Merge branch 'main' into vp-csp-tuning

windows/client-management/config-lock.md

@@ -26,11 +26,9 @@ To summarize, config lock:
 
 ## Configuration Flow
 
-After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
+After a [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure) reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
 
-## System Requirements
-
-Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).
+[!INCLUDE [secured-core-configuration-lock](../../includes/licensing/secured-core-configuration-lock.md)]
 
 ## Enabling config lock using Microsoft Intune
 

windows/client-management/mdm-overview.md

@@ -56,6 +56,8 @@ For more information about the MDM policies defined in the MDM security baseline
 
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
+[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)]
+
 ## Frequently Asked Questions
 
 ### Can there be more than one MDM server to enroll and manage devices in Windows?

windows/client-management/mdm/remotewipe-csp.md

@@ -19,6 +19,8 @@ ms.topic: reference
 <!-- RemoteWipe-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.
+
+[!INCLUDE [remote-wipe](../../../includes/licensing/remote-wipe.md)]
 <!-- RemoteWipe-Editable-End -->
 
 <!-- RemoteWipe-Tree-Begin -->

windows/client-management/mdm/windowsdefenderapplicationguard-csp.md

@@ -19,6 +19,8 @@ ms.topic: reference
 <!-- WindowsDefenderApplicationGuard-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
+
+[!INCLUDE [microsoft-defender-application-guard-mdag-configure-via-mdm](../../../includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md)]
 <!-- WindowsDefenderApplicationGuard-Editable-End -->
 
 <!-- WindowsDefenderApplicationGuard-Tree-Begin -->