Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20221214-whfb-hybrid

windows/application-management/apps-in-windows-10.md

@@ -83,6 +83,10 @@ For more information, see:
 
 When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
 
+> [!NOTE]
+> Microsoft Store for Business and Microsoft Store for Education will be retired on March 31, 2023. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
+>Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps.
+
 - **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.
 
   If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows client device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).

windows/application-management/toc.yml

@@ -20,7 +20,7 @@ items:
     - name: Remove background task resource restrictions
       href: enterprise-background-activity-controls.md
     - name: Enable or block Windows Mixed Reality apps in the enterprise
-      href: manage-windows-mixed-reality.md
+      href: /windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality
 - name: Application Virtualization (App-V)
   items: 
     - name: App-V for Windows overview

windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -125,7 +125,7 @@ Requirements:
 
     > [!NOTE]
     > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**.
-    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric.
+    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or [Azure Virtual Desktop multi-session host pools](/mem/intune/fundamentals/azure-virtual-desktop-multi-session) because the Intune subscription is user centric. User credentials are supported for [Azure Virtual Desktop personal host pools](/mem/intune/fundamentals/azure-virtual-desktop).
 
     When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory."
 

windows/client-management/includes/allow-cortana-shortdesc.md

@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.

windows/client-management/includes/configure-favorites-shortdesc.md

@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Discontinued in Windows 10, version 1809.  Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. 

windows/client-management/includes/do-not-sync-shortdesc.md

@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. 

windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md

@@ -1,12 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  04/23/2020
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-[Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy):
-This article describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content these browsers display. Techniques that aren't explicitly listed in this article are considered to be **unsupported**.

windows/client-management/includes/search-provider-discovery-shortdesc.md

@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

@@ -18,6 +18,7 @@ ms.date: 08/01/2022
 - [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
 - [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
 - [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
+- [ApplicationManagement/RequirePrivateStoreOnly](policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly) <sup>11</sup>
 - [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
 - [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#authentication-preferredaadtenantdomainname)
 - [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)

windows/client-management/understanding-admx-backed-policies.md

@@ -1,6 +1,6 @@
 ---
 title: Understanding ADMX policies
-description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
+description: You can use ADMX policies for Windows mobile device management (MDM) across Windows devices.
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
@@ -237,7 +237,7 @@ Below is the internal OS mapping of a Group Policy to an MDM area and name. This
 
 `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]/<area>/<policy>`
 
-The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii)
+The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and decoding the policy data [Coder's Toolbox](https://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii).
 
 **Snippet of manifest for AppVirtualization area:**
 

windows/configuration/customize-start-menu-layout-windows-11.md

@@ -1,15 +1,15 @@
 ---
-title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
+title: Add or remove pinned apps on the Start menu in Windows 11
 description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 manager: aaroncz
+author: lizgt2000
 ms.author: lizlong
 ms.reviewer: ericpapa
 ms.prod: windows-client
-author: lizgt2000
 ms.localizationpriority: medium
 ms.collection: highpri
 ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/10/2023
 ms.topic: article
 ---
 
@@ -31,9 +31,11 @@ This article shows you how to export an existing Start menu layout, and use the
 
 ## Before you begin
 
-- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from changing the layout.
+- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. When a user signs in or Explorer restarts, Windows reapplies the MDM policy. This action restores the specified layout and doesn't retain any user changes.
 
-- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+  To prevent users from making any changes to the Start menu layout, see the [NoChangeStartMenu](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu) policy.
+
+- It's recommended to use a mobile device management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
 
   In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
 

windows/deployment/update/waas-wu-settings.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.collection: highpri
 date: 09/22/2022
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 01/06/2023
 ---
 
 # Manage additional Windows Update settings
@@ -156,7 +156,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 #### Configuring Automatic Updates by using Group Policy
 
-Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options:
+Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the following options:
 
 **2 - Notify for download and auto install** -  When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to **Settings > Update & security > Windows Update**, users can download and install any available updates.
 
@@ -164,11 +164,13 @@ Under **Computer Configuration\Administrative Templates\Windows Components\Windo
 
 **4 - Auto download and schedule the install** - Specify the schedule using the options in the Group Policy Setting. For more information about this setting, see [Schedule update installation](waas-restart.md#schedule-update-installation).
 
-**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates.
+**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. This option is not available in any Windows 10 or later versions. 
 
-If this setting is set to *Disabled*, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**.
+**7 - Notify for install and notify for restart** (Windows Server 2016 and later only) - With this option, when Windows finds updates that apply to this device, they will be downloaded, then users will be notified that updates are ready to be installed. Once updates are installed, a notification will be displayed to users to restart the device. 
 
-If this setting is set to *Not Configured*, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**.
+If this setting is set to **Disabled**, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**.
+
+If this setting is set to **Not Configured**, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**.
 
 #### Configuring Automatic Updates by editing the registry
 
@@ -205,6 +207,10 @@ To do this, follow these steps:
 
      * **4**: Automatically download and scheduled installation.
 
+     * **5**: Allow local admin to select the configuration mode. This option is not available for Windows 10 or later versions.
+
+     * **7**:  Notify for install and notify for restart. (Windows Server 2016 and later only)
+
    * ScheduledInstallDay (REG_DWORD):
 
      * **0**: Every day.

windows/deployment/windows-10-subscription-activation.md

@@ -40,7 +40,7 @@ This article covers the following information:
 For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
 
 > [!NOTE]
-> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another might want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy.
+> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy using **Select Excluded Cloud Apps**.
 
 ## Subscription activation for Enterprise
 

windows/deployment/windows-autopatch/TOC.yml

@@ -103,5 +103,7 @@
     - name: What's new
       href:
       items: 
+        - name: What's new 2023
+          href: whats-new/windows-autopatch-whats-new-2023.md
         - name: What's new 2022
           href: whats-new/windows-autopatch-whats-new-2022.md

windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md

@@ -31,7 +31,7 @@ For a device to be eligible for Windows feature updates as a part of Windows Aut
 | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
-| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers) |
+| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers). |
 
 ## Windows feature update releases
 
@@ -101,6 +101,6 @@ Windows Autopatch doesn't support the rollback of feature updates.
 
 ## Incidents and outages
 
-If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows.
+If devices in your tenant don't meet the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows.
 
 If you're experiencing other issues related to Windows feature updates, [submit a support request](../operate/windows-autopatch-support-request.md).