replaced html tables; fixed validation suggestions

windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md

@@ -2,7 +2,7 @@
 title: Configuration service providers for IT pros (Windows 10/11)
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices. 
 ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -32,7 +32,7 @@ Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/win
 
 CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
 
-![how intune maps to csp.](../images/policytocsp.png)
+:::image type="content" source="../images/policytocsp.png" alt-text="How intune maps to CSP":::
 
 CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
 
@@ -58,7 +58,7 @@ You can use Windows Configuration Designer to create [provisioning packages](./p
 
 Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
-![how help content appears in icd.](../images/cspinicd.png)
+:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in icd.":::
 
 [Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
 
@@ -78,7 +78,7 @@ All CSPs are documented in the [Configuration service provider reference](/windo
 
 The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP.
 
-![csp per windows edition.](../images/csptable.png)
+:::image type="content" source="../images/csptable.png" alt-text="The CSP reference shows the supported Windows editions":::
 
 The documentation for each CSP follows the same structure. After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format.
 
@@ -86,7 +86,7 @@ The full path to a specific configuration setting is represented by its Open Mob
 
 The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
 
-![assigned access csp tree.](../images/provisioning-csp-assignedaccess.png)
+:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access csp tree.":::
 
 The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
 
@@ -96,7 +96,7 @@ The element in the tree diagram after the root node tells you the name of the CS
 
 When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
 
-![placeholder in csp tree.](../images/csp-placeholder.png)
+:::image type="content" source="../images/csp-placeholder.png" alt-text="The placeholder in the CSP tree":::
 
 After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
 

windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md

@@ -58,7 +58,7 @@ Provisioning packages can include management instructions and policies, installa
 > [!TIP]
 > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
 >
->![open advanced editor.](../images/icd-simple-edit.png)
+> :::image type="content" source="../images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor.":::
 
 ## Create the provisioning package
 
@@ -68,26 +68,76 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 2. Click **Provision desktop devices**.
 
-   ![ICD start options.](../images/icd-create-options-1703.png)   
+    :::image type="content" source="../images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options.":::
 
 3. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps.
 
-   ![ICD desktop provisioning.](../images/icd-desktop-1703.png)
+    :::image type="content" source="../images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning.":::
   
 > [!IMPORTANT]
 > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 ## Configure settings
 
+1. Enable device setup:
 
-<table>
-<tr><td valign="top"><img src="../images/one.png" alt="step one"/><img src="../images/set-up-device.png" alt="set up device"/></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows client to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> to <strong>Configure devices for shared use</strong>. This setting optimizes Windows client for shared use scenarios. <a href="../set-up-shared-or-guest-pc.md" data-raw-source="[Learn more about shared PC configuration.](../set-up-shared-or-guest-pc.md)">Learn more about shared PC configuration.</a></br></br>You can also select to remove pre-installed software from the device. </td><td><img src="../images/set-up-device-details-desktop.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
-<tr><td valign="top"><img src="../images/two.png" alt="step two"/>  <img src="../images/set-up-network.png" alt="set up network"/></br></br>Toggle <strong>On</strong> or <strong>Off</strong> for wireless network connectivity. If you select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="../images/set-up-network-details-desktop.png" alt="Enter network SSID and type"/></td></tr>
-<tr><td valign="top"><img src="../images/three.png" alt="step three"/>  <img src="../images/account-management.png" alt="account management"/></br></br>Enable account management if you want to configure settings on this page. </br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions. </br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td><img src="../images/account-management-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
-<tr><td valign="top"><img src="../images/four.png" alt="step four"/> <img src="../images/add-applications.png" alt="add applications"/></br></br>You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see <a href="provision-pcs-with-apps.md" data-raw-source="[Provision PCs with apps](provision-pcs-with-apps.md)">Provision PCs with apps</a>. </td><td><img src="../images/add-applications-details.png" alt="add an application"/></td></tr>
-<tr><td valign="top"><img src="../images/five.png" alt="step five"/> <img src="../images/add-certificates.png" alt="add certificates"/></br></br>To provision the device with a certificate, click <strong>Add a certificate</strong>. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td><img src="../images/add-certificates-details.png" alt="add a certificate"/></td></tr> 
-<tr><td valign="top">  <img src="../images/finish.png" alt="The 'finish' button as displayed when provisioning a desktop device in Windows Configuration Designer."/></br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td><img src="../images/finish-details.png" alt="Protect your package"/></td></tr>
-</table>
+    :::image type="content" source="../images/set-up-device-details-desktop.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
+
+    If you want to enable device setup, select **Set up device**, and configure the following settings:
+
+    - **Device name**: Required. Enter a unique 15-character name for the device. You can use variables to add unique characters to the name, such as `Contoso-%SERIAL%` and `Contoso-%RAND:5%`.
+    - **Enter product key**: Optional. Select a license file to upgrade Windows client to a different edition. For more information, see [the permitted upgrades](/windows/deployment/upgrade/windows-10-edition-upgrades).
+    - **Configure devices for shared use**: Select **Yes** or **No** to optimize the Windows client for shared use scenarios.
+    - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
+
+2. Set up the network:
+
+    :::image type="content" source="../images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
+
+    If you want to enable network setup, select **Set up network**, and configure the following settings:
+
+    - **Set up network**: To enable wireless connectivity, select **On**.
+    - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
+    - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
+
+3. Enable account management:
+
+    :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+
+    If you want to enable account management, select **Account Management**, and configure the following settings:
+
+    - **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
+      - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
+      - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+
+        If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+
+        You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+
+      - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
+
+4. Add applications:
+
+    :::image type="content" source="../images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application.":::
+
+    To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+
+5. Add certificates:
+
+    :::image type="content" source="../images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
+
+    To add a certificate to the devices, select **Add certificates**, and configure the following settings:
+
+    - **Certificate name**: Enter a name for the certificate.
+    - **Certificate path**: Browse and select the certificate you want to add.
+
+6. Finish:
+
+    :::image type="content" source="../images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
+
+    To complete the wizard, select **Finish**, and configure the following setting:
+
+    - **Protect your package**: Select **Yes** or **No** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
 

windows/configuration/provisioning-packages/provisioning-apply-package.md

@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 

windows/configuration/provisioning-packages/provisioning-command-line.md

@@ -1,6 +1,6 @@
 ---
 title: Windows Configuration Designer command-line interface (Windows 10/11)
-description: 
+description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,7 +30,7 @@ You can use the Windows Configuration Designer command-line interface (CLI) to a
 
 ## Syntax
 
-``` icd
+``` cmd
 icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:<path_to_ppkg> 
 [/StoreFile:<path_to_storefile>]  [/MSPackageRoot:<path_to_mspackage_directory>]  [/OEMInputXML:<path_to_xml>]
 [/ProductName:<product_name>]  [/Variables:<name>:<value>] [[+|-]Encrypted] [[+|-]Overwrite] [/?]

windows/configuration/provisioning-packages/provisioning-create-package.md

@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 

windows/configuration/provisioning-packages/provisioning-how-it-works.md

@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 

windows/configuration/provisioning-packages/provisioning-install-icd.md

@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
@@ -26,6 +26,7 @@ Use the Windows Configuration Designer tool to create provisioning packages to e
 
 Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
 
+- Windows 11
 - Windows 10 - x86 and amd64
 - Windows 8.1 Update - x86 and amd64
 - Windows 8.1 - x86 and amd64

windows/configuration/provisioning-packages/provisioning-multivariant.md

@@ -36,10 +36,15 @@ A **Target** can have more than one **TargetState**, and a **TargetState** can h
 
 ![Target with multiple target states and conditions.](../images/multi-target.png)
 
-The following table describes the logic for the target definition.
+The following information describes the logic for the target definition:
 
-<table><tr><td>When all <strong>Condition</strong> elements are TRUE, <strong>TargetState</strong> is TRUE.</td><td><img src="../images/icd-multi-targetstate-true.png" alt="Target state is true when all conditions are true"/></td></tr>
-<tr><td>If any of the <strong>TargetState</strong> elements is TRUE, <strong>Target</strong> is TRUE, and the <strong>ID</strong> can be used for setting customizations.</td><td><img src="../images/icd-multi-target-true.png" alt="Target is true if any target state is true"/></td></tr></table>
+- When all **Condition** elements are TRUE, **TargetState** is TRUE:
+
+  :::image type="content" source="../images/icd-multi-targetstate-true.png" alt-text="Target state is true when all conditions are true.":::
+
+- If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **ID** can be used for setting customizations:
+
+  :::image type="content" source="../images/icd-multi-target-true.png" alt-text="Target is true if any target state is true":::
 
 ### Conditions
 
@@ -291,7 +296,7 @@ The following events trigger provisioning on Windows client devices:
 | Package installation during device first run experience | Supported |
 | Detection of SIM presence or update | Supported |
 | Package installation at runtime | Supported |
-| Roaming detected Not supported |
+| Roaming detected | Not supported |
  
 ## Related articles
 

windows/configuration/provisioning-packages/provisioning-packages.md

@@ -2,7 +2,7 @@
 title: Provisioning packages overview on Windows 10/11
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -100,7 +100,6 @@ The following table describes settings that you can configure using the wizards
 <!-- <tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="n777o"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no444"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no888"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table> -->
 
 - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
 - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
 - [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
 
@@ -134,7 +133,7 @@ For details about the settings you can customize in provisioning packages, see [
 
 WCD, simplified common provisioning scenarios. 
 
-![Configuration Designer options.](../images/icd.png)
+:::image type="content" source="../images/icd.png" alt-text="Configuration Designer options":::
 
 WCD supports the following scenarios for IT administrators:
 
@@ -148,7 +147,7 @@ WCD supports the following scenarios for IT administrators:
 
   - Microsoft Intune (certificate-based enrollment) 
   - AirWatch (password-string based enrollment) 
-  - Mobile Iron (password-string based enrollment) 
+  - MobileIron (password-string based enrollment) 
   - Other MDMs (cert-based enrollment) 
 
 <!--  > [!NOTE] -->

windows/configuration/provisioning-packages/provisioning-powershell.md

@@ -1,6 +1,6 @@
 ---
 title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
-description: 
+description: Learn morea bout the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/configuration/provisioning-packages/provisioning-script-to-install-app.md

@@ -30,7 +30,6 @@ This walkthrough describes how to include scripts in a Windows client provisioni
 
 2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages.
 
-<span id="cab" />
 ## Cab the application assets
 
 1. Create a `.DDF` file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.