From 26e4089ab6cc08d48355f25e676f3f121ee6c05f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 7 Jan 2021 15:41:15 +0530
Subject: [PATCH 01/13] Updated-4749599ASCII61-73

---
 .../mdm/tenantlockdown-csp.md                 |  10 +-
 .../client-management/mdm/tpmpolicy-csp.md    |  10 +-
 windows/client-management/mdm/uefi-csp.md     |  31 +-
 windows/client-management/mdm/update-csp.md   |  33 +-
 windows/client-management/mdm/vpnv2-csp.md    | 284 +++++++++++++++++-
 .../mdm/win32appinventory-csp.md              |  19 +-
 .../mdm/win32compatibilityappraiser-csp.md    |  31 +-
 .../windowsdefenderapplicationguard-csp.md    |  25 +-
 .../mdm/windowslicensing-csp.md               |  24 +-
 .../mdm/windowssecurityauditing-csp.md        |  11 +-
 .../client-management/mdm/wirednetwork-csp.md |  20 +-
 11 files changed, 459 insertions(+), 39 deletions(-)

diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index 5ce1c2c024..5d0e4743b0 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -21,10 +21,12 @@ The TenantLockdown configuration service provider is used by the IT admin to loc
 > [!NOTE]
 > The forced network connection is only applicable to devices after reset (not new).
 
-The following diagram shows the TenantLockdown configuration service provider in tree format.
-
-![TenantLockdown CSP diagram](images/provisioning-csp-tenantlockdown.png)
-
+The following shows the TenantLockdown configuration service provider in tree format.
+```
+./Vendor/MSFT
+TenantLockdown
+----RequireNetworkInOOBE
+```
 <a href="" id="tenantlockdown"></a>**./Vendor/MSFT/TenantLockdown**  
 The root node.
 
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index f97ea96a00..47ff18527a 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -18,10 +18,12 @@ The TPMPolicy configuration service provider (CSP) provides a mechanism to enabl
 
 The TPMPolicy CSP was added in Windows 10, version 1703.
 
-The following diagram shows the TPMPolicy configuration service provider in tree format.
-
-![tpmpolicy csp](images/provisioning-csp-tpmpolicy.png)
-
+The following shows the TPMPolicy configuration service provider in tree format.
+```
+./Vendor/MSFT
+TPMPolicy
+----IsActiveZeroExhaust
+```
 <a href="" id="--device-vendor-msft-tpmpolicy"></a>**./Device/Vendor/MSFT/TPMPolicy**  
 <p style="margin-left: 20px">Defines the root node.</p>
 
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index c26f13353d..c6d416f858 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -22,10 +22,33 @@ The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmwa
 > [!NOTE]
 > The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
 
-The following diagram shows the UEFI CSP in tree format.
-
-![Uefi CSP diagram](images/provisioning-csp-uefi.png)
-
+The following shows the UEFI CSP in tree format.
+```
+./Vendor/MSFT
+Uefi
+----DeviceIdentifier
+----Identity
+--------Current
+--------Apply
+--------Result
+----Permissions
+--------Current
+--------Apply
+--------Result
+----Settings
+--------Current
+--------Apply
+--------Result
+----Identity2
+--------Apply
+--------Result
+----Permissions2
+--------Apply
+--------Result
+----Settings2
+--------Apply
+--------Result
+```
 The following list describes the characteristics and parameters.
 
 <a href="" id="uefi"></a>**./Vendor/MSFT/Uefi**  
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 183c89df6d..875bce0570 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -19,10 +19,37 @@ The Update configuration service provider enables IT administrators to manage an
 > [!Note]
 > The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. 
 
-The following diagram shows the Update configuration service provider in tree format.
-
-![update csp diagram](images/provisioning-csp-update.png)
+The following shows the Update configuration service provider in tree format.
 
+```./Vendor/MSFT
+Update
+----ApprovedUpdates
+--------Approved Update Guid
+------------ApprovedTime
+----FailedUpdates
+--------Failed Update Guid
+------------HResult
+------------Status
+------------RevisionNumber
+----InstalledUpdates
+--------Installed Update Guid
+------------RevisionNumber
+----InstallableUpdates
+--------Installable Update Guid
+------------Type
+------------RevisionNumber
+----PendingRebootUpdates
+--------Pending Reboot Update Guid
+------------InstalledTime
+------------RevisionNumber
+----LastSuccessfulScanTime
+----DeferUpgrade
+----Rollback
+--------QualityUpdate
+--------FeatureUpdate
+--------QualityUpdateStatus
+--------FeatureUpdateStatus
+```
 <a href="" id="update"></a>**Update**
 <p style="margin-left: 20px">The root node.
 
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 0325decbfc..5536506714 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -33,10 +33,290 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll
 - `C:\\Windows\\schemas\\EAPHost`
 - `C:\\Windows\\schemas\\EAPMethods`
 
-The following diagram shows the VPNv2 configuration service provider in tree format.
+The following shows the VPNv2 configuration service provider in tree format.
 
-![vpnv2 csp diagram](images/provisioning-csp-vpnv2.png)
+```
+./Vendor/MSFT
+VPNv2
+----ProfileName
+--------AppTriggerList
+------------appTriggerRowId
+----------------App
+--------------------Id
+--------------------Type
+--------RouteList
+------------routeRowId
+----------------Address
+----------------PrefixSize
+----------------Metric
+----------------ExclusionRoute
+--------DomainNameInformationList
+------------dniRowId
+----------------DomainName
+----------------DomainNameType
+----------------DnsServers
+----------------WebProxyServers
+----------------AutoTrigger
+----------------Persistent
+--------TrafficFilterList
+------------trafficFilterId
+----------------App
+--------------------Id
+--------------------Type
+----------------Claims
+----------------Protocol
+----------------LocalPortRanges
+----------------RemotePortRanges
+----------------LocalAddressRanges
+----------------RemoteAddressRanges
+----------------RoutingPolicyType
+----------------Direction
+--------EdpModeId
+--------RememberCredentials
+--------AlwaysOn
+--------LockDown
+--------DeviceTunnel
+--------RegisterDNS
+--------DnsSuffix
+--------ByPassForLocal
+--------TrustedNetworkDetection
+--------ProfileXML
+--------Proxy
+------------Manual
+----------------Server
+------------AutoConfigUrl
+--------APNBinding
+------------ProviderId
+------------AccessPointName
+------------UserName
+------------Password
+------------IsCompressionEnabled
+------------AuthenticationType
+--------DeviceCompliance
+------------Enabled
+------------Sso
+----------------Enabled
+----------------IssuerHash
+----------------Eku
+--------PluginProfile
+------------ServerUrlList
+------------CustomConfiguration
+------------PluginPackageFamilyName
+------------CustomStoreUrl
+------------WebAuth
+----------------Enabled
+----------------ClientId
+--------NativeProfile
+------------Servers
+------------RoutingPolicyType
+------------NativeProtocolType
+------------Authentication
+----------------UserMethod
+----------------MachineMethod
+----------------Eap
+--------------------Configuration
+--------------------Type
+----------------Certificate
+--------------------Issuer
+--------------------Eku
+------------CryptographySuite
+----------------AuthenticationTransformConstants
+----------------CipherTransformConstants
+----------------EncryptionMethod
+----------------IntegrityCheckMethod
+----------------DHGroup
+----------------PfsGroup
+------------L2tpPsk
+------------DisableClassBasedDefaultRoute
+------------PlumbIKEv2TSAsRoutes
 
+
+./User/Vendor/MSFT
+VPNv2
+----ProfileName
+--------AppTriggerList
+------------appTriggerRowId
+----------------App
+--------------------Id
+--------------------Type
+--------RouteList
+------------routeRowId
+----------------Address
+----------------PrefixSize
+----------------Metric
+----------------ExclusionRoute
+--------DomainNameInformationList
+------------dniRowId
+----------------DomainName
+----------------DomainNameType
+----------------DnsServers
+----------------WebProxyServers
+----------------AutoTrigger
+----------------Persistent
+--------TrafficFilterList
+------------trafficFilterId
+----------------App
+--------------------Id
+--------------------Type
+----------------Claims
+----------------Protocol
+----------------LocalPortRanges
+----------------RemotePortRanges
+----------------LocalAddressRanges
+----------------RemoteAddressRanges
+----------------RoutingPolicyType
+--------EdpModeId
+--------RememberCredentials
+--------AlwaysOn
+--------DnsSuffix
+--------ByPassForLocal
+--------TrustedNetworkDetection
+--------ProfileXML
+--------Proxy
+------------Manual
+----------------Server
+------------AutoConfigUrl
+--------APNBinding
+------------ProviderId
+------------AccessPointName
+------------UserName
+------------Password
+------------IsCompressionEnabled
+------------AuthenticationType
+--------DeviceCompliance
+------------Enabled
+------------Sso
+----------------Enabled
+----------------IssuerHash
+----------------Eku
+--------PluginProfile
+------------ServerUrlList
+------------CustomConfiguration
+------------PluginPackageFamilyName
+------------CustomStoreUrl
+------------WebAuth
+----------------Enabled
+----------------ClientId
+--------NativeProfile
+------------Servers
+------------RoutingPolicyType
+------------NativeProtocolType
+------------Authentication
+----------------UserMethod
+----------------MachineMethod
+----------------Eap
+--------------------Configuration
+--------------------Type
+----------------Certificate
+--------------------Issuer
+--------------------Eku
+------------CryptographySuite
+----------------AuthenticationTransformConstants
+----------------CipherTransformConstants
+----------------EncryptionMethod
+----------------IntegrityCheckMethod
+----------------DHGroup
+----------------PfsGroup
+------------L2tpPsk
+------------DisableClassBasedDefaultRoute
+------------PlumbIKEv2TSAsRoutes
+
+
+./Vendor/MSFT
+./User/Vendor/MSFT
+VPNv2
+----ProfileName
+--------AppTriggerList
+------------appTriggerRowId
+----------------App
+--------------------Id
+--------------------Type
+--------RouteList
+------------routeRowId
+----------------Address
+----------------PrefixSize
+----------------Metric
+----------------ExclusionRoute
+--------DomainNameInformationList
+------------dniRowId
+----------------DomainName
+----------------DomainNameType
+----------------DnsServers
+----------------WebProxyServers
+----------------AutoTrigger
+----------------Persistent
+--------TrafficFilterList
+------------trafficFilterId
+----------------App
+--------------------Id
+--------------------Type
+----------------Claims
+----------------Protocol
+----------------LocalPortRanges
+----------------RemotePortRanges
+----------------LocalAddressRanges
+----------------RemoteAddressRanges
+----------------RoutingPolicyType
+----------------Direction
+--------EdpModeId
+--------RememberCredentials
+--------AlwaysOn
+--------LockDown
+--------DeviceTunnel
+--------RegisterDNS
+--------DnsSuffix
+--------ByPassForLocal
+--------TrustedNetworkDetection
+--------ProfileXML
+--------Proxy
+------------Manual
+----------------Server
+------------AutoConfigUrl
+--------APNBinding
+------------ProviderId
+------------AccessPointName
+------------UserName
+------------Password
+------------IsCompressionEnabled
+------------AuthenticationType
+--------DeviceCompliance
+------------Enabled
+------------Sso
+----------------Enabled
+----------------IssuerHash
+----------------Eku
+--------PluginProfile
+------------ServerUrlList
+------------CustomConfiguration
+------------PluginPackageFamilyName
+------------CustomStoreUrl
+------------WebAuth
+----------------Enabled
+----------------ClientId
+--------NativeProfile
+------------Servers
+------------RoutingPolicyType
+------------NativeProtocolType
+------------Authentication
+----------------UserMethod
+----------------MachineMethod
+----------------Eap
+--------------------Configuration
+--------------------Type
+----------------Certificate
+--------------------Issuer
+--------------------Eku
+------------CryptographySuite
+----------------AuthenticationTransformConstants
+----------------CipherTransformConstants
+----------------EncryptionMethod
+----------------IntegrityCheckMethod
+----------------DHGroup
+----------------PfsGroup
+------------L2tpPsk
+------------DisableClassBasedDefaultRoute
+------------PlumbIKEv2TSAsRoutes
+```
 <a href="" id="device-or-user-profile"></a>**Device or User profile**  
 For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path.
 
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index f6b422ce6d..1e0af5deb5 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -17,10 +17,21 @@ ms.date: 06/26/2017
 
 The Win32AppInventory configuration service provider is used to provide an inventory of installed applications on a device.
 
-The following diagram shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
-
-![win32appinventory csp diagram](images/provisioning-csp-win32appinventory.png)
-
+The following shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+```
+./Vendor/MSFT
+Win32AppInventory
+----Win32InstalledProgram
+--------InstalledProgram
+------------Name
+------------Publisher
+------------Version
+------------Language
+------------RegKey
+------------Source
+------------MsiProductCode
+------------MsiPackageCode
+```
 <a href="" id="--vendor-msft-win32appinventory"></a>**./Vendor/MSFT/Win32AppInventory**  
 The root node for the Win32AppInventory configuration service provider.
 
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index be248b783d..a9a712c79d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -18,10 +18,33 @@ manager: dansimp
 
 The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, version 1809.
 
-The following diagram shows the Win32CompatibilityAppraiser configuration service provider in tree format.
-
-![Win32CompatibilityAppraiser CSP diagram](images/provisioning-csp-win32compatibilityappraiser.png)
-
+The following shows the Win32CompatibilityAppraiser configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+Win32CompatibilityAppraiser
+----CompatibilityAppraiser
+--------AppraiserConfigurationDiagnosis
+------------CommercialId
+------------CommercialIdSetAndValid
+------------AllTargetOsVersionsRequested
+------------OsSkuIsValidForAppraiser
+------------AppraiserCodeAndDataVersionsAboveMinimum
+------------RebootPending
+--------AppraiserRunResultReport
+----UniversalTelemetryClient
+--------UtcConfigurationDiagnosis
+------------TelemetryOptIn
+------------CommercialDataOptIn
+------------DiagTrackServiceRunning
+------------MsaServiceEnabled
+------------InternetExplorerTelemetryOptIn
+--------UtcConnectionReport
+----WindowsErrorReporting
+--------WerConfigurationDiagnosis
+------------WerTelemetryOptIn
+------------MostRestrictiveSetting
+--------WerConnectionReport
+```
 <a href="" id="accountmanagement"></a>**./Vendor/MSFT/Win32CompatibilityAppraiser**  
 The root node for the Win32CompatibilityAppraiser configuration service provider.
 
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 6699a32617..f8763ab613 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -15,10 +15,27 @@ manager: dansimp
 
 The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
 
-The following diagram shows the WindowsDefenderApplicationGuard configuration service provider in tree format.
-
-![windowsdefenderapplicationguard csp](images/provisioning-csp-windowsdefenderapplicationguard.png)
-
+The following shows the WindowsDefenderApplicationGuard configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+WindowsDefenderApplicationGuard
+----Settings
+--------AllowWindowsDefenderApplicationGuard
+--------ClipboardFileType
+--------ClipboardSettings
+--------PrintingSettings
+--------BlockNonEnterpriseContent
+--------AllowPersistence
+--------AllowVirtualGPU
+--------SaveFilesToHost
+--------CertificateThumbprints
+--------AllowCameraMicrophoneRedirection
+----Status
+----PlatformStatus
+----InstallWindowsDefenderApplicationGuard
+----Audit
+--------AuditApplicationGuard
+```
 <a href="" id="windowsdefenderapplicationguard"></a>**./Device/Vendor/MSFT/WindowsDefenderApplicationGuard**  
 Root node. Supported operation is Get.
 
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index b46f76e935..415223e693 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -19,10 +19,26 @@ ms.date: 08/15/2018
 
 The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 desktop and mobile devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 desktop devices.
 
-The following diagram shows the WindowsLicensing configuration service provider in tree format.
-
-![windowslicensing csp diagram](images/provisioning-csp-windowslicensing.png)
-
+The following shows the WindowsLicensing configuration service provider in tree format.
+```
+./Vendor/MSFT
+WindowsLicensing
+----UpgradeEditionWithProductKey
+----ChangeProductKey
+----Edition
+----Status
+----UpgradeEditionWithLicense
+----LicenseKeyType
+----CheckApplicability
+----Subscriptions
+--------SubscriptionId
+------------Status
+------------Name
+----SMode
+--------SwitchingPolicy
+--------SwitchFromSMode
+--------Status
+```
 <a href="" id="--device-vendor-msft-windowslicensing"></a>**./Device/Vendor/MSFT/WindowsLicensing**  
 This is the root node for the WindowsLicensing configuration service provider.
 
diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md
index ffd68aa965..8dc07634aa 100644
--- a/windows/client-management/mdm/windowssecurityauditing-csp.md
+++ b/windows/client-management/mdm/windowssecurityauditing-csp.md
@@ -17,10 +17,13 @@ ms.date: 06/26/2017
 
 The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. Make sure to consult the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference) to see if this CSP and others are supported on your Windows installation.
 
-The following diagram shows the WindowsSecurityAuditing configuration service provider in tree format.
-
-![windowssecurityauditing csp diagram](images/provisioning-csp-windowssecurityauditing.png)
-
+The following shows the WindowsSecurityAuditing configuration service provider in tree format.
+```
+./Vendor/MSFT
+WindowsSecurityAuditing
+----ConfigurationSettings
+--------EnableSecurityAuditing
+```
 <a href="" id="windowssecurityauditing"></a>**WindowsSecurityAuditing**  
 Root node.
 
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index d4f5426134..ed5591ef9b 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -18,10 +18,26 @@ manager: dansimp
 
 The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, version 1809.
 
-The following diagram shows the WiredNetwork configuration service provider in tree format.
+The following shows the WiredNetwork configuration service provider in tree format.
+```
+./User/Vendor/MSFT
+WiredNetwork
+----LanXML
+----EnableBlockPeriod
 
-![WiredNetwork CSP diagram](images/provisioning-csp-wirednetwork.png) 
 
+./Device/Vendor/MSFT
+WiredNetwork
+----LanXML
+----EnableBlockPeriod
+
+
+./User/Vendor/MSFT
+./Device/Vendor/MSFT
+WiredNetwork
+----LanXML
+----EnableBlockPeriod
+```
 <a href="" id="wirednetwork"></a>**./Device/Vendor/MSFT/WiredNetwork**  
 Root node.
 

From 3b252f923d643b112fbabfc4ec43505b20f7d76f Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Fri, 8 Jan 2021 22:22:50 +0530
Subject: [PATCH 02/13] Update tenantlockdown-csp.md

---
 windows/client-management/mdm/tenantlockdown-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index 5d0e4743b0..3c062277a0 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -1,6 +1,6 @@
 ---
 title: TenantLockdown CSP
-description: 
+description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 7ed044285c393828544ad848323cba0a21119b89 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 22 Jan 2021 12:26:18 +0530
Subject: [PATCH 03/13] Update windowslicensing-csp.md

---
 .../mdm/windowslicensing-csp.md                 | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 415223e693..9c3bf1705a 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -30,14 +30,15 @@ WindowsLicensing
 ----UpgradeEditionWithLicense
 ----LicenseKeyType
 ----CheckApplicability
-----Subscriptions
---------SubscriptionId
-------------Status
-------------Name
-----SMode
---------SwitchingPolicy
---------SwitchFromSMode
---------Status
+----ChangeProductKey (Added in Windows 10, version 1703)
+----Subscriptions (Added in Windows 10, version 1607)
+--------SubscriptionId (Added in Windows 10, version 1607)
+------------Status (Added in Windows 10, version 1607)
+------------Name (Added in Windows 10, version 1607)
+----SMode (Added in Windows 10, version 1809)
+--------SwitchingPolicy (Added in Windows 10, version 1809)
+--------SwitchFromSMode (Added in Windows 10, version 1809)
+--------Status (Added in Windows 10, version 1809)
 ```
 <a href="" id="--device-vendor-msft-windowslicensing"></a>**./Device/Vendor/MSFT/WindowsLicensing**  
 This is the root node for the WindowsLicensing configuration service provider.

From ab1404fdb8c99d73f21c9fe56e05de63f7e32e17 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 5 Mar 2021 11:05:20 +0530
Subject: [PATCH 04/13] Update tpmpolicy-csp.md

---
 windows/client-management/mdm/tpmpolicy-csp.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 47ff18527a..863fa75311 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -14,7 +14,7 @@ manager: dansimp
 # TPMPolicy CSP
 
 
-The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
+The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
 
 The TPMPolicy CSP was added in Windows 10, version 1703.
 
@@ -28,13 +28,13 @@ TPMPolicy
 <p style="margin-left: 20px">Defines the root node.</p>
 
 <a href="" id="isactivezeroexhaust"></a>**IsActiveZeroExhaust**  
-<p style="margin-left: 20px">Boolean value that indicates whether network traffic from the device to public IP addresses are not allowed unless directly intended by the user (zero exhaust). Default value is false. Some examples when zero exhaust is configured:</p>
+<p style="margin-left: 20px">Boolean value that indicates whether network traffic from the device to public IP addresses is not allowed unless directly intended by the user (zero exhaust). Default value is false. Some examples when zero exhaust is configured:</p>
 
 <ul>
 <li>There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected. </li>
 <li>There should be no traffic during installation of Windows and first logon when local ID is used.</li>
-<li>Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.</li>
-<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, etc.) to Microsoft.</li>
+<li>Launching and using a local app (Notepad, Paint, and so on.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, and so on.) should not send any traffic.</li>
+<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, and so on.) to Microsoft.</li>
 </ul>
 
 Here is an example:

From 29483e2175b2b0c57be126d0e7c2926f6906474b Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 5 Mar 2021 11:13:04 +0530
Subject: [PATCH 05/13] Update vpnv2-csp.md

---
 windows/client-management/mdm/vpnv2-csp.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 8c1273b031..e434489be8 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -513,7 +513,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil
 - SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces.
 - ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.
 
-This is only applicable for App ID based Traffic Filter rules.
+This is only applicable for App ID-based Traffic Filter rules.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -528,7 +528,7 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-edpmodeid"></a>**VPNv2/**<em>ProfileName</em>**/EdpModeId**  
-Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 
 Additionally when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.
 
@@ -573,7 +573,7 @@ When the DeviceTunnel profile is turned on, it does the following things:
 
 - First, it automatically becomes an "always on" profile.
 - Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
-- Third, no other device tunnel profile maybe be present on the same machine.
+- Third, no other device tunnel profile maybe is present on the same machine.-
 
 A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
 
@@ -596,7 +596,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 Reserved for future use.
 
 <a href="" id="vpnv2-profilename-trustednetworkdetection"></a>**VPNv2/**<em>ProfileName</em>**/TrustedNetworkDetection**  
-Optional. Comma separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device.
+Optional. Comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -667,7 +667,7 @@ Added in Windows 10, version 1607. Hashes for the VPN Client to look for the co
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-devicecompliance-sso-eku"></a>**VPNv2/**<em>ProfileName</em>**/DeviceCompliance/Sso/Eku**  
-Added in Windows 10, version 1607. Comma Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.
+Added in Windows 10, version 1607. Comma-Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -862,7 +862,7 @@ Added in Windows 10, version 1607. The preshared key used for an L2TP connectio
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-nativeprofile-disableclassbaseddefaultroute"></a>**VPNv2/**<em>ProfileName</em>**/NativeProfile/DisableClassBasedDefaultRoute**  
-Added in Windows 10, version 1607. Specifies the class based default routes. For example, if the interface IP begins with 10, it assumes a class a IP and pushes the route to 10.0.0.0/8
+Added in Windows 10, version 1607. Specifies the class-based default routes. For example, if the interface IP begins with 10, it assumes a class an IP and pushes the route to 10.0.0.0/8
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 

From e50e370e48fdaac3d6f8f1323715050696bb3e05 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 5 Mar 2021 11:19:34 +0530
Subject: [PATCH 06/13] Update win32compatibilityappraiser-csp.md

---
 .../client-management/mdm/win32compatibilityappraiser-csp.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index a9a712c79d..a3868db287 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Win32CompatibilityAppraiser CSP
-description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health.
+description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -16,7 +16,7 @@ manager: dansimp
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, version 1809.
+The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health. This CSP was added in Windows 10, version 1809.
 
 The following shows the Win32CompatibilityAppraiser configuration service provider in tree format.
 ```

From 11c2fb427094b001c453559a01b0efe8fb3781e2 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 5 Mar 2021 11:21:24 +0530
Subject: [PATCH 07/13] Rename uefi-csp.md to UEFI-csp.md

---
 windows/client-management/mdm/{uefi-csp.md => UEFI-csp.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/client-management/mdm/{uefi-csp.md => UEFI-csp.md} (100%)

diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/UEFI-csp.md
similarity index 100%
rename from windows/client-management/mdm/uefi-csp.md
rename to windows/client-management/mdm/UEFI-csp.md

From 7fa67cde70e496d35d3e2ee7a26a2133ab850f92 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 5 Mar 2021 11:26:24 +0530
Subject: [PATCH 08/13] Update vpnv2-csp.md

---
 windows/client-management/mdm/vpnv2-csp.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index e434489be8..e4a2c9975f 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -399,15 +399,15 @@ Supported operations include Get, Add, Replace, and Delete.
 Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types:
 
 - FQDN - Fully qualified domain name
-- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend a **.** to the DNS suffix.
+- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend **.** to the DNS suffix.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-domainnametype"></a>**VPNv2/**<em>ProfileName</em>**/DomainNameInformationList/**<em>dniRowId</em>**/DomainNameType**  
 Returns the namespace type. This value can be one of the following:
 
-- FQDN - If the DomainName was not prepended with a **.** and applies only to the fully qualified domain name (FQDN) of a specified host.
-- Suffix - If the DomainName was prepended with a **.** and applies to the specified namespace, all records in that namespace, and all subdomains.
+- FQDN - If the DomainName was not prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host.
+- Suffix - If the DomainName was prepended with a**.** and applies to the specified namespace, all records in that namespace, and all subdomains.
 
 Value type is chr. Supported operation is Get.
 

From 4ad258732e2c7b318ed4b6a3d47cd70acbd24203 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Mar 2021 18:48:47 +0200
Subject: [PATCH 09/13] Update gov.md

MDE for DoD is now GA'd.
---
 .../threat-protection/microsoft-defender-atp/gov.md | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index e40a3ed5d3..e119763d43 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -47,9 +47,6 @@ GCC | GCC High | DoD
 Microsoft Defender for Endpoint Server GCC | Microsoft Defender for Endpoint Server for GCC High | Microsoft Defender for Endpoint Server for DOD
 Azure Defender for Servers | Azure Defender for Servers - Government | Azure Defender for Servers - Government
 
-> [!NOTE]
-> DoD licensing will only be available at DoD general availability.
-
 <br>
 
 ## Portal URLs
@@ -59,7 +56,7 @@ Customer type | Portal URL
 :---|:---
 GCC | https://gcc.securitycenter.microsoft.us
 GCC High | https://securitycenter.microsoft.us
-DoD (PREVIEW) | https://securitycenter.microsoft.us
+DoD | https://securitycenter.microsoft.us
 
 <br>
 
@@ -68,7 +65,7 @@ DoD (PREVIEW) | https://securitycenter.microsoft.us
 ### Standalone OS versions
 The following OS versions are supported:
 
-OS version | GCC | GCC High | DoD (PREVIEW)
+OS version | GCC | GCC High | DoD
 :---|:---|:---|:---
 Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
@@ -100,7 +97,7 @@ iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images
 ### OS versions when using Azure Defender for Servers
 The following OS versions are supported when using [Azure Defender for Servers](https://docs.microsoft.com/azure/security-center/security-center-wdatp):
 
-OS version | GCC | GCC High | DoD (PREVIEW)
+OS version | GCC | GCC High | DoD
 :---|:---|:---|:---
 Windows Server 2016 | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows Server 2012 R2 | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
@@ -143,7 +140,7 @@ You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Gov
 ## API
 Instead of the public URIs listed in our [API documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro), you'll need to use the following URIs:
 
-Endpoint type | GCC | GCC High & DoD (PREVIEW)
+Endpoint type | GCC | GCC High & DoD
 :---|:---|:---
 Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us`
 Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
@@ -156,7 +153,7 @@ Defender for Endpoint for US Government customers doesn't have complete parity w
 
 These are the known gaps as of March 2021:
 
-Feature name | GCC | GCC High | DoD (PREVIEW)
+Feature name | GCC | GCC High | DoD
 :---|:---|:---|:---
 Automated investigation and remediation: Live response | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Automated investigation and remediation: Response to Office 365 alerts | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog

From 27a8f137a529e0c4f55495f718b7045d45c18d34 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Mar 2021 20:02:16 +0200
Subject: [PATCH 10/13] Update onboard-windows-10-multi-session-device.md

Removing note. (https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9306)
---
 .../onboard-windows-10-multi-session-device.md                 | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
index f88cf154c1..7d8cdd81a7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
@@ -26,9 +26,6 @@ Applies to:
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-> [!IMPORTANT]
-> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
-
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
 ## Before you begin

From ee95626a6e193bf31dc7c9b7db5ee0a8bc1a5174 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Mar 2021 20:06:26 +0200
Subject: [PATCH 11/13] Update onboard-windows-10-multi-session-device.md

Acrolinx.
---
 .../onboard-windows-10-multi-session-device.md     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
index 7d8cdd81a7..c119f2909f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
@@ -26,23 +26,23 @@ Applies to:
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
+Microsoft Defender for Endpoint supports monitoring both VDI and Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
 ## Before you begin
 
-See [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). Although [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment, and thus impacts what entries are created and maintained in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), potentially reducing visibility for your security analysts.
+See [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). Although [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) doesn't provide non-persistence options, it does provide ways to use a Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment, and thus impacts what entries are created and maintained in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), potentially reducing visibility for your security analysts.
 
 > [!NOTE]
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender Security Center as either: 
 > - Single entry for each virtual desktop 
 > - Multiple entries for each virtual desktop 
 
-Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Security Center is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender Security Center. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Security Center is in the context of one device based on the machine name. Organizations that frequently delete and redeploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender Security Center. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
-Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD image. This way, you can be sure that this onboarding script runs immediately at first boot. It's executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you're using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
 > [!NOTE]
-> The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is _not_ recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
+> The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It's _not_ recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
 
 ## Scenarios
 There are several ways to onboard a WVD host machine:
@@ -101,7 +101,7 @@ This scenario uses a centrally located script and runs it using a domain-based g
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager. For more information, see: [Onboard Windows 10 devices using Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
 
 > [!WARNING]
-> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), the rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
+> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), the rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it's incompatible with management through Microsoft Endpoint Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
 
 ## Tagging your machines when building your image 
 
@@ -112,7 +112,7 @@ As part of your onboarding, you may want to consider setting a machine tag to be
 
 When building your image, you may want to configure initial protection settings as well. For more information, see [Other recommended configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
-In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+Also, if you're using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
 
 ### Exclude Files
 

From 18af9bf8cc8033097abddfea198c5f16422e9620 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Mar 2021 20:07:48 +0200
Subject: [PATCH 12/13] Update onboard-windows-10-multi-session-device.md

---
 .../onboard-windows-10-multi-session-device.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
index c119f2909f..64b1f56c3b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-windows-10-multi-session-device.md
@@ -105,7 +105,7 @@ If you plan to manage your machines using a management tool, you can onboard dev
 
 ## Tagging your machines when building your image 
 
-As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
+As part of your onboarding, you may want to consider setting a machine tag to can differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
 [Add device tags by setting a registry key value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
 
 ## Other recommended configuration settings 

From ae7e0f66caee67e148f35ec1263bf5314f8e619a Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Tue, 16 Mar 2021 00:15:59 +0530
Subject: [PATCH 13/13] Rename UEFI-csp.md to uefi-csp.md

---
 windows/client-management/mdm/{UEFI-csp.md => uefi-csp.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/client-management/mdm/{UEFI-csp.md => uefi-csp.md} (100%)

diff --git a/windows/client-management/mdm/UEFI-csp.md b/windows/client-management/mdm/uefi-csp.md
similarity index 100%
rename from windows/client-management/mdm/UEFI-csp.md
rename to windows/client-management/mdm/uefi-csp.md