From cc55b4a5cbbb5e52a473f258c40c0749d14c93b5 Mon Sep 17 00:00:00 2001
From: Michael Nady <michael.nady@gmail.com>
Date: Sun, 8 May 2022 22:30:14 +0200
Subject: [PATCH 1/8] implementing #10383

#10383 I added the reference to LAPS but I don't know how to convert the row header cell into a url like the other rows.
---
 windows/security/identity-protection/index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index 29506cac5f..9a9f1c4419 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -21,6 +21,7 @@ Learn more about identity and access management technologies in Windows 10.
 
 | Section | Description |
 |-|-|
+| Local Administrator Password Solution(https://github.com/MicrosoftDocs/ATADocs/blob/main/ATPDocs/cas-isp-laps.md) | The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. 
 | [Technical support policy for lost or forgotten passwords](password-support-policy.md)| Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so. |
 | [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
 | [Configure S/MIME for Windows 10](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |

From 7f6e0212c3f1ba843d6a21102eda8d9205ec11eb Mon Sep 17 00:00:00 2001
From: Corey McClain <SoccerCore11@users.noreply.github.com>
Date: Mon, 9 May 2022 12:08:33 -0400
Subject: [PATCH 2/8] Update feature-availability.md

---
 .../feature-availability.md                                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 3acb16d6e4..e3ebad9071 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -32,7 +32,7 @@ ms.technology: windows-sec
 
 | Capability  | WDAC | AppLocker   |
 |-------------|------|-------------|
-| Platform support    | Available on Windows 10 and Windows 11  | Available on Windows 8+   |
+| Platform support    | Available on Windows 10, Windows 11, and Server 2016+  | Available on Windows 8+   |
 | SKU availability     | Cmdlets are available on all SKUs on 1909+ builds.<br>For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs.  | Policies deployed through GP are only effective on Enterprise devices.<br>Policies deployed through MDM are effective on all SKUs.  |
 | Management solutions   | <ul><li>[Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)</li><li>[Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>MEMCM (custom policy deployment via Software Distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
 | Per-User and Per-User group rules | Not available (policies are device-wide)  | Available on Windows 8+  |
@@ -45,4 +45,4 @@ ms.technology: windows-sec
 | COM object configurability        | [Available on 1903+](./allow-com-object-registration-in-windows-defender-application-control-policy.md)  | Not available |
 | Packaged app rules                | [Available on RS5+](./manage-packaged-apps-with-windows-defender-application-control.md)  | Available on Windows 8+   |
 | Enforceable file types       | <ul><li>Driver files: .sys</li><li>Executable files: .exe and .com</li><li>DLLs: .dll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>| <ul><li>Executable files: .exe and .com</li><li>[Optional] DLLs: .dll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .bat, .cmd, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>|
-| Application ID (AppId) Tagging | [Available on 20H1+](./AppIdTagging/windows-defender-application-control-appid-tagging-guide.md)  | Not available |
\ No newline at end of file
+| Application ID (AppId) Tagging | [Available on 20H1+](./AppIdTagging/windows-defender-application-control-appid-tagging-guide.md)  | Not available |

From 0bf6c8bd33d500a37533d7ac7297b1c9b831f075 Mon Sep 17 00:00:00 2001
From: Tom Layson <83308464+TomLayson@users.noreply.github.com>
Date: Mon, 9 May 2022 13:40:58 -0700
Subject: [PATCH 3/8] Update
 manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Added Widgets GP and disabling instructions.
---
 ...-operating-system-components-to-microsoft-services.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index d663011771..a770be69b6 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -116,6 +116,7 @@ The following table lists management options for each setting, beginning with Wi
 | [29. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [30. Cloud Clipboard](#bkmk-clcp) | | ![Check mark](images/checkmark.png) |  |
 | [31. Services Configuration](#bkmk-svccfg) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [32. Widgets](#bkmk-widgets) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 
 
 ### Settings for Windows Server 2016 with Desktop Experience
@@ -1972,6 +1973,14 @@ You can turn off Services Configuration by setting the following registry entrie
 
 Add a REG_DWORD value named **DisableOneSettingsDownloads** to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection** and set the value to **1**.
 
+### <a href="" id="bkmk-widgets"></a>32. Widgets
+
+Widgets is a news and feeds service that can be customized by the user. If you turn off this service, apps using this service may stop working.
+
+You can turn off Widgets by setting the following registry entries:
+
+Add a REG_DWORD value named **AllowWidgets** to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Widgets** and set the value to **0**.
+
 ### <a href="" id="bkmk-allowedtraffic"></a> Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline
 
 |Allowed traffic endpoints|

From 4dee80e6434f6c12b6d5fd0480daa9fc397d72d2 Mon Sep 17 00:00:00 2001
From: "JerryAbo [MSFT]" <94194023+jerryabo@users.noreply.github.com>
Date: Mon, 9 May 2022 16:24:12 -0500
Subject: [PATCH 4/8] Update policy-csp-devicelock.md

Added important note to detail expected behavior more clearly on password policy change enforcement behavior. For additional context, refer to incident 302235684 and/or contact jerryabo.
---
 windows/client-management/mdm/policy-csp-devicelock.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 750efe50ed..5dc9d73e81 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -72,6 +72,9 @@ manager: dansimp
 
 <hr/>
 
+> [!Important]
+> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For additional information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types)).
+
 <!--Policy-->
 <a href="" id="devicelock-allowidlereturnwithoutpassword"></a>**DeviceLock/AllowIdleReturnWithoutPassword**  
 

From 814f1d4b77f728e0e49e33afcdad96ef149f17aa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 9 May 2022 15:26:57 -0700
Subject: [PATCH 5/8] Update windows/security/identity-protection/index.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/security/identity-protection/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index 9a9f1c4419..7883dbd5b9 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -21,7 +21,7 @@ Learn more about identity and access management technologies in Windows 10.
 
 | Section | Description |
 |-|-|
-| Local Administrator Password Solution(https://github.com/MicrosoftDocs/ATADocs/blob/main/ATPDocs/cas-isp-laps.md) | The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. 
+| [Local Administrator Password Solution](/defender-for-identity/cas-isp-laps) | Local Administrator Password Solution (LAPS) provides management of local account passwords of domain-joined computers. Passwords are stored in Azure Active Directory (Azure AD) and protected by an access control list (ACL), so only eligible users can read them or request a reset. 
 | [Technical support policy for lost or forgotten passwords](password-support-policy.md)| Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so. |
 | [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
 | [Configure S/MIME for Windows 10](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |

From 47fa47d4231dfb563e49f35145be8ddf6a2d1410 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 9 May 2022 15:29:08 -0700
Subject: [PATCH 6/8] Update feature-availability.md

---
 .../feature-availability.md                                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index e3ebad9071..5b024e8790 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -14,7 +14,7 @@ author: denisebmsft
 ms.reviewer: jgeurten
 ms.author: deniseb
 manager: dansimp
-ms.date: 07/29/2021
+ms.date: 05/09/2022
 ms.custom: asr
 ms.technology: windows-sec
 ---
@@ -32,7 +32,7 @@ ms.technology: windows-sec
 
 | Capability  | WDAC | AppLocker   |
 |-------------|------|-------------|
-| Platform support    | Available on Windows 10, Windows 11, and Server 2016+  | Available on Windows 8+   |
+| Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later  | Available on Windows 8 or later   |
 | SKU availability     | Cmdlets are available on all SKUs on 1909+ builds.<br>For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs.  | Policies deployed through GP are only effective on Enterprise devices.<br>Policies deployed through MDM are effective on all SKUs.  |
 | Management solutions   | <ul><li>[Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)</li><li>[Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>MEMCM (custom policy deployment via Software Distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
 | Per-User and Per-User group rules | Not available (policies are device-wide)  | Available on Windows 8+  |

From 0f7516fa6e3b4528827d01f75447e958d61ef170 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 9 May 2022 15:37:08 -0700
Subject: [PATCH 7/8] Update policy-csp-devicelock.md

---
 windows/client-management/mdm/policy-csp-devicelock.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 5dc9d73e81..17f1c7e4b9 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 05/09/2022
 ms.reviewer: 
 manager: dansimp
 ---

From 9ab0f6e589ab330e83938fe5baa5fc193de9841c Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Tue, 10 May 2022 09:45:32 -0600
Subject: [PATCH 8/8] Update
 manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Sync PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/6554
Acro fix
---
 ...ndows-operating-system-components-to-microsoft-services.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index e5f48fdbe8..2d941eb5ee 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -597,7 +597,7 @@ Alternatively, you can configure the following Registry keys as described:
 | - | - |
 | Allow Address Bar drop-down list suggestions  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: ShowOneBox<br/> Set to **0**|
 | Allow configuration updates for the Books Library  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary<br/>REG_DWORD name: AllowConfigurationUpdateForBooksLibrary<br/> Set to **0**|
-| Configure Autofill  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: Use FormSuggest<br/>Value : **No** |
+| Configure Autofill  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: Use FormSuggest<br/>Value: **No** |
 | Configure Do Not Track   | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_DWORD name: DoNotTrack<br/> REG_DWORD: **1** |
 | Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: FormSuggest Passwords<br /> REG_SZ: **No** |
 | Configure search suggestions in Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes<br/>REG_DWORD name: ShowSearchSuggestionsGlobal <br />Value: **0**|
@@ -1737,7 +1737,7 @@ In Group Policy, configure:
 
    -and-
 
-- Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**.
+- Create an SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**.
 
 
 ### <a href="" id="bkmk-spotlight"></a>25. Personalized Experiences