview).
 
 |Hardware|Motivation|
 |--- |--- |
 |UEFI 2.3.1 or later firmware with Secure Boot enabled|Required to support UEFI Secure Boot. UEFI Secure Boot ensures that the device boots only authorized code. Additionally, Boot Integrity (Platform Secure Boot) must be supported following the requirements in Hardware Compatibility Specification for Systems for Windows under the subsection: "System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby"|
-|Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled|Required to support virtualization-based security. **Note:** Device Guard can be enabled without using virtualization-based security.|
-|X64 processor|Required to support virtualization-based security that uses Windows Hypervisor. Hyper-V is supported only on x64 processor (and not on x86). Direct Memory Access (DMA) protection can be enabled to provide extra memory protection but requires processors to include DMA protection technologies.|
+|Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled|Required to support Virtualization-based security. **Note:** Device Guard can be enabled without using Virtualization-based security.|
+|X64 processor|Required to support Virtualization-based security that uses Windows Hypervisor. Hyper-V is supported only on x64 processor (and not on x86). Direct Memory Access (DMA) protection can be enabled to provide extra memory protection but requires processors to include DMA protection technologies.|
 |IOMMU, such as Intel VT-d, AMD-Vi|Support for the IOMMU in Windows enhances system resiliency against DMA attacks.|
-|Trusted Platform Module (TPM)|Required to support health attestation and necessary for other key protections for virtualization-based security. TPM 2.0 is supported. Support for TPM 1.2 was added beginning in Windows 10, version 1607 (RS1)|
+|Trusted Platform Module (TPM)|Required to support health attestation and necessary for other key protections for Virtualization-based security. TPM 2.0 is supported. Support for TPM 1.2 was added beginning in Windows 10, version 1607 (RS1)|
 
-This section presented information about several closely related controls in Windows . The multi-layer defenses and in-depth approach help to eradicate low-level malware during boot sequence. Virtualization-based security is a fundamental operating system architecture change that adds a new security boundary. Device Guard and Credential Guard respectively help to block untrusted code and protect corporate domain credentials from theft and reuse. This section also briefly discussed the importance of managing devices and patching vulnerabilities. All these technologies can be used to harden and lock down devices while limiting the risk of attackers compromising them.
+This section presented information about several closely related controls in Windows. The multi-layer defenses and in-depth approach help to eradicate low-level malware during boot sequence. Virtualization-based security is a fundamental operating system architecture change that adds a new security boundary. Device Guard and Credential Guard respectively help to block untrusted code and protect corporate domain credentials from theft and reuse. This section also briefly discussed the importance of managing devices and patching vulnerabilities. All these technologies can be used to harden and lock down devices while limiting the risk of attackers compromising them.
 
 ## Detect an unhealthy Windows-based device
 
 As of today, many organizations only consider devices to be compliant with company policy after they've passed various checks that show, for example, that the operating system is in the correct state, properly configured, and has security protection enabled. Unfortunately, with today's systems, this form of reporting isn't entirely reliable because malware can spoof a software statement about system health. A rootkit, or a similar low-level exploit, can report a false healthy state to traditional compliance tools.
 
-The biggest challenge with rootkits is that they can be undetectable to the client. Because they start before antimalware, and they have system-level privileges, they can completely disguise themselves while continuing to access system resources. As a result, traditional computers infected with rootkits appear to be healthy, even with antimalware running.
+The biggest challenge with rootkits is that they can be undetectable to the client. Because they start before anti-malware, and they have system-level privileges, they can completely disguise themselves while continuing to access system resources. As a result, traditional computers infected with rootkits appear to be healthy, even with anti-malware running.
 
 As previously discussed, the health attestation feature of Windows uses the TPM hardware component to securely record a measurement of every boot-related component, including firmware, Windows kernel, and even early boot drivers. Because health attestation uses the hardware-based security capabilities of TPM, the log of all boot measured components remains out of the reach of any malware.
 
@@ -345,9 +345,9 @@ After the devices attest a trusted boot state, they can prove that they aren't r
 
 To understand the concept of device health, it's important to know traditional measures that IT pros have taken to prevent the breach of malware. Malware control technologies are highly focused on the prevention of installation and distribution.
 
-However, the use of traditional malware prevention technologies like antimalware or patching solutions brings a new set of issues for IT pros: the ability to monitor and control the compliance of devices accessing organization's resources.
+However, the use of traditional malware prevention technologies like anti-malware or patching solutions brings a new set of issues for IT pros: the ability to monitor and control the compliance of devices accessing organization's resources.
 
-The definition of device compliance will vary based on an organization's installed antimalware, device configuration settings, patch management baseline, and other security requirements. But health of the device is part of the overall device compliance policy.
+The definition of device compliance will vary based on an organization's installed anti-malware, device configuration settings, patch management baseline, and other security requirements. But health of the device is part of the overall device compliance policy.
 
 The health of the device isn't binary and depends on the organization's security implementation. The Health Attestation Service provides information back to the MDM on which security features are enabled during the boot of the device by using trustworthy hardware TPM.
 
@@ -364,13 +364,13 @@ A relying party like an MDM can inspect the report generated by the remote healt
 > [!NOTE]
 > To use the health attestation feature of Windows, the device must be equipped with a discrete or firmware TPM. There is no restriction on any particular edition of Windows.
 
-Windows supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an antimalware or an MDM agent.
+Windows supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an anti-malware or an MDM agent.
 
 Remote device health attestation combined with an MDM provides a hardware-rooted method for reporting the current security status and detecting any changes, without having to trust the software running on the system.
 
-In the case where malicious code is running on the device, the use of a remote server is required. If a rootkit is present on the device, the antimalware is no longer reliable, and its behavior can be hijacked by a malicious code running early in the startup sequence. This reason is what makes it important to use Secure Boot and Device Guard, to control which code is loaded during the boot sequence.
+In the case where malicious code is running on the device, the use of a remote server is required. If a rootkit is present on the device, the anti-malware is no longer reliable, and its behavior can be hijacked by a malicious code running early in the startup sequence. This reason is what makes it important to use Secure Boot and Device Guard, to control which code is loaded during the boot sequence.
 
-The antimalware software can search to determine whether the boot sequence contains any signs of malware, such as a rootkit. It can also send the TCG log and the PCRs to a remote health attestation server to provide a separation between the measurement component and the verification component.
+The anti-malware software can search to determine whether the boot sequence contains any signs of malware, such as a rootkit. It can also send the TCG log and the PCRs to a remote health attestation server to provide a separation between the measurement component and the verification component.
 
 Health attestation logs the measurements in various TPM Platform Configuration Registers (PCRs) and TCG logs during the boot process.
 
@@ -602,7 +602,7 @@ The figure below shows how the Health Attestation Service is expected to work wi
 
 :::image type="content" alt-text="figure 10." source="images/hva-fig9-intune.png":::
 
-An MDM solution can then use health state statements and take them to the next level by coupling with client policies that will enable conditional access to be granted based on the device's ability to prove that it's malware free, its antimalware system is functional and up to date, the
+An MDM solution can then use health state statements and take them to the next level by coupling with client policies that will enable conditional access to be granted based on the device's ability to prove that it's malware free, its anti-malware system is functional and up to date, the
 firewall is running, and the devices patch state is compliant.
 
 Finally, resources can be protected by denying access to endpoints that are unable to prove they're healthy. This feature is much needed for BYOD devices that need to access organizational resources.
@@ -736,7 +736,7 @@ The following list contains high-level key takeaways to improve the security pos
 
 - **Use virtualization-based security**
 
-    When you have Kernel Mode Code Integrity protected by virtualization-based security, the code integrity rules are still enforced even if a vulnerability allows unauthorized kernel mode memory access. Keep in mind that Device Guard devices that run Kernel Code Integrity with virtualization-based security must have compatible drivers.
+    When you have Kernel Mode Code Integrity protected by Virtualization-based security, the code integrity rules are still enforced even if a vulnerability allows unauthorized kernel mode memory access. Keep in mind that Device Guard devices that run Kernel Code Integrity with Virtualization-based security must have compatible drivers.
 
 - **Start to deploy Device Guard with Audit mode**
 
@@ -756,7 +756,7 @@ The following list contains high-level key takeaways to improve the security pos
 
 Health attestation is a key feature of Windows that includes client and cloud components to control access to high-value assets based on a user and their device's identity and compliance with corporate governance policy. Organizations can choose to detect and report unhealthy devices, or to configure health enforcement rules based on their needs. Health attestation provides an end-to-end security model and integration points, which vendors and software developers can use to build and integrate a customized solution.
 
-## Related topics
+## Related articles
 
 - [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard)
 - [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide)
diff --git a/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md
index 3daa0cbf86..c931ca2dcb 100644
--- a/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md
+++ b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md
@@ -2,7 +2,7 @@
 title: Secure the Windows boot process
 description: This article describes how Windows security features help protect your PC from malware, including rootkits and other applications.
 ms.topic: conceptual
-ms.date: 08/11/2023
+ms.date: 07/10/2024
 ms.collection:
   - tier1
 ---
@@ -73,7 +73,7 @@ These requirements help protect you from rootkits while allowing you to run any
 
 To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software can't change the Secure Boot settings.
 
-The default state of Secure Boot has a wide circle of trust, which can result in customers trusting boot components they may not need. Since the Microsoft 3rd Party UEFI CA certificate signs the bootloaders for all Linux distributions, trusting the Microsoft 3rd Party UEFI CA signature in the UEFI database  increase  s the attack surface of systems. A customer who intended to only trust and boot a single Linux distribution will trust all distributions - much more than their desired configuration. A vulnerability in any of the bootloaders exposes the system and places the customer at risk of exploit for a bootloader they never intended to use, as seen in recent vulnerabilities, for example [with the GRUB bootloader](https://msrc.microsoft.com/security-guidance/advisory/ADV200011) or [firmware-level rootkit]( https://www.darkreading.com/threat-intelligence/researchers-uncover-dangerous-new-firmware-level-rootkit) affecting boot components. [Secured-core PCs](/windows-hardware/design/device-experiences/OEM-highly-secure-11) require Secure Boot to be enabled and configured to distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with the most secure configuration of their PCs possible.
+The default state of Secure Boot has a wide circle of trust, which can result in customers trusting boot components they may not need. Since the Microsoft 3rd Party UEFI CA certificate signs the bootloaders for all Linux distributions, trusting the Microsoft 3rd Party UEFI CA signature in the UEFI database  increase  s the attack surface of systems. A customer who intended to only trust and boot a single Linux distribution will trust all distributions - more than their desired configuration. A vulnerability in any of the bootloaders exposes the system and places the customer at risk of exploit for a bootloader they never intended to use, as seen in recent vulnerabilities, for example [with the GRUB bootloader](https://msrc.microsoft.com/security-guidance/advisory/ADV200011) or [firmware-level rootkit]( https://www.darkreading.com/threat-intelligence/researchers-uncover-dangerous-new-firmware-level-rootkit) affecting boot components. [Secured-core PCs](/windows-hardware/design/device-experiences/OEM-highly-secure-11) require Secure Boot to be enabled and configured to distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with the most secure configuration of their PCs possible.
 
 To trust and boot operating systems, like Linux, and components signed by the UEFI signature, Secured-core PCs can be configured in the BIOS menu to add the signature in the UEFI database by following these steps:
 
@@ -91,11 +91,11 @@ Like most mobile devices, Arm-based devices, such as the Microsoft Surface RT de
 
 Trusted Boot takes over where Secure Boot ends. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally.
 
-## Early Launch Anti-Malware
+## Early Launch anti-malware
 
 Because Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel, the next opportunity for malware to start is by infecting a non-Microsoft boot driver. Traditional anti-malware apps don't start until after the boot drivers have been loaded, giving a rootkit disguised as a driver the opportunity to work.
 
-Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the OS hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows doesn't load it.
+Early Launch anti-malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the OS hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows doesn't load it.
 
 An ELAM driver isn't a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows) supports ELAM, as does several non-Microsoft anti-malware apps.
 
diff --git a/windows/security/operating-system-security/system-security/trusted-boot.md b/windows/security/operating-system-security/system-security/trusted-boot.md
index 431c65c17d..4da0621dc6 100644
--- a/windows/security/operating-system-security/system-security/trusted-boot.md
+++ b/windows/security/operating-system-security/system-security/trusted-boot.md
@@ -2,7 +2,7 @@
 title: Secure Boot and Trusted Boot
 description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
 ms.topic: conceptual
-ms.date: 10/30/2023
+ms.date: 07/10/2024
 ms.reviewer: jsuther
 appliesto:
   - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
@@ -10,15 +10,15 @@ appliesto:
 
 # Secure Boot and Trusted Boot
 
-*This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.*
+This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.
 
 Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
-The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences safely finish their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
 
-As the PC begins the boot process, it first verifies that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader's digital signature to ensure that it's trusted by the Secure Boot policy and hasn't been tampered with.
+As the PC begins the boot process, it first verifies that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system, and checks the OS bootloader's digital signature to ensure that it's trusted by the Secure Boot policy and hasn't been tampered with.
 
 ## Trusted Boot
 
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png
index 13d6f59afc..e1db1cbe84 100644
Binary files a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png and b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png differ
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png
index e3d744df4c..6d1bfa080f 100644
Binary files a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png and b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png differ
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png
index 0d1acbe82c..2ee8a3fd5b 100644
Binary files a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png and b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png differ
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png
index ab123cc49b..1dcd937bcb 100644
Binary files a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png and b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png differ
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png
index 68b94302a1..012a75914d 100644
Binary files a/windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png and b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png differ
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
index 2dba2d4677..ae3cb0475f 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
@@ -1,11 +1,10 @@
 ---
 title: Account protection in Windows Security
 description: Use the Account protection section to manage security for your account and sign in to Microsoft.
-ms.date: 08/11/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
-
 # Account protection
 
 The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list:
@@ -14,7 +13,7 @@ The **Account protection** section contains information and settings for account
 - [Windows Hello for Business](../../../identity-protection/hello-for-business/index.md)
 - [Lock your Windows 10 PC automatically when you step away from it](https://support.microsoft.com/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from)
 
-You can also choose to hide the section from users of the device, if you don't want your employees to access or view user-configured options for these features.
+You can also choose to hide the section from users of the device, if you don't want your users to access or view user-configured options for these features.
 
 ## Hide the Account protection section
 
@@ -25,7 +24,7 @@ You can only configure these settings by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select  **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select  **Edit**.
 1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Account protection**.
 1. Open the **Hide the Account protection area** setting and set it to **Enabled**. Select **OK**.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
index 375aeb3fa0..ff0ffba791 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
@@ -1,7 +1,7 @@
 ---
 title: App & browser control in Windows Security
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
-ms.date: 08/11/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
@@ -11,22 +11,22 @@ The **App and browser control** section contains information and settings for Wi
 
 In Windows 10, version 1709 and later, the section also provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. IT administrators can get more information at [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection).
 
-You can also choose to hide the section from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+You can also choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
 
 ## Prevent users from making changes to the Exploit protection area in the App & browser control section
 
-You can prevent users from modifying settings in the Exploit protection area. The settings will be either greyed out or not appear if you enable this setting. Users will still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options have been configured separately.
+You can prevent users from modifying settings in the Exploit protection area. The settings are either greyed out or don't appear if you enable this setting. Users still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options are separately.
 
 You can only prevent users from modifying Exploit protection settings by using Group Policy.
 
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 2. In the **Group Policy Management Editor**, go to **Computer configuration**, select **Policies** and then **Administrative templates**.
 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
 4. Open the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 ## Hide the App & browser control section
 
@@ -37,11 +37,11 @@ This section can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
 4. Open the **Hide the App and browser protection area** setting and set it to **Enabled**. Select **OK**.
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
index 4bf296c839..aa892ac49b 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -1,7 +1,7 @@
 ---
 title: Customize Windows Security contact information in Windows Security
-description: Provide information to your employees on how to contact your IT department when a security issue occurs
-ms.date: 08/11/2023
+description: Provide information to your users on how to contact your IT department when a security issue occurs
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
@@ -11,7 +11,7 @@ You can add information about your organization in a contact card in **Windows S
 
 ![The Windows Security custom fly-out.](images/security-center-custom-flyout.png)
 
-This information will also be shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
+This information is shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
 
 Users can select the displayed information to initiate a support request:
 
@@ -27,20 +27,20 @@ You must have Windows 10, version 1709 or later. The ADMX/ADML template files fo
 
 There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
-3. Expand the tree to **Windows components > Windows Security > Enterprise Customization**.
-4. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They'll both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
+1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Enterprise Customization**.
+1. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
 
     1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Select **OK**.
 
         > [!NOTE]
         > This can only be done in Group Policy.
 
-    2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
+    1. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
 
-5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
-6. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings. Open the setting, select **Enabled**, and then add the contact information in the field under **Options**:
+1. After you enable the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
+1. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings. Open the setting, select **Enabled**, and then add the contact information in the field under **Options**:
 
     1. **Specify contact email address or Email ID**
     2. **Specify contact phone number or Skype ID**
@@ -49,7 +49,7 @@ There are two stages to using the contact card and customized notifications. Fir
     > [!NOTE]
     > If you enable **Configure customized notifications** and **Specify contact website** policies, the contact website must begin with `http:` or `https:` (for example, `https://contoso.com/help`) to allow the user to interact with the notification and navigate to the specified URL.
 
-7. Select **OK** after you configure each setting to save your changes.
+1. Select **OK** after you configure each setting to save your changes.
 
 To enable the customized notifications and add the contact information in Intune, see these articles:
 
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
index a15b5f11b6..652bd443dd 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
@@ -1,18 +1,16 @@
 ---
 title: Device & performance health in Windows Security
 description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
-ms.date: 07/31/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
 
 # Device performance and health
 
-The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they're seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
+The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine.
 
-The [Windows 10 IT pro troubleshooting article](/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](/windows/windows-10/) can also be helpful for resolving issues.
-
-This section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
 
 ## Hide the Device performance & health section
 
@@ -23,11 +21,11 @@ This section can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Device performance and health**.
 1. Open the **Hide the Device performance and health area** setting and set it to **Enabled**. Select **OK**.
-1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
index e47d41fc91..3323324a97 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
@@ -1,7 +1,7 @@
 ---
 title: Device security in Windows Security
 description: Use the Device security section to manage security built into your device, including Virtualization-based security.
-ms.date: 08/11/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
@@ -9,7 +9,7 @@ ms.topic: how-to
 
 The **Device security** section contains information and settings for built-in device security.
 
-You can choose to hide the section from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
 
 ## Hide the Device security section
 
@@ -18,11 +18,11 @@ You can choose to hide the entire section by using Group Policy. The section won
 > [!IMPORTANT]
 > You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
-3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-4. Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
+1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
+1. Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
@@ -36,18 +36,18 @@ If you don't want users to be able to select the **Clear TPM** button in **Windo
 > [!IMPORTANT]
 > You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
-3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-4. Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
+1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
+1. Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 ## Hide the TPM Firmware Update recommendation
 
 If you don't want users to see the recommendation to update TPM firmware, you can disable it.
 
-1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
-3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-4. Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
+1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
+1. Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
index 50f38d64dd..9c92b794d3 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
@@ -1,18 +1,17 @@
 ---
 title: Family options in Windows Security
 description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
-ms.date: 08/11/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
-
 # Family options
 
 The **Family options** section contains links to settings and further information for parents of a Windows PC. It isn't intended for enterprise or business environments.
 
 Home users can learn more at the [Help protection your family online in Windows Security article at support.microsoft.com](https://support.microsoft.com/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
 
-This section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to this section.
+This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to see or have access to this section.
 
 ## Hide the Family options section
 
@@ -23,11 +22,11 @@ This section can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Family options**.
 1. Open the **Hide the Family options area** setting and set it to **Enabled**. Select **OK**.
-1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
index 0070445c0d..e6e8967d86 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -1,15 +1,15 @@
 ---
 title: Firewall and network protection in Windows Security
 description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
-ms.date: 08/11/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
 # Firewall and network protection
 
-The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other non-Microsoft firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../../network-security/windows-firewall/index.md).
+The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Firewall and any other non-Microsoft firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Firewall with Advanced Security documentation library](../../network-security/windows-firewall/index.md).
 
-This section can be hidden from users of the machine. This information is useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+This section can be hidden from users of the machine. This information is useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
 
 ## Hide the Firewall & network protection section
 
@@ -20,11 +20,11 @@ This section can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the Group Policy Management Console. Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Firewall and network protection**.
 1. Open the **Hide the Firewall and network protection area** setting and set it to **Enabled**. Select **OK**.
-1. Deploy the updated GPO as you normally do.
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
index 5e330d95a0..86e41f335e 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
@@ -1,7 +1,7 @@
 ---
 title: Hide notifications from Windows Security
 description: Prevent Windows Security notifications from appearing on user endpoints
-ms.date: 07/31/2023
+ms.date: 06/27/2024
 ms.topic: how-to
 ---
 
@@ -9,18 +9,18 @@ ms.topic: how-to
 
 **Windows Security** is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
 
-In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the employees in your organization.
+In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the users in your organization.
 
 There are two levels to hiding notifications:
 
-1. Hide non-critical notifications, such as regular updates about the number of scans Microsoft Defender Antivirus ran in the past week
-2. Hide all notifications
+1. Hide noncritical notifications, such as regular updates about the number of scans Microsoft Defender Antivirus ran in the past week
+1. Hide all notifications
 
 If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting has no effect.
 
 You can only use Group Policy to change these settings.
 
-## Use Group Policy to hide non-critical notifications
+## Use Group Policy to hide noncritical notifications
 
 You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Windows Update for Business reports or Microsoft Configuration Manager reporting).
 
@@ -30,11 +30,11 @@ These notifications can be hidden only by using Group Policy.
 > You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
 1. Download the latest [Administrative Templates (.admx) for Windows 10, v2004](https://www.microsoft.com/download/101445).
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**
 1. Open the **Hide non-critical notifications** setting and set it to **Enabled**. Select **OK**.
-1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 ## Use Group Policy to hide all notifications
 
@@ -45,7 +45,7 @@ These notifications can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**.
 
@@ -53,7 +53,7 @@ These notifications can be hidden only by using Group Policy.
     > For Windows 10 version 2004 and above the path would be **Windows components > Windows Security > Notifications**.
 
 1. Open the **Hide all notifications** setting and set it to **Enabled**. Select **OK**.
-1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > You can use the following registry key and DWORD value to **Hide all notifications**.
@@ -90,14 +90,14 @@ These notifications can be hidden only by using Group Policy.
 | OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |Virus & threat protection notification|
 | Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |Virus & threat protection notification|
 | Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |Virus & threat protection notification|
-| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary.  Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
+| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
 | Summary notification, **no** items found, no scans | Microsoft Defender Antivirus didn't find any threats since your last summary. | RECAP_NO_THREATS | No |Virus & threat protection notification|
 | Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |Virus & threat protection notification|
-| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_.  No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
+| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
 | Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |Virus & threat protection notification|
-| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device.  You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
-| Long running BaFS | Your IT administrator  requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
-| Long running BaFS customized | _Company_ requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
+| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
+| Long running BaFS | Your IT administrator  requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
+| Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
 | Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |Firewall and network protection notification|
 | Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
 | Ransomware specific detection | Microsoft Defender Antivirus has detected threats, which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No |Virus & threat protection notification|
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
index f48a985759..0bba1cf21b 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -1,15 +1,13 @@
 ---
 title: Virus and threat protection in Windows Security
-description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
-ms.date: 08/11/2023
-ms.topic: conceptual
+description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party antivirus products.
+ms.date: 06/27/2024
+ms.topic: how-to
 ---
 
 # Virus and threat protection
 
-The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
-
-In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
+The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party antivirus products. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
 
 IT administrators and IT pros can get more configuration information from these articles:
 
@@ -20,7 +18,7 @@ IT administrators and IT pros can get more configuration information from these
 - [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365)
 - [Ransomware detection and recovering your files](https://support.office.com/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
 
-You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for these features.
+You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for these features.
 
 ## Hide the Virus & threat protection section
 
@@ -31,11 +29,11 @@ This section can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
 1. Open the **Hide the Virus and threat protection area** setting and set it to **Enabled**. Select **OK**.
-1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
 > If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
@@ -51,8 +49,8 @@ This area can be hidden only by using Group Policy.
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 1. Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
 1. Open the **Hide the Ransomware data recovery area** setting and set it to **Enabled**. Select **OK**.
-1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
index 2feb4cecb2..2a65943ed8 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
@@ -1,21 +1,17 @@
 ---
 title: Windows Security
 description: Windows Security brings together common Windows security features into one place.
-ms.date: 08/11/2023
+ms.date: 06/27/2024
 ms.topic: conceptual
 ---
 
 # Windows Security
 
-This library describes **Windows Security** settings, and provides information on configuring certain features, including:
+This article describes **Windows Security** settings, and provides information on configuring certain features, including:
 
 - [Showing and customizing contact information](wdsc-customize-contact-information.md)
 - [Hiding notifications](wdsc-hide-notifications.md)
 
-In Windows 10, version 1709 and later, the settings also show information from third-party antivirus and firewall apps.
-
-In Windows 10, version 1803, the settings have two new areas: **Account protection** and **Device security**.
-
 ![Screenshot of the Windows Security showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
 
 > [!NOTE]
@@ -31,7 +27,7 @@ For more information about each section, options for configuring the sections, a
 
 - [Virus & threat protection](wdsc-virus-threat-protection.md), which has information and access to antivirus ransomware protection settings and notifications, including Controlled folder access, and sign-in to Microsoft OneDrive.
 - [Account protection](wdsc-account-protection.md), which has information and access to sign-in and account protection settings.
-- [Firewall & network protection](wdsc-firewall-network-protection.md), which has information and access to firewall settings, including Windows Defender Firewall.
+- [Firewall & network protection](wdsc-firewall-network-protection.md), which has information and access to firewall settings, including Windows Firewall.
 - [App & browser control](wdsc-app-browser-control.md), covering Windows Defender SmartScreen settings and Exploit protection mitigations.
 - [Device security](wdsc-device-security.md), which provides access to built-in device security settings.
 - [Device performance & health](wdsc-device-performance-health.md), which has information about drivers, storage space, and general Windows Update issues.
@@ -52,7 +48,7 @@ For more information about each section, options for configuring the sections, a
 
     ![Screenshot of the Start menu showing the results of a search for the Windows Security, the first option with a large shield symbol is selected.](images/security-center-start-menu.png)
 
-- Open an area from Windows **Settings**.
+- Open an area from Windows **Settings** > **Privacy & security** > **Windows Security**.
 
     ![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
 
@@ -88,4 +84,4 @@ If you disable any of the individual features, it prevents that feature from rep
 > [!IMPORTANT]
 > If you individually disable any of the services, it won't disable the other services or **Windows Security** itself.
 
-For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.
+For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
index 5968d29a6c..d53d8c5dc7 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
@@ -1,66 +1,57 @@
 ---
-title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
+title: Available Microsoft Defender SmartScreen settings
 description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
-ms.date: 08/11/2023
+ms.date: 07/10/2024
 ms.topic: reference
 ---
-# Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 
-Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
+# Available Microsoft Defender SmartScreen settings
 
-See [Windows 10 and Windows 11 settings to protect devices using Intune](/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
+Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show users a warning page and let them continue to the site, or you can block the site entirely.
+
+See [Windows settings to protect devices using Intune](/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
+
+> [!NOTE]
+> For a list of settings available for Enhanced phishing protection, see [Enhanced phishing protection](enhanced-phishing-protection.md#configure-enhanced-phishing-protection-for-your-organization).
 
 ## Group Policy settings
 
 SmartScreen uses registry-based Administrative Template policy settings.
 
-Setting|Supported on|Description|
-|--- |--- |--- |
-|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<br/><br/>**Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen<br/><br/>**At least Windows Server 2012, Windows 8 or Windows RT**|This policy setting turns on Microsoft Defender SmartScreen. <br/><br/>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<br/><br/>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on. <br/><br/>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.|
-|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.<br/><br/>This setting doesn't protect against malicious content from USB devices, network shares, or other non-internet sources.<br/><br/>**Important:**  Using a trustworthy browser helps ensure that these protections work as expected.|
-|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)<br/><br/>**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)<br/><br/>**Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen|Microsoft Edge on Windows 10 or Windows 11|This policy setting turns on Microsoft Defender SmartScreen. <br/><br/>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.<br/><br/>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on. <br/><br/>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.|
-|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)<br/><br/>**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)<br/><br/>**Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.<br/><br/>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<br/><br/>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.|
-|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)<br/><br/>**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)<br/><br/>**Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.<br/><br/>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<br/><br/>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.|
-|Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter|Internet Explorer 9 or later|This policy setting prevents the employee from managing Microsoft Defender SmartScreen.<br/><br/>If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that aren't on the filter's allowlist are sent automatically to Microsoft without prompting the employee.<br/><br/>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.|
-|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings|Internet Explorer 8 or later|This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.<br/><br/>If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.<br/><br/>If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.|
-|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that aren't commonly downloaded from the Internet|Internet Explorer 9 or later|This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users don't commonly download from the Internet.<br/><br/>If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.<br/><br/>If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.|
+|Setting|Description|
+|---|--- |
+|Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen | This policy setting turns on Microsoft Defender SmartScreen. <br/><br/>If you enable this setting, it turns on Microsoft Defender SmartScreen and your users are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your users or Warn and prevent bypassing the message (effectively blocking the user from the site).<br/><br/>If you disable this setting, it turns off Microsoft Defender SmartScreen and your users are unable to turn it on. <br/><br/>If you don't configure this setting, your users can decide whether to use Microsoft Defender SmartScreen.|
+|Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure App Install Control| This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.<br/><br/>This setting doesn't protect against malicious content from USB devices, network shares, or other non-internet sources.<br/><br/>**Important:**  Using a trustworthy browser helps ensure that these protections work as expected.|
+|Administrative Templates > Windows Components > Windows Defender SmartScreen > Microsoft Edge > Configure Windows Defender SmartScreen | This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your users from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. <br><br>If you enable this setting, Windows Defender SmartScreen is turned on, and users can't turn it off. <br><br>If you disable this setting, Windows Defender SmartScreen is turned off, and users can't turn it on. <br><br>If you don't configure this setting, users can choose whether to use Windows Defender SmartScreen. |
+|Administrative Templates > Windows Components > Windows Defender SmartScreen > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites | This policy setting lets you decide whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. <br><br>If you enable this setting, users can't ignore Windows Defender SmartScreen warnings and they're blocked from continuing to the site. <br><br>If you disable or don't configure this setting, users can ignore Windows Defender SmartScreen warnings and continue to the site. |
 
 ## MDM settings
 
 If you manage your policies using Microsoft Intune, use these MDM policy settings. All settings support desktop computers running Windows 10/11 Pro or Windows 10/11 Enterprise, enrolled with Microsoft Intune.
 
-For Microsoft Defender SmartScreen Microsoft Edge MDM policies, see [Policy CSP - Browser](/windows/client-management/mdm/policy-csp-browser).
-
-|Setting|Supported versions|Details|
-|--- |--- |--- |
-|AllowSmartScreen|Windows 10|<li>**URI full path.**  ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen<li>**Data type.**  Integer<li>**Allowed values:**<ul><li>**0 .**  Turns off Microsoft Defender SmartScreen in Microsoft Edge.<li>**1.**  Turns on Microsoft Defender SmartScreen in Microsoft Edge.|
-|EnableAppInstallControl|Windows 10, version 1703|<li>**URI full path.**  ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl<li>**Data type.**  Integer<li>**Allowed values:**<ul><li>**0 .**  Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.<li>**1.**  Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.|
-|EnableSmartScreenInShell|Windows 10, version 1703|<li>**URI full path.**  ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell<li>**Data type.**  Integer<li>**Allowed values:**<ul><li>**0 .**  Turns off Microsoft Defender SmartScreen in Windows for app and file execution.<li>**1.**  Turns on Microsoft Defender SmartScreen in Windows for app and file execution.|
-|PreventOverrideForFilesInShell|Windows 10, version 1703|<li>**URI full path.**  ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell<li>**Data type.**  Integer<li>**Allowed values:**<ul><li>**0 .**  Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.<li>**1.**  Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.|
-|PreventSmartScreenPromptOverride|Windows 10, Version 1511 and Windows 11|<li>**URI full path.**  ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride<li>**Data type.**  Integer<li>**Allowed values:**<ul><li>**0 .**  Employees can ignore Microsoft Defender SmartScreen warnings.<li>**1.**  Employees can't ignore Microsoft Defender SmartScreen warnings.|
-|PreventSmartScreenPromptOverrideForFiles|Windows 10, Version 1511 and Windows 11|<li>**URI full path.**  ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles<li>**Data type.**  Integer<li>**Allowed values:**<ul><li>**0 .**  Employees can ignore Microsoft Defender SmartScreen warnings for files.<li>**1.**  Employees can't ignore Microsoft Defender SmartScreen warnings for files.|
+- [AllowSmartScreen](/windows/client-management/mdm/policy-csp-browser#allowsmartscreen)
+- [EnableAppInstallControl](/windows/client-management/mdm/policy-csp-smartscreen#enableappinstallcontrol)
+- [EnableSmartScreenInShell](/windows/client-management/mdm/policy-csp-smartscreen#enablesmartscreeninshell)
+- [PreventOverrideForFilesInShell](/windows/client-management/mdm/policy-csp-smartscreen#preventoverrideforfilesinshell)
+- [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-csp-browser#preventsmartscreenpromptoverride)
+- [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-csp-browser#preventsmartscreenpromptoverrideforfiles)
 
 ## Recommended Group Policy and MDM settings for your organization
 
-By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this feature can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
+By default, Microsoft Defender SmartScreen lets users bypass warnings. Unfortunately, this feature can let users continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
 
 To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
 
 |Group Policy setting|Recommendation|
 |--- |--- |
-|Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)|**Enable.**  Turns on Microsoft Defender SmartScreen.|
-|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)|**Enable.**  Stops employees from ignoring warning messages and continuing to a potentially malicious website.|
-|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)<br/><br/>Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)|**Enable.**  Stops employees from ignoring warning messages and continuing to download potentially malicious files.|
-|Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen|**Enable with the Warn and prevent bypass option.**  Stops employees from ignoring warning messages about malicious files downloaded from the Internet.|
+|Administrative Templates > Windows Components > Microsoft Edge > Configure Windows Defender SmartScreen|**Enable.**  Turns on Microsoft Defender SmartScreen.|
+|Administrative Templates > Windows Components > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites|**Enable.**  Stops users from ignoring warning messages and continuing to a potentially malicious website.|
+|Administrative Templates > Windows Components > Explorer > Configure Windows Defender SmartScreen|**Enable with the Warn and prevent bypass option.**  Stops users from ignoring warning messages about malicious files downloaded from the Internet.|
 
 |MDM setting|Recommendation|
 |--- |--- |
 |Browser/AllowSmartScreen|**1.**  Turns on Microsoft Defender SmartScreen.|
-|Browser/PreventSmartScreenPromptOverride|**1.**  Stops employees from ignoring warning messages and continuing to a potentially malicious website.|
-|Browser/PreventSmartScreenPromptOverrideForFiles|**1.**  Stops employees from ignoring warning messages and continuing to download potentially malicious files.|
+|Browser/PreventSmartScreenPromptOverride|**1.**  Stops users from ignoring warning messages and continuing to a potentially malicious website.|
+|Browser/PreventSmartScreenPromptOverrideForFiles|**1.**  Stops users from ignoring warning messages and continuing to download potentially malicious files.|
 |SmartScreen/EnableSmartScreenInShell|**1.**  Turns on Microsoft Defender SmartScreen in Windows.<br/><br/>Requires at least Windows 10, version 1703.|
-|SmartScreen/PreventOverrideForFilesInShell|**1.**  Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<br/><br/>Requires at least Windows 10, version 1703.|
-
-## Related articles
-
-- [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies)
+|SmartScreen/PreventOverrideForFilesInShell|**1.**  Stops users from ignoring warning messages about malicious files downloaded from the Internet.<br/><br/>Requires at least Windows 10, version 1703.|
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
index 38921c5358..ee7a31a01b 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Enhanced Phishing Protection in Microsoft Defender SmartScreen
 description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
-ms.date: 11/02/2023
+ms.date: 07/10/2024
 ms.topic: conceptual
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2</a>
@@ -19,7 +19,7 @@ If a user signs into Windows using a password, Enhanced Phishing Protection work
 - If users type their work or school password into a website or app that SmartScreen finds suspicious, Enhanced Phishing Protection can automatically collect information from that website or app to help identify security threats. For example, the content displayed, sounds played, and application memory.
 
 > [!NOTE]
-> When a user signs-in to a device using a Windows Hello for Business PIN or biometric, Enhanced Phishing Protection does not alert the user or send events to [Microsoft Defender for Endpoint (MDE)](/microsoft-365/security/defender-endpoint/).
+> When a user signs in to a device using a Windows Hello for Business PIN or biometric, Enhanced Phishing Protection does not alert the user or send events to [Microsoft Defender for Endpoint (MDE)](/microsoft-365/security/defender-endpoint/).
 
 ## Benefits of Enhanced Phishing Protection in Microsoft Defender SmartScreen
 
@@ -37,7 +37,7 @@ Enhanced Phishing Protection provides robust phishing protections for work or sc
 
 ## Configure Enhanced Phishing Protection for your organization
 
-Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service. These settings are available to configure your devices using either Microsoft Intune, GPO or CSP.
+Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service. These settings are available to configure your devices using either Microsoft Intune, GPO, or CSP.
 
 | Setting | Description |
 |--|--|
@@ -51,7 +51,7 @@ Enhanced Phishing Protection allows organizations to add their custom identity p
 
 To add your organization's custom sign-in URL to Enhanced Phishing Protection, configure the `EnableWebSignIn` policy in the [Authentication Policy CSP](/windows/client-management/mdm/policy-csp-authentication#enablewebsignin). For more information, see [Web sign-in for Windows](../../../identity-protection/web-sign-in/index.md).
 
-Follow these instructions to configure your devices using either Microsoft Intune, GPO or CSP.
+Follow these instructions to configure your devices using either Microsoft Intune, GPO, or CSP.
 
 #### [:::image type="icon" source="../../../images/icons/intune.svg"::: **Intune**](#tab/intune)
 
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
index b5af241045..56fc48b2bf 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender SmartScreen overview
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
-ms.date: 08/11/2023
+ms.date: 07/10/2024
 ms.topic: conceptual
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/security/security-foundations/certification/fips-140-validation.md b/windows/security/security-foundations/certification/fips-140-validation.md
index 7e2163afdc..739b778e25 100644
--- a/windows/security/security-foundations/certification/fips-140-validation.md
+++ b/windows/security/security-foundations/certification/fips-140-validation.md
@@ -3,10 +3,6 @@ title: Windows FIPS 140 validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows FIPS 140 validation
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-previous.md b/windows/security/security-foundations/certification/validations/cc-windows-previous.md
index 58209a1bc7..8d5cd8c275 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-previous.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-previous.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for previous Windows releases
 description: Learn about the completed Common Criteria certifications for previous Windows releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Common Criteria certifications for previous Windows releases
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md b/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md
index 5e7d75c602..75df55214c 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows Server 2022, 2019, and 2016
 description: Learn about the completed Common Criteria certifications for Windows Server 2022, 2019, and 2016.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows Server 2022, 2019, and 2016 Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
index d8b655246d..392c293fd2 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for previous Windows Server releases
 description: Learn about the completed Common Criteria certifications for previous Windows Server releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Common Criteria certifications for previous Windows Server releases
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md b/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md
index d65c3f9442..979a3196ee 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows Server semi-annual releases
 description: Learn about the completed Common Criteria certifications for Windows Server semi-annual releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows Server semi-annual Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/cc-windows10.md b/windows/security/security-foundations/certification/validations/cc-windows10.md
index 916d28b4cd..36bd9cc400 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows10.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows10.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows 10
 description: Learn about the completed Common Criteria certifications for Windows 10.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows 10 Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/cc-windows11.md b/windows/security/security-foundations/certification/validations/cc-windows11.md
index 1f653104a1..52e683c0c2 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows11.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows11.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows 11
 description: Learn about the completed Common Criteria certifications for Windows 11.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows 11 Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/fips-140-other-products.md b/windows/security/security-foundations/certification/validations/fips-140-other-products.md
index 1d93f90168..009d8e3b18 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-other-products.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-other-products.md
@@ -3,11 +3,8 @@ title: FIPS 140 validated modules for other products
 description: This topic lists the completed FIPS 140 cryptographic module validations for products other than Windows and Windows Server that leverage the Windows cryptographic modules.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
+
 # FIPS 140 validated modules in other products
 
 The following tables list the completed FIPS 140 validations in products other than Windows and Windows Server that leverage the Windows cryptographic modules. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md b/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md
index eca7af6d57..25731d7f15 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md
@@ -3,11 +3,8 @@ title: FIPS 140 validated modules for previous Windows versions
 description: This topic lists the completed FIPS 140 cryptographic module validations for versions of Windows prior to Windows 10.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
+
 # FIPS 140 validated modules in previous Windows versions
 
 The following tables list the completed FIPS 140 validations of cryptographic modules used in versions of Windows  prior to Windows 10, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md
index e745be28d9..7105cd5459 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows Server 2016
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2016.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 # FIPS 140 validated modules in Windows Server 2016
 
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md
index caebf60f2a..c5ef45bb70 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md
@@ -3,11 +3,8 @@ title: FIPS 140 validated modules for Windows Server 2019
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2019.
 ms.date: 4/5/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
+
 # FIPS 140 validated modules in Windows Server 2019
 
 The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server 2019, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, see its linked Security Policy document or module certificate.
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md
index 7e5d018a04..659435689f 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for previous Windows Server versions
 description: This topic lists the completed FIPS 140 cryptographic module validations for versions of Windows Server prior to Windows Server 2016.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules in previous Windows Server versions
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
index 773a622fe4..d1d1724b36 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows Server Semi-Annual Releases
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server semi-annual releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules in Windows Server semi-annual releases
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows10.md b/windows/security/security-foundations/certification/validations/fips-140-windows10.md
index d2d5b384b6..e555337cb5 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows10.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows10.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows 10
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 10.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules for Windows 10
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows11.md b/windows/security/security-foundations/certification/validations/fips-140-windows11.md
index 0eb4fa7733..bf551c22b5 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows11.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows11.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows 11
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 11.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules for Windows 11
diff --git a/windows/security/security-foundations/certification/windows-platform-common-criteria.md b/windows/security/security-foundations/certification/windows-platform-common-criteria.md
index d012841b09..e59b0403b4 100644
--- a/windows/security/security-foundations/certification/windows-platform-common-criteria.md
+++ b/windows/security/security-foundations/certification/windows-platform-common-criteria.md
@@ -3,10 +3,6 @@ title: Windows Common Criteria certifications
 description: Learn how Microsoft products are certified under the Common Criteria for Information Technology Security Evaluation program.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Common Criteria certifications
diff --git a/windows/security/security-foundations/images/simplified-sdl.png b/windows/security/security-foundations/images/simplified-sdl.png
deleted file mode 100644
index 97c7448b8c..0000000000
Binary files a/windows/security/security-foundations/images/simplified-sdl.png and /dev/null differ
diff --git a/windows/security/security-foundations/zero-trust-windows-device-health.md b/windows/security/security-foundations/zero-trust-windows-device-health.md
index 2f5a418bc1..cacb76f47d 100644
--- a/windows/security/security-foundations/zero-trust-windows-device-health.md
+++ b/windows/security/security-foundations/zero-trust-windows-device-health.md
@@ -5,7 +5,7 @@ ms.topic: concept-article
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 ---
 
 # Zero Trust and Windows device health
diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml
index 7ad2200658..408873ec0b 100644
--- a/windows/whats-new/TOC.yml
+++ b/windows/whats-new/TOC.yml
@@ -18,14 +18,25 @@
     - name: What's new in Windows 11, version 22H2
       href: whats-new-windows-11-version-22h2.md
 - name: Windows 10
-  expanded: true
+  expanded: false
   items:
     - name: Extended Security Updates (ESU) program for Windows 10
       href: extended-security-updates.md
     - name: What's new in Windows 10, version 22H2
       href: whats-new-windows-10-version-22H2.md
-    - name: What's new in Windows 10, version 21H2
-      href: whats-new-windows-10-version-21H2.md
+- name: Windows 10 Enterprise LTSC
+  expanded: false
+  items:
+  - name: Windows 10 Enterprise LTSC overview
+    href: ltsc/overview.md
+  - name: What's new in Windows 10 Enterprise LTSC 2021
+    href: ltsc/whats-new-windows-10-2021.md
+  - name: What's new in Windows 10 Enterprise LTSC 2019
+    href: ltsc/whats-new-windows-10-2019.md
+  - name: What's new in Windows 10 Enterprise LTSC 2016
+    href: ltsc/whats-new-windows-10-2016.md
+  - name: What's new in Windows 10 Enterprise LTSC 2015
+    href: ltsc/whats-new-windows-10-2015.md
 - name: Windows commercial licensing overview
   href: windows-licensing.md
 - name: Deprecated and removed Windows features
diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 3e79887cbe..00fab61fd6 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -1,7 +1,7 @@
 ---
 title: Resources for deprecated features in the Windows client
 description: Resources and details for deprecated features in the Windows client.
-ms.date: 06/03/2024
+ms.date: 08/12/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -21,6 +21,13 @@ appliesto:
 
 This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
 
+## Paint 3D
+
+Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. Existing installations of Paint 3D will continue to work, but the app will no longer be available for download from the Microsoft Store. If you remove the app, you can reinstall it from the Microsoft Store until November 4, 2024. After that date, Paint 3D will no longer be available for download. Paint 3D was preinstalled on some Windows 10 devices, but wasn't preinstalled on Windows 11 devices. Some alternatives to Paint 3D include:
+
+- View and edit 2D images: [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4)
+- View 3D content: [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths).
+
 ## NTLM
 
 Customers concerned about NTLM usage in their environments are encouraged to utilize [NTLM auditing](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain) to [investigate how NTLM is being used](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191).  
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 0b43cfa4e9..e1ee7cbf06 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,12 +1,12 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 06/11/2024
+ms.date: 09/11/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
 author: mestew
-ms.author: mstewart 
+ms.author: mstewart
 manager: aaroncz
 ms.topic: reference
 ms.collection:
@@ -47,14 +47,17 @@ The features in this article are no longer being actively developed, and might b
 
 | Feature | Details and mitigation  | Deprecation announced |
 |---|---|---|
-| DirectAccess <!--8713507-->| DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | 
+| Legacy DRM services <!--9183757-->| Legacy DRM services, used by either Windows Media Player, Silverlight clients, Windows 7, or Windows 8 clients are deprecated. The following functionality won't work when these services are fully retired: </br><ul><li>Playback of protected content in the legacy Windows Media Player on Windows 7</li><li> Playback of protected content  in a Silverlight client and Windows 8 clients</li><li> In-home streaming playback from a Silverlight client or Windows 8 client to an Xbox 360</li><li>Playback of protected content ripped from a personal CD on Windows 7 clients using Windows Media Player </li></ul>  | September 2024 |
+| Paint 3D <!--8995017--> | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 |
+| Adobe Type1 fonts <!--9183716-->| Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows. </br></br> In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 |
+| DirectAccess <!--8713507-->| DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 |
 | NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 |
-| Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | 
+| Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 |
 | NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|
 | Test Base <!--8790681--> | [Test Base for Microsoft 365](/microsoft-365/test-base/overview), an Azure cloud service for application testing, is deprecated. The service will be retired in the future and will be no longer available for use after retirement. | March 2024 |
 | Windows Mixed Reality <!--8412877--> | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in Windows 11, version 24H2. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality), and Steam VR Beta. Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11, version 23H2. After November 2026, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates.</br> </br>This deprecation doesn't affect HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 |
-| Microsoft Defender Application Guard for Edge <!--8591267-->| [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. </br></br> **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated [Windows Store app](https://apps.microsoft.com/detail/9N8GNLC8Z9C8) will not be available after May 2024. This affects the following browsers: [*Application Guard Extension - Chrome*](https://chromewebstore.google.com/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj) and [*Application Guard Extension - Firefox*](https://addons.mozilla.org/firefox/addon/application-guard-extension/). If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). <!--8932292-->| December 2023 |
+| Microsoft Defender Application Guard for Edge <!--8591267-->| [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. </br></br> **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated Windows Store app will not be available after May 2024. This affects the following browsers: *Application Guard Extension - Chrome* and *Application Guard Extension - Firefox*. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). <!--8932292-->| December 2023 |
 | Legacy console mode <!-- 8577271 -->| The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 |
 | Windows speech recognition <!--8396142-->| [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is  deprecated and is no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 |
 | Microsoft Defender Application Guard for Office <!--8396036-->| [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated and will no longer be updated. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac).  | November 2023 |
@@ -72,7 +75,7 @@ The features in this article are no longer being actively developed, and might b
 | Microsoft Support Diagnostic Tool (MSDT) <!--6968128--> | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 |
 | Universal Windows Platform (UWP) Applications for 32-bit Arm <!--7116112-->| This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content isn't applicable. If you aren't sure which type of processor you have, check **Settings** > **System** > **About**.</br> </br> Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 |
 | Update Compliance <!--7260188-->| [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service was replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
-| Windows Information Protection <!-- 6010051 --> | [Windows Information Protection](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).<br> <br>For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
+| Windows Information Protection <!-- 6010051 --> | [Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).<br> <br>For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
 | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**<br>Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation command-line (WMIC) utility. | The WMIC utility is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This utility is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation applies to only the [command-line management utility](/windows/win32/wmisdk/wmic). WMI itself isn't affected. </br> </br> **[Update - January 2024]**: Currently, WMIC is a Feature on Demand (FoD) that's [preinstalled by default](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#wmic) in Windows 11, versions 23H2 and 22H2. In the next release of Windows, the WMIC FoD will be disabled by default. | 21H1 |
@@ -103,7 +106,7 @@ The features in this article are no longer being actively developed, and might b
 |IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
 |RSA/AES Encryption for IIS   | We recommend that users use CNG encryption provider. | 1709 |
 |Screen saver functionality in Themes   | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
-|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
+|Sync your settings (updated: July, 30, 2024) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report.  All other  **Sync your settings** options will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
 |System Image Backup (SIB) Solution|This feature is also known as the **Backup and Restore (Windows 7)** legacy control panel. For full-disk backup solutions, look for a third-party product from another software publisher. You can also use [OneDrive](/onedrive/) to sync data files with Microsoft 365.| 1709 |
 |TLS RC4 Ciphers  |To be disabled by default. For more information, see [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 |
 |Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json
index 6abf313079..586828841b 100644
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@@ -49,19 +49,20 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "What's new in Windows",
       "contributors_to_exclude": [
         "dstrome2",
-        "rjagiewich",  
+        "rjagiewich",
         "American-Dipper",
-        "claydetels19", 
+        "claydetels19",
         "jborsecnik",
         "v-stchambers",
         "shdyas",
         "Stacyrch140",
         "garycentric",
         "dstrome",
-        "beccarobins"
+        "beccarobins",
+        "padmagit77",
+        "aditisrivastava07"
       ],
       "searchScope": [
         "Windows 10"
@@ -72,4 +73,4 @@
     "dest": "win-whats-new",
     "markdownEngineName": "markdig"
   }
-}
\ No newline at end of file
+}
diff --git a/windows/whats-new/feature-lifecycle.md b/windows/whats-new/feature-lifecycle.md
index 9c928556e8..578a92fb51 100644
--- a/windows/whats-new/feature-lifecycle.md
+++ b/windows/whats-new/feature-lifecycle.md
@@ -6,9 +6,9 @@ ms.localizationpriority: medium
 author: mestew
 manager: aaroncz
 ms.author: mstewart
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-fundamentals
-ms.date: 12/15/2023
+ms.date: 07/09/2024
 ms.collection:
   - highpri
   - tier2
diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml
index 4bb62bd59c..f19e236cd4 100644
--- a/windows/whats-new/index.yml
+++ b/windows/whats-new/index.yml
@@ -15,11 +15,13 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 10/31/2023
-  localization_priority: medium
+  ms.date: 07/01/2024
+  ms.localizationpriority: medium
 
 landingContent:
 
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | tutorial | overview | quickstart | reference | sample | tutorial | video | whats-new
+
   - title: Windows 11 planning
     linkLists:
       - linkListType: overview
@@ -49,12 +51,35 @@ landingContent:
       - linkListType: whats-new
         links:
           - text: Extended Security Updates (ESU) program for Windows 10
-            url: extended-security-updates.md        
+            url: extended-security-updates.md
           - text: What's new in Windows 10, version 22H2
             url: whats-new-windows-10-version-22h2.md
-          - text: What's new in Windows 10, version 21H2
-            url: whats-new-windows-10-version-21h2.md
 
+  - title: Windows 10 Enterprise LTSC
+    linkLists:
+      - linkListType: whats-new
+        links:
+          - text: Windows 10 Enterprise LTSC overview
+            url: ltsc/overview.md
+          - text: What's new in Windows 10 Enterprise LTSC 2021
+            url: ltsc/whats-new-windows-10-2021.md
+          - text: What's new in Windows 10 Enterprise LTSC 2019
+            url: ltsc/whats-new-windows-10-2019.md
+          - text: What's new in Windows 10 Enterprise LTSC 2016
+            url: ltsc/whats-new-windows-10-2016.md
+          - text: What's new in Windows 10 Enterprise LTSC 2015
+            url: ltsc/whats-new-windows-10-2015.md
+
+  - title: Deprecated features
+    linkLists:
+      - linkListType: reference
+        links:
+          - text: Windows features we're no longer developing
+            url: deprecated-features.md
+          - text: Features and functionality removed in Windows
+            url: removed-features.md
+          - text: Lifecycle terminology
+            url: feature-lifecycle.md#terminology
 
   - title: Learn more
     linkLists:
@@ -64,15 +89,5 @@ landingContent:
             url: /windows/release-health/windows11-release-information
           - text: Windows release health dashboard
             url: /windows/release-health/
-          - text: Windows 11 update history
-            url: https://support.microsoft.com/topic/windows-11-version-22h2-update-history-ec4229c3-9c5f-4e75-9d6d-9025ab70fcce
-          - text: Windows 10 update history
-            url: https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb
-          - text: Windows features we're no longer developing
-            url: deprecated-features.md
-          - text: Features and functionality removed in Windows
-            url: removed-features.md
           - text: Compare Windows 11 Editions
             url: https://www.microsoft.com/windows/business/compare-windows-11
-          - text: Windows 10 Enterprise LTSC
-            url: ltsc/overview.md
diff --git a/windows/whats-new/ltsc/TOC.yml b/windows/whats-new/ltsc/TOC.yml
deleted file mode 100644
index 3dede78331..0000000000
--- a/windows/whats-new/ltsc/TOC.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-- name: Windows 10 Enterprise LTSC
-  href: index.yml
-  items: 
-    - name: Windows 10 Enterprise LTSC overview
-      href: overview.md    
-    - name: What's new in Windows 10 Enterprise LTSC 2021
-      href: whats-new-windows-10-2021.md
-    - name: What's new in Windows 10 Enterprise LTSC 2019
-      href: whats-new-windows-10-2019.md
-    - name: What's new in Windows 10 Enterprise LTSC 2016
-      href: whats-new-windows-10-2016.md
-    - name: What's new in Windows 10 Enterprise LTSC 2015
-      href: whats-new-windows-10-2015.md
diff --git a/windows/whats-new/ltsc/index.yml b/windows/whats-new/ltsc/index.yml
deleted file mode 100644
index 64c7cef9df..0000000000
--- a/windows/whats-new/ltsc/index.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-### YamlMime:Landing
-
-title: What's new in Windows 10 Enterprise LTSC
-summary: Find out about new features and capabilities in the latest release of Windows 10 Enterprise LTSC for IT professionals.
-
-metadata:
-  title: What's new in Windows 10 Enterprise LTSC
-  description: Find out about new features and capabilities in the latest release of Windows 10 Enterprise LTSC for IT professionals.
-  ms.service: windows-client
-  ms.subservice: itpro-fundamentals
-  ms.topic: landing-page
-  ms.collection:
-    - highpri
-    - tier1
-  author: mestew
-  ms.author: mstewart
-  manager: aaroncz
-  ms.date: 12/18/2023
-  localization_priority: medium
-
-landingContent:
-
-  - title: Windows 10 Enterprise LTSC
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Windows 10 Enterprise LTSC overview
-            url: overview.md
-          - text: What's new in Windows 10 Enterprise LTSC 2021
-            url: whats-new-windows-10-2021.md
-          - text: What's new in Windows 10 Enterprise LTSC 2019
-            url: whats-new-windows-10-2019.md
-          - text: What's new in Windows 10 Enterprise LTSC 2016
-            url: whats-new-windows-10-2016.md
-          - text: What's new in Windows 10 Enterprise LTSC 2015
-            url: whats-new-windows-10-2015.md
-
-  - title: Learn more
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Windows release health dashboard
-            url: /windows/release-health/
-          - text: Windows 10 update history
-            url: https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb
-          - text: Windows features we're no longer developing
-            url: ../deprecated-features.md
-          - text: Features and functionality removed in Windows
-            url: ../removed-features.md
diff --git a/windows/whats-new/ltsc/overview.md b/windows/whats-new/ltsc/overview.md
index 881b172f79..5fb5127bcf 100644
--- a/windows/whats-new/ltsc/overview.md
+++ b/windows/whats-new/ltsc/overview.md
@@ -8,7 +8,7 @@ manager: aaroncz
 ms.localizationpriority: low
 ms.topic: overview
 ms.subservice: itpro-fundamentals
-ms.date: 12/18/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 Enterprise LTSC</a>
 ---
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
index 5679770b95..83b91546d8 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@@ -6,9 +6,9 @@ description: New and updated IT pro content about new features in Windows 10 Ent
 ms.service: windows-client
 author: mestew
 ms.localizationpriority: low
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-fundamentals
-ms.date: 12/18/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2015</a>
 ---
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index eb925170d2..9c94a7e808 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -6,9 +6,9 @@ description: New and updated IT pro content about new features in Windows 10 Ent
 ms.service: windows-client
 author: mestew
 ms.localizationpriority: low
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-fundamentals
-ms.date: 12/18/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2016</a>
 ---
@@ -34,29 +34,6 @@ Windows ICD now includes simplified workflows for creating provisioning packages
 
 [Learn more about using provisioning packages in Windows 10.](/windows/configuration/provisioning-packages/provisioning-packages)
 
-### Windows Upgrade Readiness
-
->[!IMPORTANT]
->Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a General Availability Channel release.
-
-Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for more direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft's experience upgrading millions of devices to Windows 10. 
-
-With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they're known to Microsoft.
-
-Use Upgrade Readiness to get:
-
-- A visual workflow that guides you from pilot to production
-- Detailed computer and application inventory
-- Powerful computer level search and drill-downs
-- Guidance and insights into application and driver compatibility issues, with suggested fixes
-- Data driven application rationalization tools
-- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-- Data export to commonly used software deployment tools
-
-The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready.
-
-[Learn more about planning and managing Windows upgrades with Windows Upgrade Readiness.](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness)
-
 ## Security
 
 ### Credential Guard and Device Guard
@@ -71,7 +48,7 @@ Other changes for Windows Hello in Windows 10 Enterprise LTSC 2016:
 
 - Personal (Microsoft account) and corporate (Active Directory or Entra ID) accounts use a single container for keys.
 - Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**.
-- Beginning in this version of Windows 10, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
+- Beginning in this version of Windows 10, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN, enable the Group Policy setting **Turn on convenience PIN sign-in**.
 
 [Learn more about Windows Hello for Business.](/windows/security/identity-protection/hello-for-business/deploy/requirements)
 
@@ -105,10 +82,7 @@ With the increase of employee-owned devices in the enterprise, there's also an i
 
 Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
 
-- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
-- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
-
-[Learn more about Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
+[Learn more about Windows Information Protection (WIP)](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
 
 ### Windows Defender
 
@@ -130,7 +104,7 @@ With the growing threat from more sophisticated targeted attacks, a new security
 ### VPN security
 
 - The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Microsoft Entra ID, to provide a device compliance option for remote clients.
-- The VPN client can integrate with Windows Information Protection (WIP) policy to provide extra security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
+- The VPN client can integrate with Windows Information Protection (WIP) policy to provide extra security. [Learn more about Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
 - New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
 - Microsoft Intune: *VPN* profile template includes support for native VPN plug-ins. For more information, see [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure).
 
@@ -156,17 +130,17 @@ This version of Windows 10, introduces shared PC mode, which optimizes Windows 1
 
 Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service - in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Microsoft Store, and interact with them as if they were installed locally.
 
-With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you'll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. 
+With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you'll need to download, activate, and install server- and client-side components to start delivering virtual applications to users.
 
-[Learn how to deliver virtual applications with App-V.](/windows/application-management/app-v/appv-getting-started)
+[Learn how to deliver virtual applications with App-V.](/microsoft-desktop-optimization-pack/app-v/appv-getting-started)
 
 ### User Experience Virtualization (UE-V) for Windows 10
 
-Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Microsoft Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 
+Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Microsoft Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options.
 
 With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users sign in, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they sign in to.
 
-With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you'll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. 
+With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you'll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices.
 
 [Learn how to synchronize user-customized settings with UE-V.](/microsoft-desktop-optimization-pack/ue-v/uev-for-windows)
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 0124fa0995..9f16b31604 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -6,9 +6,9 @@ description: New and updated IT Pro content about new features in Windows 10 Ent
 ms.service: windows-client
 author: mestew
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-fundamentals
-ms.date: 12/18/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2019</a>
 ---
@@ -158,9 +158,9 @@ Improvements have been added to Windows Information Protection and BitLocker.
 
 Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection.
 
-Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure).
+Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure).
 
-You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs).
+You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs).
 
 This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive files on-demand for the enterprise](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/onedrive-files-on-demand-for-the-enterprise/ba-p/117234).
 
@@ -484,10 +484,10 @@ Previous versions of the Microsoft Application Virtualization Sequencer (App-V S
 
 For more information, see the following articles:
 
-- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm)
-- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-sequencing)
-- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-updating)
-- [Automatically cleanup unpublished packages on the App-V client](/windows/application-management/app-v/appv-auto-clean-unpublished-packages)
+- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/microsoft-desktop-optimization-pack/app-v/appv-auto-provision-a-vm)
+- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/microsoft-desktop-optimization-pack/app-v/appv-auto-batch-sequencing)
+- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/microsoft-desktop-optimization-pack/app-v/appv-auto-batch-updating)
+- [Automatically cleanup unpublished packages on the App-V client](/microsoft-desktop-optimization-pack/app-v/appv-auto-clean-unpublished-packages)
 
 ### Windows diagnostic data
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
index b7f6c2c73f..f8a15b202a 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -6,9 +6,9 @@ description: New and updated IT Pro content about new features in Windows 10 Ent
 ms.service: windows-client
 author: mestew
 ms.localizationpriority: high
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-fundamentals
-ms.date: 12/18/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2021</a>
 ---
diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md
deleted file mode 100644
index f23820ffe8..0000000000
--- a/windows/whats-new/whats-new-windows-10-version-21H2.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: What's new in Windows 10, version 21H2 for IT pros
-description: Learn more about what's new in Windows 10 version 21H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
-manager: aaroncz
-ms.service: windows-client
-ms.author: mstewart
-author: mestew
-ms.localizationpriority: medium
-ms.topic: conceptual
-ms.collection:
-  - highpri
-  - tier2
-ms.subservice: itpro-fundamentals
-ms.date: 12/31/2017
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10, version 21H2</a>
----
-
-# What's new in Windows 10, version 21H2
-
-Windows 10, version 21H2 is the next feature update. This article lists the new and updated features IT Pros should know. Windows 10, version 21H2 is also known as the Windows 10 November 2021 Update. It includes all features and fixes in previous cumulative updates to Windows 10, version 21H1.
-
-Windows 10, version 21H2 is an [H2-targeted release](/lifecycle/faq/windows#what-is-the-servicing-timeline-for-a-version--feature-update--of-windows-10-), and has the following servicing schedule:
-
-- **Windows 10 Professional**: Serviced for 18 months from the release date.
-- **Windows 10 Enterprise**: Serviced for 30 months from the release date.
-
-Windows 10, version 21H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 10 November 2021 Update](https://blogs.windows.com/windowsexperience/2021/11/16/how-to-get-the-windows-10-november-2021-update/) and [IT tools to support Windows 10, version 21H2 blog](https://aka.ms/tools-for-21h2).
-
-Devices running Windows 10, versions 2004, 20H2, and 21H1 can update quickly to version 21H2 using an enablement package. For more information, see [Feature Update through Windows 10, version 21H2 Enablement Package](https://support.microsoft.com/help/5003791).
-
-To learn more about the status of the November 2021 Update rollout, known issues, and new information, see [Windows release health](/windows/release-health/).
-
-## Updates and servicing
-
-Windows 10, version 21H2 feature updates are installed annually using the General Availability Channel. Previous feature updates were installed using the General Availability Channel. For more information on this change, see the [How to get the Windows 10 November 2021 Update](https://blogs.windows.com/windowsexperience/?p=176473).
-
-Quality updates are still installed monthly on the second Tuesday of the month.
-
-For more information, see:
-
-- [Feature and quality update definitions](/windows/deployment/update/waas-quick-start#definitions)
-- [Windows servicing channels](/windows/deployment/update/waas-overview#servicing-channels)
-
-## GPU compute support for the Windows Subsystem for Linux
-
-Starting with Windows 10 version 21H2, the Windows Subsystem for Linux has full graphics processing unit (GPU) compute support. It was available to Windows Insiders, and is now available to everyone. The Linux binaries can use your Windows GPU, and run different workloads, including artificial intelligence (AI) and machine learning (ML) development workflows.
-
-For more information, and what GPU compute support means for you, see the [GPU accelerated ML training inside the Windows Subsystem for Linux blog post](https://blogs.windows.com/windowsdeveloper/2020/06/17/gpu-accelerated-ml-training-inside-the-windows-subsystem-for-linux/).
-
-## Get the latest CSPs
-
-The [KB5005101  September 1, 2021 update](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1) includes about 1400 CSPs that were made available to MDM providers.
-
-These CSPs are built in to Windows 10, version 21H2. These settings are available in Microsoft Intune in the [Settings Catalog](/mem/intune/configuration/settings-catalog). [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) also includes these GPOs in its analysis.
-
-For more information on the CSPs, see the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
-
-## Apps appear local with Azure Virtual Desktop
-
-Azure virtual desktop is a Windows client OS hosted in the cloud, and runs virtual apps. You use the cloud to deliver virtual apps in real time, and as-needed. Users use the apps as if they're installed locally.
-
-You can create Azure virtual desktops that run Windows 10 version 21H2.
-
-For more information, see:
-
-- [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview)
-- [What's new in Azure Virtual Desktop?](/azure/virtual-desktop/whats-new)
-- [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal)
-
-## Wi-Fi WPA3-Personal H2E support
-
-Wi-Fi WPA3-Personal H2E (Hash-to-Element) support is built in to Windows 10, version 21H2.
-
-## Related articles
-
-- [Release notes for Microsoft Edge Stable Channel](/deployedge/microsoft-edge-relnote-stable-channel)
diff --git a/windows/whats-new/whats-new-windows-10-version-22H2.md b/windows/whats-new/whats-new-windows-10-version-22H2.md
index 3ec8fdc763..a2c3d3e798 100644
--- a/windows/whats-new/whats-new-windows-10-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-22H2.md
@@ -7,8 +7,8 @@ ms.author: mstewart
 author: mestew
 manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: conceptual
-ms.date: 10/18/2022
+ms.topic: reference
+ms.date: 07/09/2024
 ms.collection:
   - highpri
   - tier2
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index d2308ff620..a76a1b6abb 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -6,12 +6,12 @@ ms.service: windows-client
 ms.author: mstewart
 author: mestew
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: reference
 ms.collection:
   - highpri
   - tier2
 ms.subservice: itpro-fundamentals
-ms.date: 08/11/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2</a>
 ---
diff --git a/windows/whats-new/whats-new-windows-11-version-23h2.md b/windows/whats-new/whats-new-windows-11-version-23h2.md
index 421552f353..afc12bea4b 100644
--- a/windows/whats-new/whats-new-windows-11-version-23h2.md
+++ b/windows/whats-new/whats-new-windows-11-version-23h2.md
@@ -6,12 +6,12 @@ ms.service: windows-client
 ms.author: mstewart
 author: mestew
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: reference
 ms.collection:
   - highpri
   - tier2
 ms.subservice: itpro-fundamentals
-ms.date: 10/31/2023
+ms.date: 07/09/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 23H2</a>
 ---
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index a32a7baeb6..c3887cd926 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -1,18 +1,18 @@
 ---
 title: Plan for Windows 11
-description: Windows 11 deployment planning, IT Pro content.
+description: This article provides guidance to help you plan for Windows 11 in your organization.
 ms.service: windows-client
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: high
-ms.topic: conceptual
+ms.topic: get-started
 ms.collection:
   - highpri
   - tier1
   - essentials-get-started
 ms.subservice: itpro-fundamentals
-ms.date: 02/06/2024
+ms.date: 07/12/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -20,98 +20,102 @@ appliesto:
 # Plan for Windows 11
 
 This article provides guidance to help you plan for Windows 11 in your organization.
+
 ## Deployment planning
 
-Since Windows 11 is built on the same foundation as Windows 10, you can use the same deployment capabilities, scenarios, and tools—and the same basic deployment strategy that you use today for Windows 10. You'll need to review and update your servicing strategy to adjust for changes in [Servicing and support](#servicing-and-support) for Windows 11. 
+Since Windows 11 is built on the same foundation as Windows 10, you can use the same deployment capabilities, scenarios, and tools. You can also use the same basic deployment strategy that you use today for Windows 10. Make sure that you review and update your servicing strategy to adjust for changes in [servicing and support](#servicing-and-support) for Windows 11.
 
 At a high level, this strategy should include the following steps:
+
 - [Create a deployment plan](/windows/deployment/update/create-deployment-plan)
 - [Define readiness criteria](/windows/deployment/update/plan-define-readiness)
 - [Evaluate infrastructure and tools](/windows/deployment/update/eval-infra-tools)
-- [Determine application readiness](/windows/deployment/update/plan-determine-app-readiness)
+- [Test applications](/windows/compatibility/windows-11/testing-guidelines)
 - [Define your servicing strategy](/windows/deployment/update/plan-define-strategy)
 
-If you're looking for ways to optimize your approach to deploying Windows 11, or if deploying a new version of an operating system isn't a familiar process for you, some items to consider are provided below:
+If you're looking for ways to optimize your approach to deploying Windows 11, or if deploying a new version of Windows isn't a familiar process for you, consider the factors in the following sections.
 
 ## Determine eligibility
 
-As a first step, you'll need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it's compatible.
+As a first step, determine which of your current devices meet the Windows 11 hardware requirements. To ensure compatibility, verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md).
 
-Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. Users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they're eligible for the upgrade.  
- 
-Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions. 
+Microsoft has analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. If you're running Windows 10 Home, Pro, or Pro for Workstations editions, you can use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine Windows 11 eligibility. Users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they're eligible for the upgrade.
+
+Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as [Endpoint analytics](/mem/analytics/).
 
 ## Windows 11 availability
 
-The availability of Windows 11 will vary according to a device's hardware and whether the device receives updates directly, or from a management solution that is maintained by an IT administrator. 
+The availability of Windows 11 varies according to a device's hardware and whether the device receives updates directly from Microsoft, or from a management solution that's maintained by an IT administrator.
 
-##### Managed devices
+For more information, see [Defining Windows update-managed devices](/windows/deployment/update/update-managed-unmanaged-devices).
 
-Managed devices are devices that are under organizational control. Managed devices include those devices managed by Microsoft Intune, Microsoft Configuration Manager, or other endpoint management solutions. 
+### Managed devices
 
-If you manage devices on behalf of your organization, you'll be able to upgrade eligible devices to Windows 11 using your existing deployment and management tools at no cost when the upgrade reaches general availability. Organizations that use Windows Update for Business will have added benefits, such as:  
+Managed devices are devices that are under organizational control. Managed devices include those devices managed by Microsoft Intune, Microsoft Configuration Manager, or other endpoint management solutions.
 
-- Ensuring that devices that don't meet the minimum hardware requirements aren't automatically offered the Windows 11 upgrade. 
-- More insight into safeguard holds. While safeguard holds will function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business will have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11. 
+If you manage devices on behalf of your organization, you can upgrade eligible devices to Windows 11 using your existing deployment and management tools.
+
+Organizations that use Windows Update for Business also have the following benefits:
+
+- Ensuring that devices that don't meet the minimum hardware requirements aren't automatically offered the Windows 11 upgrade.
+- More insight into safeguard holds. While safeguard holds function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11.
 
 > [!NOTE]
-> Also, Windows 11 has new Microsoft Software License Terms. If you are deploying with Windows Update for Business or Windows Server Update Services, you are accepting these new license terms on behalf of the users in your organization. 
+> Also, Windows 11 has new Microsoft Software License Terms. If you deploy with Windows Update for Business or Windows Server Update Services, you accept these new license terms on behalf of the users in your organization.
 
-##### Unmanaged devices
+### Unmanaged devices
 
-Unmanaged devices are devices that aren't managed by an IT administrator on behalf of an organization. For operating system (OS) deployment, these devices aren't subject to organizational policies that manage upgrades or updates.  
+Unmanaged devices are devices that an IT administrator doesn't manage on behalf of an organization. For OS deployment, these devices aren't subject to organizational policies that manage upgrades or updates.
 
-Windows 11 will be offered to eligible Windows 10 devices beginning later in the 2021 calendar year. Messaging on new devices will vary by PC manufacturer, but users will see labels such as **This PC will upgrade to Windows 11 once available** on products that are available for purchase. 
+Windows 11 was offered to eligible Windows 10 devices in 2021. Messaging on new devices varies by PC manufacturer.
 
-The Windows 11 upgrade will be available initially on eligible, unmanaged devices to users who manually seek the upgrade through Windows Update. As with all Windows Update managed devices, the **Windows Update Settings** page will confirm when a device is eligible, and users can upgrade if they choose to.
+The Windows 11 upgrade is available on eligible, unmanaged devices to users who manually seek the upgrade through Windows Update. As with all Windows Update-managed devices, the **Windows Update** settings page confirms when a device is eligible.
 
-Just like Windows 10, the machine learning-based [intelligent rollout](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860) process will be used when rolling out upgrades. Machine learning uses a combination of testing, close partner engagement, feedback, diagnostic data, and real-life insights to manage quality. This process improves the update experience and ensures that devices first nominated for updates are the devices likely to have a seamless experience. Devices that might have compatibility issues with the upgrade get the benefit of resolving these issues before the upgrade is offered. 
+Just like Windows 10, the machine learning-based [intelligent rollout](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860) process is used when rolling out upgrades. Machine learning uses a combination of testing, close partner engagement, feedback, diagnostic data, and real-life insights to manage quality. This process improves the update experience and ensures that devices first nominated for updates are the devices likely to have a seamless experience. Devices that might have compatibility issues with the upgrade get the benefit of resolving these issues before the upgrade is offered.
 
-## Windows 11 readiness considerations 
+## Windows 11 readiness considerations
 
-The recommended method to determine if your infrastructure, deployment processes, and management tools are ready for Windows 11 is to join the [Windows Insider Program for Business](https://insider.windows.com/for-business). As a participant in the [Release Preview Channel](/windows-insider/business/validate-Release-Preview-Channel), you can validate that your devices and applications work as expected, and explore new features.
+The recommended method to determine if your infrastructure, deployment processes, and management tools are ready for Windows 11 is to join the [Windows Insider Program for Business](https://insider.windows.com/for-business). As a participant in the [release preview channel](/windows-insider/business/validate-Release-Preview-Channel), you can validate that your devices and applications work as expected, and explore new features.
 
 As you plan your endpoint management strategy for Windows 11, consider moving to cloud-based mobile device management (MDM), such as [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). If a cloud-only approach isn't right for your organization yet, you can still modernize and streamline essential pieces of your endpoint management strategy as follows:
-- Create a [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview) (CMG) to manage Configuration Manager clients over the internet.
-- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 
-- Use [co-management](/mem/configmgr/comanage/overview) to concurrently manage devices using both Configuration Manager and Microsoft Intune. This concurrent management allows you to take advantage of cloud-powered capabilities like [Conditional Access](/azure/active-directory/conditional-access/overview). 
 
-For more information on the benefits of these approaches, see [Cloud Attach Your Future: The Big 3](https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-attach-your-future-part-ii-quot-the-big-3-quot/ba-p/1750664). 
+- To manage Configuration Manager clients over the internet, create a [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview) (CMG).
+- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+- Use [co-management](/mem/configmgr/comanage/overview) to concurrently manage devices using both Configuration Manager and Microsoft Intune. This concurrent management allows you to take advantage of cloud-powered capabilities like [conditional access](/azure/active-directory/conditional-access/overview).
+
+For more information on the benefits of these approaches, see [Cloud Attach Your Future: The Big 3](https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-attach-your-future-part-ii-quot-the-big-3-quot/ba-p/1750664).
 
 The introduction of Windows 11 is also a good time to review your hardware refresh plans and prioritize eligible devices to ensure an optimal experience for your users.
 
 ## Servicing and support
 
-Along with user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback. 
+Along with user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback.
 
-**Quality updates**: Windows 11 and Windows 10 devices will receive regular monthly quality updates to provide security updates and bug fixes. 
+- **Quality updates**: Windows 11 and Windows 10 devices receive regular monthly quality updates to provide security updates and bug fixes.
 
-**Feature updates**: Microsoft will provide a single Windows 11 feature update annually, targeted for release in the second half of each calendar year. 
+- **Feature updates**: Microsoft provides a single Windows 11 feature update annually, targeted for release in the second half of each calendar year.
 
-**Lifecycle**:
-- Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 will receive 24 months of support from the general availability date. 
-- Enterprise and Education editions of Windows 11 will be supported for 36 months from the general availability date.
+- **Lifecycle**:
 
-When Windows 11 reaches general availability, a consolidated [Windows 11 update history](https://support.microsoft.com/topic/59875222-b990-4bd9-932f-91a5954de434) is available, similar to what is [available today for Windows 10](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11). Similarly, the [Windows release health](/windows/release-health/) hub will offer quick access to Windows 11 servicing announcements, known issues, and safeguard holds. 
+  - Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 receive 24 months of support from the general availability date.
+  - Enterprise and Education editions of Windows 11 are supported for 36 months from the general availability date.
 
-It's important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations will have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 will continue to receive monthly Windows 10 security updates through 2025, and incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page, which offers information about the Windows 10 General Availability Channel and Long-term Servicing Channel (LTSC) releases. 
+A consolidated [Windows 11 update history](https://support.microsoft.com/topic/59875222-b990-4bd9-932f-91a5954de434) is available. Similarly, the [Windows release health](/windows/release-health/) hub offers quick access to Windows 11 servicing announcements, known issues, and safeguard holds.
+
+It's important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 continue to receive monthly Windows 10 security updates, and incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page.
 
 ## Application compatibility
 
 Microsoft's compatibility promise for Windows 10 is maintained for Windows 11. Data from the App Assure program shows that Windows 10 compatibility rates are over 99.7% for enterprise organizations, including line of business (LOB) apps. Microsoft remains committed to ensuring that the apps you rely upon continue to work as expected when you upgrade. Windows 11 is subject to the same app compatibility validation requirements that are in place for Windows 10 today, for both feature and quality updates.
 
-#### App Assure
+For more information, see [Windows compatibility cookbook](/windows/compatibility/).
 
-If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, App Assure can help. 
+### App Assure
 
-- **App Assure**: With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft will help you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats.
-
-You might already be using App Assure in your Windows 10 environment. The tool will continue to function with Windows 11. 
+If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, App Assure can help. With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft helps you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with more than 150 devices.
 
 ## Next steps
 
 [Prepare for Windows 11](windows-11-prepare.md)
 
-## Also see
-
 [Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/training/modules/windows-plan/)
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index e5852e8ce3..e2cec748bb 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -1,17 +1,17 @@
 ---
 title: Prepare for Windows 11
-description: Prepare your infrastructure and tools to deploy Windows 11, IT Pro content.
+description: Prepare your infrastructure and tools to deploy Windows 11.
 ms.service: windows-client
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: high
-ms.topic: conceptual
+ms.topic: concept-article
 ms.collection:
   - highpri
   - tier1
 ms.subservice: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 07/16/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -21,87 +21,89 @@ appliesto:
 
 Windows 10 and Windows 11 are designed to coexist so that you can use the same familiar tools and processes to manage both operating systems. Using a single management infrastructure that supports common applications across both Windows 10 and Windows 11 helps to simplify the migration process. You can analyze endpoints, determine application compatibility, and manage Windows 11 deployments in the same way that you do with Windows 10.
 
-After you evaluate your hardware to see if it meets [requirements](windows-11-requirements.md) for Windows 11, it's a good time to review your deployment infrastructure, tools, and overall endpoint and update management processes and look for opportunities to simplify and optimize. This article provides some helpful guidance to accomplish these tasks.
+After you evaluate your hardware to see if it meets [requirements](windows-11-requirements.md) for Windows 11, it's a good time to review your deployment infrastructure, tools, and overall endpoint and update management processes. Use this review time to look for opportunities to simplify and optimize. This article provides some helpful guidance to accomplish these tasks.
 
 ## Infrastructure and tools
 
-The tools that you use for core workloads during Windows 10 deployments can still be used for Windows 11. A few nuanced differences are described below. 
+The tools that you use for core workloads during Windows 10 deployments can still be used for Windows 11.
 
-  > [!IMPORTANT]
-  > Be sure to check with the providers of any non-Microsoft solutions that you use. Verify compatibility of these tools with Windows 11, particularly if they provide security or data loss prevention capabilities. 
+> [!IMPORTANT]
+> Be sure to check with the providers of any non-Microsoft solutions that you use. Verify compatibility of these tools with Windows 11, particularly if they provide security or data loss prevention capabilities.
 
-#### On-premises solutions
+### On-premises solutions
 
-- If you use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), you'll need to sync the new Windows 11 product category. After you sync the product category, you'll see Windows 11 offered as an option. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
+- If you use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), you need to sync the Windows 11 product category. After you sync the product category, you'll see Windows 11 offered as an option. If you want to validate Windows 11 builds before their broad release, you can also sync the **Windows Insider Pre-release** category.
 
   > [!NOTE]
-  > During deployment, you will be prompted to agree to the Microsoft Software License Terms on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
+  > During deployment, you'll be prompted to agree to the Microsoft Software License Terms on behalf of your users. Additionally, you won't see an x86 option because Windows 11 isn't supported on 32-bit architecture.
 
-- If you use [Microsoft Configuration Manager](/mem/configmgr/), you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.  
+- If you use [Microsoft Configuration Manager](/mem/configmgr/), you can sync the **Windows 11** product category and begin upgrading eligible devices. If you want to validate Windows 11 builds before their broad release, you can also sync the **Windows Insider Pre-release** category.
 
   > [!NOTE]
-  > Configuration Manager will prompt you to accept the Microsoft Software License Terms on behalf of the users in your organization. 
+  > Configuration Manager will prompt you to accept the Microsoft Software License Terms on behalf of the users in your organization.
 
-#### Cloud-based solutions
+### Cloud-based solutions
 
--	If you use Windows Update for Business policies, you'll need to use the **Target Version** capability (either through policy or the Windows Update for Business deployment service) rather than using feature update deferrals alone to upgrade from Windows 10 to Windows 11. Feature update deferrals are great for moving to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but won't automatically move devices between products (Windows 10 to **Windows 11**). 
-    - If you use Microsoft Intune and have a Microsoft 365 E3 license, you'll be able to use the [feature update deployments](/mem/intune/protect/windows-10-feature-updates) page to select **Windows 11, version 21H2** and upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11 on the **Update Rings** page in Intune. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you're currently on. When you're ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
-    - In Group Policy, **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. 
+- If you use [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) policies, you need to use the **Target Version** capability. This option is either through policy or [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview). You need to use this option instead of only using feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great for moving to newer versions of your current product. For example, Windows 10, version 21H2 to version 22H2. They don't automatically move devices between products, for example Windows 10 to Windows 11.
 
-    - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
-    - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
-- Quality update deferrals will continue to work the same across both Windows 10 and Windows 11, which is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you'll be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you're currently on. When you're ready to start upgrading devices, change the feature update deployment setting to specify **Windows 11**.
+  - If you use [Microsoft Intune](/mem/intune/) and have a Microsoft 365 E3 license, use the [feature update deployments](/mem/intune/protect/windows-10-feature-updates) page to select the latest version of Windows 11 and upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11 on the **Update Rings** page in Intune. If you aren't ready to move to Windows 11, keep the feature update version set at the version you're currently on. When you're ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
+
+  - In group policy, **Select target Feature Update version** has two entry fields: **Product Version** and **Target Version**.
+
+  - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the service offers the device matching versions of the same product.
+
+- Quality update deferrals continue to work the same across both Windows 10 and Windows 11. This behavior is true regardless of which management tool you use to configure Windows Update for Business policies.
 
   > [!NOTE]
-  > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicitly configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy. 
+  > Endpoints managed by Windows Update for Business don't automatically upgrade to Windows 11 unless an administrator explicitly configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) group policy.
 
 ## Cloud-based management
 
-If you aren’t already taking advantage of cloud-based management capabilities, like those available in the [Microsoft Intune family of products](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Intune can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives while protecting user privacy.  
+The cloud-based management capabilities of the [Microsoft Intune family of products](/mem/endpoint-manager-overview) help consolidate device management and endpoint security into a single platform. Microsoft Intune also supports the diverse bring-your-own-device (BYOD) ecosystem that's common with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives while protecting user data.
 
-The following are some common use cases and the corresponding [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) capabilities that support them: 
+The following are some common use cases and the corresponding [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) capabilities that support them:
 
-- **Provision and pre-configure new Windows 11 devices**: [Windows Autopilot](/mem/autopilot/windows-autopilot) enables you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies. It can also be used to change the edition of Windows. For example, you can upgrade from Professional to Enterprise edition and gain the use of advanced features. The [Windows Autopilot diagnostics page](/mem/autopilot/windows-autopilot-whats-new#preview-windows-autopilot-diagnostics-page) is a new feature that is available when you use in Windows Autopilot to deploy Windows 11.
-- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multifactor authentication (MFA) for specific apps. 
-- **Streamline device management for frontline, remote, and onsite workers**: Introduced with Windows 10, [cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. It can be deployed to devices running the Pro, Enterprise, and Education editions of Windows 11 by using Microsoft Intune. 
+- **Provision and pre-configure new Windows 11 devices**: [Windows Autopilot](/autopilot/) enables you to deploy new Windows 11 devices in a business-ready state that includes your desired applications, settings, and policies. It can also be used to change the edition of Windows. For example, you can upgrade from Professional to Enterprise edition and gain the use of advanced features.
 
-If you're exclusively using an on-premises device management solution (for example, Configuration Manager), you can still use the [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview), enable [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions), or enable [co-management](/mem/configmgr/comanage/overview) with Microsoft Intune. These solutions can make it easier to keep devices secure and up-to-date. 
+- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in Microsoft Intune, you have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multifactor authentication (MFA) for specific apps.
+
+- **Streamline device management for frontline, remote, and onsite workers**: [Cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. You can use Microsoft Intune to deploy it to devices running the Pro, Enterprise, and Education editions of Windows 11.
+
+If you're exclusively using an on-premises device management solution like Configuration Manager, you can still use the [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview), enable [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions), or enable [co-management](/mem/configmgr/comanage/overview) with Microsoft Intune. These solutions can make it easier to keep devices secure and up-to-date.
 
 ## Review servicing approach and policies
 
-Every organization will transition to Windows 11 at its own pace. Microsoft is committed to supporting you through your migration to Windows 11, whether you're a fast adopter or will make the transition over the coming months or years. 
+Every organization transitions to Windows 11 at its own pace. Microsoft is committed to supporting you through your migration to Windows 11, whether you're a fast adopter or will make the transition over the coming months or years.
 
-When you think of operating system updates as an ongoing process, you'll automatically improve your ability to deploy updates. This approach enables you to stay current with less effort, and less impact on productivity. To begin, think about how you roll out Windows feature updates today: which devices, and at what pace. 
+When you think of OS updates as an ongoing process, you improve your ability to deploy updates. This approach enables you to stay current with less effort, and less effect on productivity. To begin, think about how you roll out Windows feature updates today: which devices, and at what pace.
 
-Next, craft a deployment plan for **Windows 11** that includes deployment groups, rings, users, or devices. There are no absolute rules for exactly how many rings to have for your deployments, but a common structure is: 
-- Preview (first or canary): Planning and development 
-- Limited (fast or early adopters): Pilot and validation 
-- Broad (users or critical): Wide deployment 
+Next, craft a deployment plan for Windows 11 that includes deployment groups, rings, users, or devices. There are no absolute rules for exactly how many rings to have for your deployments, but the following example is a common structure:
 
-For detailed information, see [Create a deployment plan](/windows/deployment/update/create-deployment-plan).  
+- Preview (first or canary): Planning and development
+- Limited (fast or early adopters): Pilot and validation
+- Broad (users or critical): Wide deployment
 
-#### Review policies
+For more information, see [Create a deployment plan](/windows/deployment/update/create-deployment-plan).
 
-Review deployment-related policies, taking into consideration your organization's security objectives, update compliance deadlines, and device activity. Apply changes where you can gain a clear improvement, particularly regarding the speed of the update process or security. 
+### Review policies
 
-#### Validate apps and infrastructure
+Review deployment-related policies, and take into consideration your organization's security objectives, update compliance deadlines, and device activity. Apply changes where you can gain a clear improvement, particularly regarding the speed of the update process or security.
 
-To validate that your apps, infrastructure, and deployment processes are ready for Windows 11, join the [Windows Insider Program for Business](https://insider.windows.com/for-business-getting-started), and opt into the [Release Preview Channel](/windows-insider/business/validate-Release-Preview-Channel).  
+### Validate apps and infrastructure
 
-If you use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), you can deploy directly from the Windows Insider Pre-release category using one of the following processes:
+To validate that your apps, infrastructure, and deployment processes are ready for Windows 11, join the [Windows Insider Program for Business](https://insider.windows.com/for-business-getting-started). Then opt into the [Release Preview Channel](/windows-insider/business/validate-Release-Preview-Channel).
 
-- Set **Manage Preview Builds** to **Release Preview** in Windows Update for Business. 
-- Use Azure Virtual Desktop and Azure Marketplace images. 
-- Download and deploy ISOs from Microsoft’s Windows Insider Program ISO Download page. 
+If you use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), you can deploy directly from the Windows Insider Prerelease category using one of the following processes:
 
-Regardless of the method you choose, you have the benefit of free Microsoft support when validating pre-release builds. Free support is available to any commercial customer deploying Windows 10 or Windows 11 Preview Builds, once they become available through the Windows Insider Program. 
+- Set **Manage Preview Builds** to **Release Preview** in Windows Update for Business.
+- Use Azure Virtual Desktop and Azure Marketplace images.
+- Download and deploy ISOs from Microsoft's Windows Insider Program ISO download page.
 
-#### Analytics and assessment tools 
+Regardless of the method you choose, you have the benefit of free Microsoft support when validating prerelease builds. Free support is available to any commercial customer deploying Windows 10 or Windows 11 Preview Builds, once they become available through the Windows Insider Program.
 
-If you use Microsoft Intune and have onboarded devices to Endpoint analytics, you'll have access to a hardware readiness assessment later this year. This tool enables you to quickly identify which of your managed devices are eligible for the Windows 11 upgrade.
+### Analytics and assessment tools
 
-[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) doesn't support Windows 11. You must use [Endpoint analytics](/mem/analytics/overview).
+If you use Microsoft Intune and have onboarded devices to [Endpoint analytics](/mem/analytics/overview), you have access to a hardware readiness assessment. This tool enables you to quickly identify which of your managed devices are eligible for the Windows 11 upgrade.
 
 ## Prepare a pilot deployment
 
@@ -119,19 +121,18 @@ At a high level, the tasks involved are:
 
 ## User readiness
 
-Don't overlook the importance of user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They'll also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and your IT support staff for Windows 11:
+Don't overlook the importance of user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They'll also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and IT support staff for Windows 11:
 
 - Create a communications schedule to ensure that you provide the right message at the right time to the right groups of users, based on when they'll see the changes.
 - Draft concise emails that inform users of what changes they can expect to see. Offer tips on how to use or customize their experience. Include information about support and help desk options.
 - Update help desk manuals with screenshots of the new user interface, the out-of-box experience for new devices, and the upgrade experience for existing devices.
 
-## Learn more
-
-See the [Stay current with Windows 10 and Microsoft 365 Apps](/training/paths/m365-stay-current/) learning path.
-
-- The learning path was created for Windows 10, but the basic principles and tasks outlined for the plan, prepare, and deploy phases also apply to your deployment of Windows 11.
+For more information and resources, see the [Meet Windows 11](https://support.microsoft.com/meetwindows11) video series.
 
 ## See also
 
-[Plan for Windows 11](windows-11-plan.md)<br>
-[Windows help & learning](https://support.microsoft.com/windows)
+[Stay current with Windows devices and Microsoft 365 Apps](/training/paths/m365-stay-current/)
+
+[Plan for Windows 11](windows-11-plan.md)
+
+[Windows help & learning for users](https://support.microsoft.com/windows)
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index 62733bd8d1..a348f85ad3 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -60,7 +60,7 @@ To upgrade directly to Windows 11, eligible Windows 10 devices must meet both of
 > [!NOTE]
 >
 > - S mode is only supported on the Home edition of Windows 11.
-> - If you're running a different edition of Windows in S mode, before upgrading to Windows 11, first [switch out of S mode](/windows/deployment/windows-10-pro-in-s-mode).
+> - If you're running a different edition of Windows in S mode, before upgrading to Windows 11, first [switch out of S mode](/previous-versions/windows/it-pro/windows-10/deployment/s-mode/switch-edition-from-s-mode).
 > - To switch a device out of Windows 10 in S mode also requires internet connectivity. If you switch out of S mode, you can't switch back to S mode later.
 
 ## Feature-specific requirements
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 78678bf0c6..40e15cb0a2 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -83,7 +83,6 @@ The following table describes the unique Windows Enterprise cloud-based features
 |-|-|
 |**[Windows subscription activation][WIN-5]**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.|
 |**[Windows Autopatch][WIN-6]**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.|
-|**[Windows Update For Business deployment service][WIN-7]**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.|
 |**[Universal Print][UP-1]**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.|
 |**[Microsoft Connected Cache][WIN-8]**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.|
 |**[Endpoint analytics proactive remediation][MEM-1]**|Helps you fix common support issues before end-users notice them.|
@@ -155,7 +154,6 @@ The following table lists the Windows 11 Enterprise cloud-based features and the
 |-|-|-|
 |**[Windows subscription activation][WIN-5]**|Yes|Yes|
 |**[Windows Autopatch][WIN-6]**|Yes|Yes|
-|**[Windows Update For Business deployment service][WIN-7]**|Yes|Yes|
 |**[Universal Print][UP-1]**|Yes|Yes|
 |**[Microsoft Connected Cache][WIN-8]**|Yes|Yes|
 |**[Endpoint analytics proactive remediation][MEM-1]**|Yes|Yes|